systemd-initrd: Support secrets when boot loader doesn't
initrd-secrets: Fix service config with systemd-stage-1
This commit is contained in:
parent
71983a6eb5
commit
fef26d88e2
|
@ -19,13 +19,13 @@
|
||||||
# drop this service, we'd mount the /run tmpfs over the secret, making it
|
# drop this service, we'd mount the /run tmpfs over the secret, making it
|
||||||
# invisible in stage 2.
|
# invisible in stage 2.
|
||||||
script = ''
|
script = ''
|
||||||
for secret in $(cd /.initrd-secrets; find . -type f); do
|
for secret in $(cd /.initrd-secrets; find . -type f -o -type l); do
|
||||||
mkdir -p "$(dirname "/$secret")"
|
mkdir -p "$(dirname "/$secret")"
|
||||||
cp "/.initrd-secrets/$secret" "/$secret"
|
cp "/.initrd-secrets/$secret" "/$secret"
|
||||||
done
|
done
|
||||||
'';
|
'';
|
||||||
|
|
||||||
unitConfig = {
|
serviceConfig = {
|
||||||
Type = "oneshot";
|
Type = "oneshot";
|
||||||
RemainAfterExit = true;
|
RemainAfterExit = true;
|
||||||
};
|
};
|
||||||
|
|
|
@ -880,6 +880,8 @@ in
|
||||||
|
|
||||||
boot.initrd.kernelModules = optionals (cfg.useNixStoreImage && !cfg.writableStore) [ "erofs" ];
|
boot.initrd.kernelModules = optionals (cfg.useNixStoreImage && !cfg.writableStore) [ "erofs" ];
|
||||||
|
|
||||||
|
boot.loader.supportsInitrdSecrets = mkIf (!cfg.useBootLoader) (mkVMOverride false);
|
||||||
|
|
||||||
boot.initrd.extraUtilsCommands = lib.mkIf (cfg.useDefaultFilesystems && !config.boot.initrd.systemd.enable)
|
boot.initrd.extraUtilsCommands = lib.mkIf (cfg.useDefaultFilesystems && !config.boot.initrd.systemd.enable)
|
||||||
''
|
''
|
||||||
# We need mke2fs in the initrd.
|
# We need mke2fs in the initrd.
|
||||||
|
|
|
@ -26,7 +26,7 @@ import ../make-test-python.nix ({ lib, ...}:
|
||||||
enable = true;
|
enable = true;
|
||||||
openvpn = {
|
openvpn = {
|
||||||
enable = true;
|
enable = true;
|
||||||
configuration = "/dev/null";
|
configuration = builtins.toFile "initrd.ovpn" "";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -22,10 +22,6 @@ import ../make-test-python.nix ({ lib, ... }:
|
||||||
hostKeys = [ ./ssh_host_ed25519_key ];
|
hostKeys = [ ./ssh_host_ed25519_key ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
boot.initrd.extraUtilsCommands = ''
|
|
||||||
mkdir -p $out/secrets/etc/ssh
|
|
||||||
cat "${./ssh_host_ed25519_key}" > $out/secrets/etc/ssh/sh_host_ed25519_key
|
|
||||||
'';
|
|
||||||
boot.initrd.preLVMCommands = ''
|
boot.initrd.preLVMCommands = ''
|
||||||
while true; do
|
while true; do
|
||||||
if [ -f fnord ]; then
|
if [ -f fnord ]; then
|
||||||
|
|
Loading…
Reference in a new issue