Skip to content

treewide: depend on shutdown.target if DefaultDependencies=no in almost every case#271326

Merged
nikstur merged 18 commits intoNixOS:masterfrom
philiptaron:shutdown.target
Dec 27, 2023
Merged

treewide: depend on shutdown.target if DefaultDependencies=no in almost every case#271326
nikstur merged 18 commits intoNixOS:masterfrom
philiptaron:shutdown.target

Conversation

@philiptaron
Copy link
Contributor

@philiptaron philiptaron commented Dec 1, 2023

Description of changes

Made almost all systemd service units throughout the NixOS tree that specify DefaultDependencies=no conflict with with and come before shutdown.target.

@ElvishJerricco:

I mean it makes sense. Before=sysinit.target means it's trying to be part of sysinit, which is almost always the case for services with DefaultDependencies=no. And the ordering and conflict with shutdown.target is just common sense in case a very early shutdown occurs.

shutdown.target

A special target unit that terminates the services on system shutdown.
Services that shall be terminated on system shutdown shall add Conflicts= and Before= dependencies to this unit for their service unit, which is implicitly done when DefaultDependencies=yes is set (the default).)

The few exceptions:

  1. https://github.com/NixOS/nixpkgs/tree/master/nixos/modules/system/boot/kexec.nix
  2. https://github.com/NixOS/nixpkgs/tree/master/nixos/modules/system/boot/shutdown.nix
  3. https://github.com/NixOS/nixpkgs/tree/master/nixos/modules/system/boot/systemd/initrd.nix
  4. https://github.com/NixOS/nixpkgs/tree/master/nixos/modules/system/boot/systemd/shutdown.nix
  5. https://github.com/NixOS/nixpkgs/tree/master/nixos/modules/services/security/haveged.nix

Related

@nikstur's work on #267982.

  1. Replace simple activationScripts  #263203
  2. Perlless Activation #270727

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 24.05 Release Notes (or backporting 23.05 and 23.11 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

@philiptaron
nixos/swap: ensure correct ordering w.r.t. shutdown.target
28bb978
@philiptaron
nixos/apparmor: ensure correct ordering w.r.t. shutdown.target
454f3cb
@philiptaron
nixos/auditd: ensure correct ordering w.r.t. shutdown.target
407ef67 
This looks like it's got a few other idiosyncrasies, but I'll leave it
alone for now.
@philiptaron
nixos/duosec: ensure correct ordering w.r.t. shutdown.target
d7ab46e
@philiptaron
nixos/suid-sgid-wrappers: ensure correct ordering w.r.t. shutdown.target
a7a5b2e
@philiptaron
nixos/firewall-iptables: ensure correct ordering w.r.t. shutdown.target
5ab8a12
@philiptaron
nixos/growpart: ensure correct ordering w.r.t. shutdown.target
e4136ed
@philiptaron
nixos/initrd-ssh: ensure correct ordering w.r.t. shutdown.target
0db4d5b
@philiptaron
nixos/initrd-secrets: ensure correct ordering w.r.t. shutdown.target
1f73c2a
@philiptaron
nixos/filesystems: ensure correct ordering w.r.t. shutdown.target
9c505de
@philiptaron
nixos/bcachefs: ensure correct ordering w.r.t. shutdown.target
d4f57da
@philiptaron
nixos/zfs: ensure correct ordering w.r.t. shutdown.target
e95b3d3
@philiptaron
nixos/network-interfaces: ensure correct ordering w.r.t. shutdown.target
5406410 
Also, mark this service as `oneshot`, since it is.
@philiptaron
nixos/lxd-agent: ensure correct ordering w.r.t. shutdown.target
07004b4
@philiptaron
nixos/qemu: ensure correct ordering w.r.t. shutdown.target
0a226a0
@philiptaron
nixos/tests/dhparams: ensure correct ordering w.r.t. shutdown.target
d8c9b26
@philiptaron
nixos/tests/stunnel: ensure correct ordering w.r.t. shutdown.target
88dc5de 
Also, mark the service as `oneshot` since it is.
@philiptaron
nixos/tests/systemd-initrd-networkd: ensure correct ordering w.r.t. s…
6f80911 
…hutdown.target
@philiptaron philiptaron requested review from a team, RaitoBezarius and dasJ as code owners December 1, 2023 00:17
@philiptaron philiptaron requested review from ElvishJerricco and nikstur and removed request for a team, RaitoBezarius and dasJ December 1, 2023 00:17
@github-actions github-actions bot added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` 6.topic: systemd Software suite that provides an array of system components for Linux operating systems. labels Dec 1, 2023
@philiptaron philiptaron requested a review from a team December 1, 2023 00:19
nikstur
nikstur reviewed Dec 1, 2023
View reviewed changes
nixos/modules/tasks/network-interfaces.nix
conflicts = [ "shutdown.target" ];
unitConfig.DefaultDependencies = false;
serviceConfig.ExecStart = ''${pkgs.nettools}/bin/domainname "${cfg.domain}"'';
serviceConfig.Type = "oneshot";
Copy link
Contributor

@nikstur nikstur Dec 1, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While we're at it, we should probably also add RemainAfterExit

Copy link
Contributor

@ElvishJerricco ElvishJerricco Dec 1, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only if it makes sense. I don't really know anything about this service. Should it be considered present from the completion of this service? Like, is there a reason to consider it running, or is there a stop procedure when the system shuts down?

Copy link
Contributor Author

@philiptaron philiptaron Dec 1, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

domainname sets the NIS domain name. It's fundamentally a call to setdomainname(2).

I don't think it should RemainAfterExit=yes since it really is just a one-shot configuration. Could be wrong though.

Copy link
Contributor

@nikstur nikstur Dec 23, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the question is, does it make sense to start it multiple times during a boot cycle? If it doesn't, then it should RemainAfterExit imo. Since in my understanding domainname is idempotent, it should RemainAfterExit.

Copy link
Contributor

@ElvishJerricco ElvishJerricco Dec 27, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does it make sense to start it multiple times during a boot cycle? If it doesn't, then it should RemainAfterExit imo.

What? No, that's not what that's for. RemainAfterExit is there so that things like ExecStop can have meaning for oneshot logic (and also so that dependent units can have BindsTo mean something). If we need a way to designate oneshots that shouldn't be started again by switch-to-configuration, we should make another custom X- thing like X-NoStartOnSwitch or something.

@ofborg ofborg bot added 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. labels Dec 1, 2023
@philiptaron philiptaron changed the title tree-wide: depend on shutdown.target if DefaultDependencies=no in almost every case treewide: depend on shutdown.target if DefaultDependencies=no in almost every case Dec 1, 2023
@philiptaron philiptaron requested a review from nikstur December 1, 2023 16:21
@philiptaron
Copy link
Contributor Author

philiptaron commented Dec 6, 2023

ping @nikstur @ElvishJerricco :-)

nikstur
nikstur approved these changes Dec 23, 2023
View reviewed changes
Copy link
Contributor

@nikstur nikstur left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for the delay. I thinks this is good to go.

@nikstur nikstur merged commit c9569af into NixOS:master Dec 27, 2023
@philiptaron philiptaron deleted the shutdown.target branch December 27, 2023 15:07
@nikstur nikstur mentioned this pull request Dec 29, 2023
Merged
13 tasks
@mweinelt
Copy link
Member

mweinelt commented Dec 30, 2023

This broke evaluation of the lxdVirtualMachine image jobs.

https://hydra.nixos.org/job/nixos/trunk-combined/nixos.lxdVirtualMachineImage.aarch64-linux
https://hydra.nixos.org/job/nixos/trunk-combined/nixos.lxdVirtualMachineImage.x86_64-linux

in job ‘nixos.lxdVirtualMachineImage.x86_64-linux’:
error:
       … while evaluating a branch condition

         at /nix/store/0cgy1xrv40pvk2j1d6sjpgczx8qg7ds4-source/nixos/release-combined.nix:17:28:

           16|
           17|   removeMaintainers = set: if builtins.isAttrs set
             |                            ^
           18|     then if (set.type or "") == "derivation"

       … while calling the 'isAttrs' builtin

         at /nix/store/0cgy1xrv40pvk2j1d6sjpgczx8qg7ds4-source/nixos/release-combined.nix:17:31:

           16|
           17|   removeMaintainers = set: if builtins.isAttrs set
             |                               ^
           18|     then if (set.type or "") == "derivation"

       (stack trace truncated; use '--show-trace' to show the full trace)

       error: The option `systemd.services.lxd-agent.unitConfig.Before' has conflicting definition values:
       - In `/nix/store/0cgy1xrv40pvk2j1d6sjpgczx8qg7ds4-source/nixos/modules/system/boot/systemd.nix': "shutdown.target"
       - In `/nix/store/0cgy1xrv40pvk2j1d6sjpgczx8qg7ds4-source/nixos/modules/virtualisation/lxd-agent.nix': [ ]
       Use `lib.mkForce value` or `lib.mkDefault value` to change the priority on any of these definitions.

@philiptaron
Copy link
Contributor Author

philiptaron commented Dec 30, 2023

@mweinelt would you like me to prepare a patch, or are you on it?

@mweinelt
Copy link
Member

mweinelt commented Dec 30, 2023

Feel free to come up with a patch.

philiptaron added a commit to philiptaron/nixpkgs that referenced this pull request Dec 30, 2023
@philiptaron
nixos/lxd-agent: fix evaluation regression caused by NixOS#271326
da90576
@philiptaron philiptaron mentioned this pull request Dec 30, 2023
Merged
13 tasks
marcusramberg pushed a commit to marcusramberg/nixpkgs that referenced this pull request Dec 30, 2023
@philiptaron @marcusramberg
nixos/lxd-agent: fix evaluation regression caused by NixOS#271326
052c531
@philiptaron philiptaron mentioned this pull request Sep 3, 2024
Merged
13 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nikstur nikstur nikstur approved these changes

@ElvishJerricco ElvishJerricco Awaiting requested review from ElvishJerricco

@RaitoBezarius RaitoBezarius Awaiting requested review from RaitoBezarius

Assignees

No one assigned

Labels

6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 6.topic: systemd Software suite that provides an array of system components for Linux operating systems. 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@philiptaron @mweinelt @ElvishJerricco @nikstur