talexander/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Releases Activity

nixos/systemd: convert extraConfig to rfc 42 (#426692)

Browse Source
This commit is contained in:
Emily 2025-07-28 21:06:12 +01:00 committed by GitHub
commit 1adf0f56ff
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
8 changed files with 106 additions and 123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
nixos/doc/manual/release-notes/rl-2511.section.md
View File

@ -141,6 +141,13 @@
- `libvirt` now supports using `nftables` backend. - `libvirt` now supports using `nftables` backend.
- `systemd.extraConfig` and `boot.initrd.systemd.extraConfig` was converted to RFC42-style `systemd.settings.Manager` and `boot.initrd.systemd.settings.Manager` respectively.
- `systemd.watchdog.runtimeTime` was renamed to `systemd.settings.Manager.RuntimeWatchdogSec`
- `systemd.watchdog.device` was renamed to `systemd.settings.Manager.WatchdogDevice`
- `systemd.watchdog.rebootTime` was renamed to `systemd.settings.Manager.RebootWatchdogSec`
- `systemd.watchdog.kexecTime` was renamed to `systemd.settings.Manager.KExecWatchdogSec`
- `systemd.enableCgroupAccounting` was removed. Cgroup accounting now needs to be disabled directly using `systemd.settings.Manager.*Accounting`.
- `services.ntpd-rs` now performs configuration validation. - `services.ntpd-rs` now performs configuration validation.
- `services.postsrsd` now automatically integrates with the local Postfix instance, when enabled. This behavior can disabled using the [services.postsrsd.configurePostfix](#opt-services.postsrsd.configurePostfix) option. - `services.postsrsd` now automatically integrates with the local Postfix instance, when enabled. This behavior can disabled using the [services.postsrsd.configurePostfix](#opt-services.postsrsd.configurePostfix) option.

2
nixos/modules/security/pam.nix
View File

@ -1663,7 +1663,7 @@ in
must be that described in {manpage}`limits.conf(5)`. must be that described in {manpage}`limits.conf(5)`.
Note that these limits do not apply to systemd services, Note that these limits do not apply to systemd services,
whose limits can be changed via {option}`systemd.extraConfig` whose limits can be changed via {option}`systemd.settings.Manager`
instead. instead.
''; '';
}; };

2
nixos/modules/services/monitoring/netdata.nix
View File

@ -412,8 +412,6 @@ in
}); });
}; };
systemd.enableCgroupAccounting = true;
security.wrappers = { security.wrappers = {
"apps.plugin" = { "apps.plugin" = {
source = "${cfg.package}/libexec/netdata/plugins.d/apps.plugin.org"; source = "${cfg.package}/libexec/netdata/plugins.d/apps.plugin.org";

138
nixos/modules/system/boot/systemd.nix
View File

@ -24,6 +24,7 @@ let
mountToUnit mountToUnit
automountToUnit automountToUnit
sliceToUnit sliceToUnit
attrsToSection
; ;
upstreamSystemUnits = [ upstreamSystemUnits = [
@ -405,20 +406,25 @@ in
''; '';
}; };
enableCgroupAccounting = mkOption { settings.Manager = mkOption {
default = true; default = { };
type = types.bool; defaultText = lib.literalExpression ''
description = '' {
Whether to enable cgroup accounting; see {manpage}`cgroups(7)`. DefaultIOAccounting = true;
DefaultIPAccounting = true;
}
''; '';
}; type = lib.types.submodule {
freeformType = types.attrsOf unitOption;
extraConfig = mkOption { };
default = ""; example = {
type = types.lines; WatchdogDevice = "/dev/watchdog";
example = "DefaultLimitCORE=infinity"; RuntimeWatchdogSec = "30s";
RebootWatchdogSec = "10min";
KExecWatchdogSec = "5min";
};
description = '' description = ''
Extra config options for systemd. See {manpage}`systemd-system.conf(5)` man page Options for the global systemd service manager. See {manpage}`systemd-system.conf(5)` man page
for available options. for available options.
''; '';
}; };
@ -457,59 +463,6 @@ in
by other NixOS modules. by other NixOS modules.
''; '';
}; };
watchdog.device = mkOption {
type = types.nullOr types.path;
default = null;
example = "/dev/watchdog";
description = ''
The path to a hardware watchdog device which will be managed by systemd.
If not specified, systemd will default to `/dev/watchdog`.
'';
};
watchdog.runtimeTime = mkOption {
type = types.nullOr types.str;
default = null;
example = "30s";
description = ''
The amount of time which can elapse before a watchdog hardware device
will automatically reboot the system.
Valid time units include "ms", "s", "min", "h", "d", and "w";
see {manpage}`systemd.time(7)`.
'';
};
watchdog.rebootTime = mkOption {
type = types.nullOr types.str;
default = null;
example = "10m";
description = ''
The amount of time which can elapse after a reboot has been triggered
before a watchdog hardware device will automatically reboot the system.
If left `null`, systemd will use its default of 10 minutes;
see {manpage}`systemd-system.conf(5)`.
Valid time units include "ms", "s", "min", "h", "d", and "w";
see also {manpage}`systemd.time(7)`.
'';
};
watchdog.kexecTime = mkOption {
type = types.nullOr types.str;
default = null;
example = "10m";
description = ''
The amount of time which can elapse when `kexec` is being executed before
a watchdog hardware device will automatically reboot the system. This
option should only be enabled if `reloadTime` is also enabled;
see {manpage}`kexec(8)`.
Valid time units include "ms", "s", "min", "h", "d", and "w";
see also {manpage}`systemd.time(7)`.
'';
};
}; };
###### implementation ###### implementation
@ -638,32 +591,7 @@ in
"systemd/system.conf".text = '' "systemd/system.conf".text = ''
[Manager] [Manager]
ManagerEnvironment=${ ${attrsToSection cfg.settings.Manager}
lib.concatStringsSep " " (
lib.mapAttrsToList (n: v: "${n}=${lib.escapeShellArg v}") cfg.managerEnvironment
)
}
${optionalString cfg.enableCgroupAccounting ''
DefaultCPUAccounting=yes
DefaultIOAccounting=yes
DefaultBlockIOAccounting=yes
DefaultIPAccounting=yes
''}
DefaultLimitCORE=infinity
${optionalString (cfg.watchdog.device != null) ''
WatchdogDevice=${cfg.watchdog.device}
''}
${optionalString (cfg.watchdog.runtimeTime != null) ''
RuntimeWatchdogSec=${cfg.watchdog.runtimeTime}
''}
${optionalString (cfg.watchdog.rebootTime != null) ''
RebootWatchdogSec=${cfg.watchdog.rebootTime}
''}
${optionalString (cfg.watchdog.kexecTime != null) ''
KExecWatchdogSec=${cfg.watchdog.kexecTime}
''}
${cfg.extraConfig}
''; '';
"systemd/sleep.conf".text = '' "systemd/sleep.conf".text = ''
@ -749,6 +677,13 @@ in
config.boot.extraSystemdUnitPaths != [ ] config.boot.extraSystemdUnitPaths != [ ]
) "${builtins.concatStringsSep ":" config.boot.extraSystemdUnitPaths}:"; ) "${builtins.concatStringsSep ":" config.boot.extraSystemdUnitPaths}:";
}; };
systemd.settings.Manager = {
ManagerEnvironment = lib.concatStringsSep " " (
lib.mapAttrsToList (n: v: "${n}=${lib.escapeShellArg v}") cfg.managerEnvironment
);
DefaultIOAccounting = lib.mkDefault true;
DefaultIPAccounting = lib.mkDefault true;
};
system.requiredKernelConfig = map config.lib.kernelConfig.isEnabled [ system.requiredKernelConfig = map config.lib.kernelConfig.isEnabled [
"DEVTMPFS" "DEVTMPFS"
@ -858,5 +793,26 @@ in
To forcibly reenable cgroup v1 support, you can set boot.kernelParams = [ "systemd.unified_cgroup_hierarchy=0" "SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1" ]. To forcibly reenable cgroup v1 support, you can set boot.kernelParams = [ "systemd.unified_cgroup_hierarchy=0" "SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1" ].
NixOS does not officially support this configuration and might cause your system to be unbootable in future versions. You are on your own. NixOS does not officially support this configuration and might cause your system to be unbootable in future versions. You are on your own.
'') '')
(mkRemovedOptionModule [ "systemd" "extraConfig" ] "Use systemd.settings.Manager instead.")
(lib.mkRenamedOptionModule
[ "systemd" "watchdog" "device" ]
[ "systemd" "settings" "Manager" "WatchdogDevice" ]
)
(lib.mkRenamedOptionModule
[ "systemd" "watchdog" "runtimeTime" ]
[ "systemd" "settings" "Manager" "RuntimeWatchdogSec" ]
)
(lib.mkRenamedOptionModule
[ "systemd" "watchdog" "rebootTime" ]
[ "systemd" "settings" "Manager" "RebootWatchdogSec" ]
)
(lib.mkRenamedOptionModule
[ "systemd" "watchdog" "kexecTime" ]
[ "systemd" "settings" "Manager" "KExecWatchdogSec" ]
)
(mkRemovedOptionModule [
"systemd"
"enableCgroupAccounting"
] "To disable cgroup accounting, disable systemd.settings.Manager.*Accounting directly.")
]; ];
} }

47
nixos/modules/system/boot/systemd/initrd.nix
View File

@ -11,6 +11,7 @@ with lib;
let let
inherit (utils) systemdUtils escapeSystemdPath; inherit (utils) systemdUtils escapeSystemdPath;
inherit (systemdUtils.unitOptions) unitOption;
inherit (systemdUtils.lib) inherit (systemdUtils.lib)
generateUnits generateUnits
pathToUnit pathToUnit
@ -21,6 +22,7 @@ let
timerToUnit timerToUnit
mountToUnit mountToUnit
automountToUnit automountToUnit
attrsToSection
; ;
cfg = config.boot.initrd.systemd; cfg = config.boot.initrd.systemd;
@ -139,6 +141,12 @@ in
It only saved ~1MiB of initramfs size, but caused a few issues It only saved ~1MiB of initramfs size, but caused a few issues
like unloadable kernel modules. like unloadable kernel modules.
'') '')
(lib.mkRemovedOptionModule [
"boot"
"initrd"
"systemd"
"extraConfig"
] "Use boot.initrd.systemd.settings.Manager instead.")
]; ];
options.boot.initrd.systemd = { options.boot.initrd.systemd = {
@ -161,12 +169,24 @@ in
''; '';
}; };
extraConfig = mkOption { settings.Manager = mkOption {
default = ""; default = { };
type = types.lines; defaultText = lib.literalExpression ''
example = "DefaultLimitCORE=infinity"; {
DefaultEnvironment = "PATH=/bin:/sbin";
}
'';
type = lib.types.submodule {
freeformType = types.attrsOf unitOption;
};
example = {
WatchdogDevice = "/dev/watchdog";
RuntimeWatchdogSec = "30s";
RebootWatchdogSec = "10min";
KExecWatchdogSec = "5min";
};
description = '' description = ''
Extra config options for systemd. See {manpage}`systemd-system.conf(5)` man page Options for the global systemd service manager used in initrd. See {manpage}`systemd-system.conf(5)` man page
for available options. for available options.
''; '';
}; };
@ -182,6 +202,11 @@ in
]) ])
); );
default = { }; default = { };
defaultText = ''
{
PATH = "/bin:/sbin";
}
'';
example = { example = {
SYSTEMD_LOG_LEVEL = "debug"; SYSTEMD_LOG_LEVEL = "debug";
}; };
@ -450,6 +475,10 @@ in
}; };
managerEnvironment.PATH = "/bin:/sbin"; managerEnvironment.PATH = "/bin:/sbin";
settings.Manager.ManagerEnvironment = lib.concatStringsSep " " (
lib.mapAttrsToList (n: v: "${n}=${lib.escapeShellArg v}") cfg.managerEnvironment
);
settings.Manager.DefaultEnvironment = "PATH=/bin:/sbin";
contents = { contents = {
"/tmp/.keep".text = "systemd requires the /tmp mount point in the initrd cpio archive"; "/tmp/.keep".text = "systemd requires the /tmp mount point in the initrd cpio archive";
@ -458,13 +487,7 @@ in
"/etc/systemd/system.conf".text = '' "/etc/systemd/system.conf".text = ''
[Manager] [Manager]
DefaultEnvironment=PATH=/bin:/sbin ${attrsToSection cfg.settings.Manager}
${cfg.extraConfig}
ManagerEnvironment=${
lib.concatStringsSep " " (
lib.mapAttrsToList (n: v: "${n}=${lib.escapeShellArg v}") cfg.managerEnvironment
)
}
''; '';
"/lib".source = "${config.system.build.modulesClosure}/lib"; "/lib".source = "${config.system.build.modulesClosure}/lib";

12
nixos/modules/testing/test-instrumentation.nix
View File

@ -115,7 +115,7 @@ in
MaxLevelConsole=debug MaxLevelConsole=debug
''; '';
extraConfig = config.systemd.extraConfig; settings.Manager = config.systemd.settings.Manager;
} }
(lib.mkIf cfg.initrdBackdoor { (lib.mkIf cfg.initrdBackdoor {
@ -210,13 +210,13 @@ in
MaxLevelConsole=debug MaxLevelConsole=debug
''; '';
systemd.extraConfig = '' systemd.settings.Manager = {
# Don't clobber the console with duplicate systemd messages. # Don't clobber the console with duplicate systemd messages.
ShowStatus=no ShowStatus = false;
# Allow very slow start # Allow very slow start
DefaultTimeoutStartSec=300 DefaultTimeoutStartSec = 300;
DefaultDeviceTimeoutSec=300 DefaultDeviceTimeoutSec = 300;
''; };
systemd.user.extraConfig = '' systemd.user.extraConfig = ''
# Allow very slow start # Allow very slow start
DefaultTimeoutStartSec=300 DefaultTimeoutStartSec=300

6
nixos/tests/switch-test.nix
View File

@ -68,9 +68,9 @@ in
echo "systemd 0" > $out/init-interface-version echo "systemd 0" > $out/init-interface-version
''; '';
modifiedSystemConf.configuration.systemd.extraConfig = '' modifiedSystemConf.configuration.systemd.settings.Manager = {
# Hello world! DefaultEnvironment = "XXX_SYSTEM=foo";
''; };
addedMount.configuration.virtualisation.fileSystems."/test" = { addedMount.configuration.virtualisation.fileSystems."/test" = {
device = "tmpfs"; device = "tmpfs";

15
nixos/tests/systemd.nix
View File

@ -27,7 +27,13 @@
}; };
}; };
systemd.extraConfig = "DefaultEnvironment=\"XXX_SYSTEM=foo\""; systemd.settings.Manager = {
DefaultEnvironment = "XXX_SYSTEM=foo";
WatchdogDevice = "/dev/watchdog";
RuntimeWatchdogSec = "30s";
RebootWatchdogSec = "10min";
KExecWatchdogSec = "5min";
};
systemd.user.extraConfig = "DefaultEnvironment=\"XXX_USER=bar\""; systemd.user.extraConfig = "DefaultEnvironment=\"XXX_USER=bar\"";
services.journald.extraConfig = "Storage=volatile"; services.journald.extraConfig = "Storage=volatile";
test-support.displayManager.auto.user = "alice"; test-support.displayManager.auto.user = "alice";
@ -86,13 +92,6 @@
''; '';
}; };
systemd.watchdog = {
device = "/dev/watchdog";
runtimeTime = "30s";
rebootTime = "10min";
kexecTime = "5min";
};
environment.etc."systemd/system-preset/10-testservice.preset".text = '' environment.etc."systemd/system-preset/10-testservice.preset".text = ''
disable ${config.systemd.services.testservice1.name} disable ${config.systemd.services.testservice1.name}
''; '';