Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 07054b42d8c4
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 5e2f89bbce11
Choose a head ref
  • 2 commits
  • 7 files changed
  • 2 contributors

Commits on Aug 27, 2019

  1. nixos/treewide: drop dependencies to keys.target 

    The `keys.target` is used to indicate whether all NixOps keys were
successfully uploaded on an unattended reboot. However this can cause
startup issues e.g. with NixOS containers (see #67265) and can block
boots even though this might not be needed (e.g. with a dovecot2
instance running that doesn't need any of the NixOps keys).

As described in the NixOps manual[1], dependencies to keys should be
defined like this now:

``` nix
{
  systemd.services.myservice = {
    after = [ "secret-key.service" ];
    wants = [ "secret-key.service" ];
  };
}
```

However I'd leave the issue open until it's discussed whether or not to
keep `keys.target` in `nixpkgs`.

[1] https://nixos.org/nixops/manual/#idm140737322342384
    @Ma27
    Ma27 committed Aug 27, 2019
    Copy the full SHA
    56a7bc0 View commit details

Commits on Aug 28, 2019

  1. Merge pull request #67394 from Ma27/drop-keys.target-dependency 

    nixos/treewide: drop dependencies to `keys.target`
    @lheckemann
    lheckemann authored Aug 28, 2019
    Copy the full SHA
    5e2f89b View commit details
20 changes: 20 additions & 0 deletions nixos/doc/manual/release-notes/rl-1909.xml
View file
Original file line number Diff line number Diff line change
@@ -291,6 +291,26 @@
configuration while being better type-checked and mergeable.
</para>
</listitem>
<listitem>
<para>
No service depends on <literal>keys.target</literal> anymore which is a systemd
target that indicates if all <link xlink:href="https://nixos.org/nixops/manual/#idm140737322342384">NixOps keys</link> were successfully uploaded.
Instead, <literal>&lt;key-name&gt;-key.service</literal> should be used to define
a dependency of a key in a service. The full issue behind the <literal>keys.target</literal>
dependency is described at <link xlink:href="https://github.com/NixOS/nixpkgs/issues/67265">NixOS/nixpkgs#67265</link>.
</para>
<para>
The following services are affected by this:
<itemizedlist>
<listitem><para><link linkend="opt-services.dovecot2.enable"><literal>services.dovecot2</literal></link></para></listitem>
<listitem><para><link linkend="opt-services.nsd.enable"><literal>services.nsd</literal></link></para></listitem>
<listitem><para><link linkend="opt-services.softether.enable"><literal>services.softether</literal></link></para></listitem>
<listitem><para><link linkend="opt-services.strongswan.enable"><literal>services.strongswan</literal></link></para></listitem>
<listitem><para><link linkend="opt-services.strongswan-swanctl.enable"><literal>services.strongswan-swanctl</literal></link></para></listitem>
<listitem><para><link linkend="opt-services.httpd.enable"><literal>services.httpd</literal></link></para></listitem>
</itemizedlist>
</para>
</listitem>
</itemizedlist>
</section>

3 changes: 1 addition & 2 deletions nixos/modules/services/mail/dovecot.nix
View file
Original file line number Diff line number Diff line change
@@ -344,8 +344,7 @@ in
systemd.services.dovecot2 = {
description = "Dovecot IMAP/POP3 server";

after = [ "keys.target" "network.target" ];
wants = [ "keys.target" ];
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
restartTriggers = [ cfg.configFile ];

3 changes: 1 addition & 2 deletions nixos/modules/services/networking/nsd.nix
View file
Original file line number Diff line number Diff line change
@@ -916,9 +916,8 @@ in
systemd.services.nsd = {
description = "NSD authoritative only domain name service";

after = [ "keys.target" "network.target" ];
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
wants = [ "keys.target" ];

serviceConfig = {
ExecStart = "${nsdPkg}/sbin/nsd -d -c ${nsdEnv}/nsd.conf";
2 changes: 0 additions & 2 deletions nixos/modules/services/networking/softether.nix
View file
Original file line number Diff line number Diff line change
@@ -70,8 +70,6 @@ in

systemd.services."softether-init" = {
description = "SoftEther VPN services initial task";
after = [ "keys.target" ];
wants = [ "keys.target" ];
wantedBy = [ "network.target" ];
serviceConfig = {
Type = "oneshot";
5 changes: 2 additions & 3 deletions nixos/modules/services/networking/strongswan-swanctl/module.nix
View file
Original file line number Diff line number Diff line change
@@ -62,9 +62,8 @@ in {
systemd.services.strongswan-swanctl = {
description = "strongSwan IPsec IKEv1/IKEv2 daemon using swanctl";
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" "keys.target" ];
wants = [ "keys.target" ];
path = with pkgs; [ kmod iproute iptables utillinux ];
after = [ "network-online.target" ];
path = with pkgs; [ kmod iproute iptables utillinux ];
environment = {
STRONGSWAN_CONF = pkgs.writeTextFile {
name = "strongswan.conf";
3 changes: 1 addition & 2 deletions nixos/modules/services/networking/strongswan.nix
View file
Original file line number Diff line number Diff line change
@@ -151,8 +151,7 @@ in
description = "strongSwan IPSec Service";
wantedBy = [ "multi-user.target" ];
path = with pkgs; [ kmod iproute iptables utillinux ]; # XXX Linux
wants = [ "keys.target" ];
after = [ "network-online.target" "keys.target" ];
after = [ "network-online.target" ];
environment = {
STRONGSWAN_CONF = strongswanConf { inherit setup connections ca secretsFile managePlugins enabledPlugins; };
};
3 changes: 1 addition & 2 deletions nixos/modules/services/web-servers/apache-httpd/default.nix
View file
Original file line number Diff line number Diff line change
@@ -670,8 +670,7 @@ in
{ description = "Apache HTTPD";

wantedBy = [ "multi-user.target" ];
wants = [ "keys.target" ];
after = [ "network.target" "fs.target" "keys.target" ];
after = [ "network.target" "fs.target" ];

path =
[ httpd pkgs.coreutils pkgs.gnugrep ]