RFC: Use systemd-tmpfiles to manage /etc symlinks #47453
Conversation
This eliminates a Perl script from NixOS activation; most of the necessary functionality is already in systemd.
|
I like the fact that is much less code. |
|
|
||
| # finally, create new files in /etc | ||
| SYSTEMD_LOG_LEVEL=debug ${config.systemd.package}/bin/systemd-tmpfiles --create ${etc-tmpfiles} | ||
| ln -sf ${etc-tmpfiles} /etc/.created |
There was a problem hiding this comment.
Does this no longer uses the /etc/static?
There was a problem hiding this comment.
How does it make the process mostly atomic?
|
Does systemd-tmpfiles work even with an empty /etc and without systemd running ? |
|
I am pretty sure it does. It is designed to re-provision systems like https://github.com/systemd/systemd/blob/master/src/tmpfiles/tmpfiles.c |
|
This is very nice and I think it's a good first step. I've been doing some research myself for replacing |
|
@Mic92 You're right, this branch does not try to match the level of pseudo-atomicity of the current Here's an outline for a more aggressive change that would allow atomic update of everything on the system at once: When building a NixOS configuration, generate a squashfs image that contains all the files that need to be placed anywhere on the filesystem when activating the configuration, including Activation then proceeds in three steps:
The actions needed for steps 1 and 3 can be computed before applying any changes: As step 0, generate a When building a read-only NixOS system image, the above squashfs can just be made part of the final image, skipping all the symlink-management steps. And @arianvp, I am certainly in favor of a tracking issue for these kinds of ideas. I have NixOS modules locally here for building a read-only NixOS root filesystem in a squashfs, and also for doing the stage-1 initrd using systemd instead of heaps of shell scripts; both work in my limited use cases, but I'm sure they have major flaws for use cases I haven't considered, so I figured I'd sort out things like this issue before trying to upstream that stuff. I'm happy to chat about what I did so far though! |
|
Folks interested in this pull request might also be interested in #47563 which I just filed, which is a proof-of-concept for getting rid of some of the shell scripting during stage-2 and activation. |
|
By reading your description it seems to be similar to how the current |
|
I'm still working on related ideas, but I'm abandoning this particular approach for various reasons, including @Mic92's comments. |
Any chance you can share something about this? I too, am not particularly hooked on the current situation (see #47898 as well). |
|
I just pushed a WIP branch which I'm not quite ready to turn into a pull request: https://github.com/jameysharp/nixpkgs/tree/deactivation It gets rid of a few activation scripts for various services but the big deal is it can precompute /etc/passwd and group, rather than generating them with a perl script during activation, subject to some constraints. |
very nice! |
I have only minimally tested this, so please don't merge it without careful review! I'm submitting this pull request primarily to ask for comments on whether this is a good direction.
Motivation for this change
This eliminates a Perl script from NixOS activation; most of the necessary functionality is already in systemd.
I suspect that most of the work that's currently done in the activation script could be done with systemd-tmpfiles instead. Eventually I hope it might be possible to eliminate the activation script entirely, as well as most or ideally all of
stage-2-init.sh, which duplicates a lot of functionality that systemd has built-in.I set off down this road because I needed to build a read-only (squashfs) NixOS image and there are an awful lot of assumptions about writable filesystems which are difficult to reason about when they're scattered across all these impure shell and Perl scripts.
But coming back down to earth, I thought eliminating
setup-etc.plmight be a good first step that doesn't impact much of the rest of the boot process.Things done
sandboxinnix.confon non-NixOS)nix-shell -p nox --run "nox-review wip"./result/bin/)nix path-info -Sbefore and after)