From 0b277bcc2b40c6ecd728c44635fa92262bedf620 Mon Sep 17 00:00:00 2001 From: Linus Heckemann Date: Thu, 28 Jul 2022 14:34:44 +0200 Subject: nixos/swraid: make entire module optional swraid support will now only be enabled by default if stateVersion is older than 23.11. nixos-generate-config will now generate explicit config for enabling support if needed. --- nixos/doc/manual/release-notes/rl-2311.section.md | 2 ++ nixos/modules/installer/tools/nixos-generate-config.pl | 11 +++++++++-- nixos/modules/profiles/installation-device.nix | 4 ++++ nixos/modules/tasks/swraid.nix | 14 +++++++------- nixos/tests/installer-systemd-stage-1.nix | 2 +- 5 files changed, 23 insertions(+), 10 deletions(-) (limited to 'nixos') diff --git a/nixos/doc/manual/release-notes/rl-2311.section.md b/nixos/doc/manual/release-notes/rl-2311.section.md index 29ee2ec5aa617..70f2916303cd9 100644 --- a/nixos/doc/manual/release-notes/rl-2311.section.md +++ b/nixos/doc/manual/release-notes/rl-2311.section.md @@ -78,6 +78,8 @@ - The Caddy module gained a new option named `services.caddy.enableReload` which is enabled by default. It allows reloading the service instead of restarting it, if only a config file has changed. This option must be disabled if you have turned off the [Caddy admin API](https://caddyserver.com/docs/caddyfile/options#admin). If you keep this option enabled, you should consider setting [`grace_period`](https://caddyserver.com/docs/caddyfile/options#grace-period) to a non-infinite value to prevent Caddy from delaying the reload indefinitely. +- mdraid support is now optional. This reduces initramfs size and prevents automatic import of software RAID pools, which may not be desired. It is disabled by default in new configurations (determined by `stateVersion`), but the appropriate settings will be generated by `nixos-generate-config` when installing to a software RAID device, so the standard installation procedure should be unaffected. + ## Other Notable Changes {#sec-release-23.11-notable-changes} - The Cinnamon module now enables XDG desktop integration by default. If you are experiencing collisions related to xdg-desktop-portal-gtk you can safely remove `xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];` from your NixOS configuration. diff --git a/nixos/modules/installer/tools/nixos-generate-config.pl b/nixos/modules/installer/tools/nixos-generate-config.pl index 2e572ef02473b..b08bf1e45d132 100644 --- a/nixos/modules/installer/tools/nixos-generate-config.pl +++ b/nixos/modules/installer/tools/nixos-generate-config.pl @@ -381,6 +381,7 @@ sub in { my $fileSystems; my %fsByDev; +my $useSwraid = 0; foreach my $fs (read_file("/proc/self/mountinfo")) { chomp $fs; my @fields = split / /, $fs; @@ -510,8 +511,8 @@ EOF # boot.initrd.luks.devices entry. if (-e $device) { my $deviceName = basename(abs_path($device)); - if (-e "/sys/class/block/$deviceName" - && read_file("/sys/class/block/$deviceName/dm/uuid", err_mode => 'quiet') =~ /^CRYPT-LUKS/) + my $dmUuid = read_file("/sys/class/block/$deviceName/dm/uuid", err_mode => 'quiet'); + if ($dmUuid =~ /^CRYPT-LUKS/) { my @slaves = glob("/sys/class/block/$deviceName/slaves/*"); if (scalar @slaves == 1) { @@ -527,8 +528,14 @@ EOF } } } + if (-e "/sys/class/block/$deviceName/md/uuid") { + $useSwraid = 1; + } } } +if ($useSwraid) { + push @attrs, "boot.initrd.services.swraid.enable = true;\n\n"; +} # Generate the hardware configuration file. diff --git a/nixos/modules/profiles/installation-device.nix b/nixos/modules/profiles/installation-device.nix index 32884f4b8754d..eea58294fb15b 100644 --- a/nixos/modules/profiles/installation-device.nix +++ b/nixos/modules/profiles/installation-device.nix @@ -106,6 +106,10 @@ with lib; systemdStage1Network ]; + boot.initrd.services = { + swraid.enable = true; + }; + # Show all debug messages from the kernel but don't log refused packets # because we have the firewall enabled. This makes installs from the # console less cumbersome if the machine has a public IP. diff --git a/nixos/modules/tasks/swraid.nix b/nixos/modules/tasks/swraid.nix index 1c3f1db15099d..fde0f7e0091a8 100644 --- a/nixos/modules/tasks/swraid.nix +++ b/nixos/modules/tasks/swraid.nix @@ -6,11 +6,11 @@ in { options.boot.initrd.services.swraid = { enable = lib.mkEnableOption (lib.mdDoc "swraid support using mdadm") // { - description = '' - *This will only be used when systemd is used in stage 1.* - + description = lib.mdDoc '' Whether to enable swraid support using mdadm. ''; + default = lib.versionOlder config.system.stateVersion "23.11"; + defaultText = lib.mdDoc "`true` if stateVersion is older than 23.11"; }; mdadmConf = lib.mkOption { @@ -20,20 +20,20 @@ in { }; }; - config = { + config = lib.mkIf cfg.enable { environment.systemPackages = [ pkgs.mdadm ]; services.udev.packages = [ pkgs.mdadm ]; systemd.packages = [ pkgs.mdadm ]; - boot.initrd.availableKernelModules = lib.mkIf (config.boot.initrd.systemd.enable -> cfg.enable) [ "md_mod" "raid0" "raid1" "raid10" "raid456" ]; + boot.initrd.availableKernelModules = [ "md_mod" "raid0" "raid1" "raid10" "raid456" ]; boot.initrd.extraUdevRulesCommands = lib.mkIf (!config.boot.initrd.systemd.enable) '' cp -v ${pkgs.mdadm}/lib/udev/rules.d/*.rules $out/ ''; - boot.initrd.systemd = lib.mkIf cfg.enable { + boot.initrd.systemd = { contents."/etc/mdadm.conf" = lib.mkIf (cfg.mdadmConf != "") { text = cfg.mdadmConf; }; @@ -42,6 +42,6 @@ in { initrdBin = [ pkgs.mdadm ]; }; - boot.initrd.services.udev.packages = lib.mkIf cfg.enable [ pkgs.mdadm ]; + boot.initrd.services.udev.packages = [ pkgs.mdadm ]; }; } diff --git a/nixos/tests/installer-systemd-stage-1.nix b/nixos/tests/installer-systemd-stage-1.nix index 05fb2b2ae89c7..85155a6c682b3 100644 --- a/nixos/tests/installer-systemd-stage-1.nix +++ b/nixos/tests/installer-systemd-stage-1.nix @@ -28,7 +28,7 @@ simpleUefiGrubSpecialisation simpleUefiSystemdBoot stratisRoot - # swraid + swraid zfsroot ; -- cgit 1.4.1 From c0f963a33805a7906de59b1f4bd73962d0130d5b Mon Sep 17 00:00:00 2001 From: Linus Heckemann Date: Mon, 10 Jul 2023 20:20:08 +0200 Subject: boot.initrd.services.swraid -> boot.swraid Since the option affects both stage-1 and stage-2, it does not make sense to keep it within the boot.initrd namespace. --- nixos/doc/manual/release-notes/rl-2311.section.md | 2 +- .../installer/tools/nixos-generate-config.pl | 2 +- nixos/modules/profiles/installation-device.nix | 4 +- nixos/modules/system/boot/stage-1.nix | 5 +-- nixos/modules/tasks/swraid.nix | 44 ++++++++++++++-------- nixos/tests/systemd-initrd-swraid.nix | 12 +++--- 6 files changed, 39 insertions(+), 30 deletions(-) (limited to 'nixos') diff --git a/nixos/doc/manual/release-notes/rl-2311.section.md b/nixos/doc/manual/release-notes/rl-2311.section.md index 70f2916303cd9..eecac2f3ff21e 100644 --- a/nixos/doc/manual/release-notes/rl-2311.section.md +++ b/nixos/doc/manual/release-notes/rl-2311.section.md @@ -78,7 +78,7 @@ - The Caddy module gained a new option named `services.caddy.enableReload` which is enabled by default. It allows reloading the service instead of restarting it, if only a config file has changed. This option must be disabled if you have turned off the [Caddy admin API](https://caddyserver.com/docs/caddyfile/options#admin). If you keep this option enabled, you should consider setting [`grace_period`](https://caddyserver.com/docs/caddyfile/options#grace-period) to a non-infinite value to prevent Caddy from delaying the reload indefinitely. -- mdraid support is now optional. This reduces initramfs size and prevents automatic import of software RAID pools, which may not be desired. It is disabled by default in new configurations (determined by `stateVersion`), but the appropriate settings will be generated by `nixos-generate-config` when installing to a software RAID device, so the standard installation procedure should be unaffected. +- mdraid support is now optional. This reduces initramfs size and prevents the potentially undesired automatic detection and activation of software RAID pools. It is disabled by default in new configurations (determined by `stateVersion`), but the appropriate settings will be generated by `nixos-generate-config` when installing to a software RAID device, so the standard installation procedure should be unaffected. If you have custom configs relying on mdraid, ensure that you use `stateVersion` correctly or set `boot.swraid.enable` manually. ## Other Notable Changes {#sec-release-23.11-notable-changes} diff --git a/nixos/modules/installer/tools/nixos-generate-config.pl b/nixos/modules/installer/tools/nixos-generate-config.pl index b08bf1e45d132..7d0c5898e23df 100644 --- a/nixos/modules/installer/tools/nixos-generate-config.pl +++ b/nixos/modules/installer/tools/nixos-generate-config.pl @@ -534,7 +534,7 @@ EOF } } if ($useSwraid) { - push @attrs, "boot.initrd.services.swraid.enable = true;\n\n"; + push @attrs, "boot.swraid.enable = true;\n\n"; } diff --git a/nixos/modules/profiles/installation-device.nix b/nixos/modules/profiles/installation-device.nix index eea58294fb15b..4120d5919d7d7 100644 --- a/nixos/modules/profiles/installation-device.nix +++ b/nixos/modules/profiles/installation-device.nix @@ -106,9 +106,7 @@ with lib; systemdStage1Network ]; - boot.initrd.services = { - swraid.enable = true; - }; + boot.swraid.enable = true; # Show all debug messages from the kernel but don't log refused packets # because we have the firewall enabled. This makes installs from the diff --git a/nixos/modules/system/boot/stage-1.nix b/nixos/modules/system/boot/stage-1.nix index dcb15cf7d42b7..81e5e974b9c23 100644 --- a/nixos/modules/system/boot/stage-1.nix +++ b/nixos/modules/system/boot/stage-1.nix @@ -354,9 +354,6 @@ let [ { object = bootStage1; symlink = "/init"; } - { object = pkgs.writeText "mdadm.conf" config.boot.initrd.services.swraid.mdadmConf; - symlink = "/etc/mdadm.conf"; - } { object = pkgs.runCommand "initrd-kmod-blacklist-ubuntu" { src = "${pkgs.kmod-blacklist-ubuntu}/modprobe.conf"; preferLocalBuild = true; @@ -727,6 +724,6 @@ in }; imports = [ - (mkRenamedOptionModule [ "boot" "initrd" "mdadmConf" ] [ "boot" "initrd" "services" "swraid" "mdadmConf" ]) + (mkRenamedOptionModule [ "boot" "initrd" "mdadmConf" ] [ "boot" "swraid" "mdadmConf" ]) ]; } diff --git a/nixos/modules/tasks/swraid.nix b/nixos/modules/tasks/swraid.nix index fde0f7e0091a8..d7a29b17a4b16 100644 --- a/nixos/modules/tasks/swraid.nix +++ b/nixos/modules/tasks/swraid.nix @@ -1,20 +1,30 @@ { config, pkgs, lib, ... }: let - cfg = config.boot.initrd.services.swraid; + cfg = config.boot.swraid; in { - options.boot.initrd.services.swraid = { + options.boot.swraid = { enable = lib.mkEnableOption (lib.mdDoc "swraid support using mdadm") // { description = lib.mdDoc '' - Whether to enable swraid support using mdadm. + Whether to enable support for Linux MD RAID arrays. + + When this is enabled, mdadm will be added to the system path, + and MD RAID arrays will be detected and activated + automatically, both in stage-1 (initramfs) and in stage-2 (the + final NixOS system). + + This should be enabled if you want to be able to access and/or + boot from MD RAID arrays. {command}`nixos-generate-config` + should detect it correctly in the standard installation + procedure. ''; default = lib.versionOlder config.system.stateVersion "23.11"; defaultText = lib.mdDoc "`true` if stateVersion is older than 23.11"; }; mdadmConf = lib.mkOption { - description = lib.mdDoc "Contents of {file}`/etc/mdadm.conf` in initrd."; + description = lib.mdDoc "Contents of {file}`/etc/mdadm.conf`."; type = lib.types.lines; default = ""; }; @@ -27,21 +37,25 @@ in { systemd.packages = [ pkgs.mdadm ]; - boot.initrd.availableKernelModules = [ "md_mod" "raid0" "raid1" "raid10" "raid456" ]; + boot.initrd = { + availableKernelModules = [ "md_mod" "raid0" "raid1" "raid10" "raid456" ]; + + extraUdevRulesCommands = lib.mkIf (!config.boot.initrd.systemd.enable) '' + cp -v ${pkgs.mdadm}/lib/udev/rules.d/*.rules $out/ + ''; + + extraFiles."/etc/mdadm.conf".source = pkgs.writeText "mdadm.conf" config.boot.swraid.mdadmConf; - boot.initrd.extraUdevRulesCommands = lib.mkIf (!config.boot.initrd.systemd.enable) '' - cp -v ${pkgs.mdadm}/lib/udev/rules.d/*.rules $out/ - ''; + systemd = { + contents."/etc/mdadm.conf" = lib.mkIf (cfg.mdadmConf != "") { + text = cfg.mdadmConf; + }; - boot.initrd.systemd = { - contents."/etc/mdadm.conf" = lib.mkIf (cfg.mdadmConf != "") { - text = cfg.mdadmConf; + packages = [ pkgs.mdadm ]; + initrdBin = [ pkgs.mdadm ]; }; - packages = [ pkgs.mdadm ]; - initrdBin = [ pkgs.mdadm ]; + services.udev.packages = [ pkgs.mdadm ]; }; - - boot.initrd.services.udev.packages = [ pkgs.mdadm ]; }; } diff --git a/nixos/tests/systemd-initrd-swraid.nix b/nixos/tests/systemd-initrd-swraid.nix index 0d5a1c6354d05..d87170c925742 100644 --- a/nixos/tests/systemd-initrd-swraid.nix +++ b/nixos/tests/systemd-initrd-swraid.nix @@ -14,17 +14,17 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: { boot.loader.efi.canTouchEfiVariables = true; environment.systemPackages = with pkgs; [ mdadm e2fsprogs ]; # for mdadm and mkfs.ext4 + boot.swraid = { + enable = true; + mdadmConf = '' + ARRAY /dev/md0 devices=/dev/vdb,/dev/vdc + ''; + }; boot.initrd = { systemd = { enable = true; emergencyAccess = true; }; - services.swraid = { - enable = true; - mdadmConf = '' - ARRAY /dev/md0 devices=/dev/vdb,/dev/vdc - ''; - }; kernelModules = [ "raid0" ]; }; -- cgit 1.4.1 From 7d2124f9e3206166d82e72990cb5637c25a42b47 Mon Sep 17 00:00:00 2001 From: Linus Heckemann Date: Mon, 10 Jul 2023 20:31:13 +0200 Subject: stage-1: Only copy mdadm and mdmon into initramfs if enabled --- nixos/modules/system/boot/stage-1.nix | 5 ----- nixos/modules/tasks/swraid.nix | 10 ++++++++++ 2 files changed, 10 insertions(+), 5 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/system/boot/stage-1.nix b/nixos/modules/system/boot/stage-1.nix index 81e5e974b9c23..eec3461de7e77 100644 --- a/nixos/modules/system/boot/stage-1.nix +++ b/nixos/modules/system/boot/stage-1.nix @@ -133,10 +133,6 @@ let copy_bin_and_libs ${getBin pkgs.lvm2}/bin/dmsetup copy_bin_and_libs ${getBin pkgs.lvm2}/bin/lvm - # Add RAID mdadm tool. - copy_bin_and_libs ${pkgs.mdadm}/sbin/mdadm - copy_bin_and_libs ${pkgs.mdadm}/sbin/mdmon - # Copy udev. copy_bin_and_libs ${udev}/bin/udevadm copy_bin_and_libs ${udev}/lib/systemd/systemd-sysctl @@ -225,7 +221,6 @@ let $out/bin/udevadm --version $out/bin/dmsetup --version 2>&1 | tee -a log | grep -q "version:" LVM_SYSTEM_DIR=$out $out/bin/lvm version 2>&1 | tee -a log | grep -q "LVM" - $out/bin/mdadm --version ${optionalString config.services.multipath.enable '' ($out/bin/multipath || true) 2>&1 | grep -q 'need to be root' ($out/bin/multipathd || true) 2>&1 | grep -q 'need to be root' diff --git a/nixos/modules/tasks/swraid.nix b/nixos/modules/tasks/swraid.nix index d7a29b17a4b16..9dca230ac0d5b 100644 --- a/nixos/modules/tasks/swraid.nix +++ b/nixos/modules/tasks/swraid.nix @@ -44,6 +44,16 @@ in { cp -v ${pkgs.mdadm}/lib/udev/rules.d/*.rules $out/ ''; + extraUtilsCommands = '' + # Add RAID mdadm tool. + copy_bin_and_libs ${pkgs.mdadm}/sbin/mdadm + copy_bin_and_libs ${pkgs.mdadm}/sbin/mdmon + ''; + + extraUtilsCommandsTest = '' + $out/bin/mdadm --version + ''; + extraFiles."/etc/mdadm.conf".source = pkgs.writeText "mdadm.conf" config.boot.swraid.mdadmConf; systemd = { -- cgit 1.4.1