nixos/systemd: Properly shut down the system

2 years ago · 30a00c29c4
parent 031b95e587
commit 30a00c29c4
6 changed files with 66 additions and 0 deletions
--- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
@ -1184,6 +1184,14 @@
          <literal>systemd.nspawn.&lt;name&gt;.execConfig.PrivateUsers = false</literal>
        </para>
      </listitem>
+      <listitem>
+        <para>
+          <literal>systemd-shutdown</literal> is now properly linked on
+          shutdown to unmount all filesystems and device mapper devices
+          cleanly. This can be disabled using
+          <literal>boot.systemd.shutdown.enable</literal>.
+        </para>
+      </listitem>
      <listitem>
        <para>
          The Tor SOCKS proxy is now actually disabled if
--- a/nixos/doc/manual/release-notes/rl-2205.section.md
+++ b/nixos/doc/manual/release-notes/rl-2205.section.md
@ -455,6 +455,8 @@ In addition to numerous new and upgraded packages, this release has the followin

 - `systemd-nspawn@.service` settings have been reverted to the default systemd behaviour. User namespaces are now activated by default. If you want to keep running nspawn containers without user namespaces you need to set `systemd.nspawn.<name>.execConfig.PrivateUsers = false`

+- `systemd-shutdown` is now properly linked on shutdown to unmount all filesystems and device mapper devices cleanly. This can be disabled using `boot.systemd.shutdown.enable`.
+
 - The Tor SOCKS proxy is now actually disabled if `services.tor.client.enable` is set to `false` (the default). If you are using this functionality but didn't change the setting or set it to `false`, you now need to set it to `true`.

 - The terraform 0.12 compatibility has been removed and the `terraform.withPlugins` and `terraform-providers.mkProvider` implementations simplified. Providers now need to be stored under
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@ -1184,6 +1184,7 @@
  ./system/boot/systemd/journald.nix
  ./system/boot/systemd/logind.nix
  ./system/boot/systemd/nspawn.nix
+  ./system/boot/systemd/shutdown.nix
  ./system/boot/systemd/tmpfiles.nix
  ./system/boot/systemd/user.nix
  ./system/boot/systemd/initrd.nix
--- a/nixos/modules/system/boot/systemd/shutdown.nix
+++ b/nixos/modules/system/boot/systemd/shutdown.nix
@ -0,0 +1,32 @@
+{ config, lib, ... }: let
+
+  cfg = config.boot.systemd.shutdown;
+
+in {
+  options.boot.systemd.shutdown = {
+    enable = lib.mkEnableOption "pivoting back to an initramfs for shutdown" // { default = true; };
+  };
+
+  config = lib.mkIf cfg.enable {
+    systemd.services.generate-shutdown-ramfs = {
+      description = "Generate shutdown ramfs";
+      before = [ "shutdown.target" ];
+      unitConfig = {
+        DefaultDependencies = false;
+        ConditionFileIsExecutable = [
+          "!/run/initramfs/shutdown"
+          "/run/current-system/systemd/lib/systemd/systemd-shutdown"
+        ];
+      };
+
+      serviceConfig.Type = "oneshot";
+      script = ''
+        mkdir -p /run/initramfs
+        if ! mountpoint -q /run/initramfs; then
+          mount -t tmpfs tmpfs /run/initramfs
+        fi
+        cp /run/current-system/systemd/lib/systemd/systemd-shutdown /run/initramfs/shutdown
+      '';
+    };
+  };
+}
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@ -521,6 +521,7 @@ in
  systemd-confinement = handleTest ./systemd-confinement.nix {};
  systemd-cryptenroll = handleTest ./systemd-cryptenroll.nix {};
  systemd-escaping = handleTest ./systemd-escaping.nix {};
+  systemd-initrd-shutdown = handleTest ./systemd-shutdown.nix { systemdStage1 = true; };
  systemd-initrd-simple = handleTest ./systemd-initrd-simple.nix {};
  systemd-initrd-swraid = handleTest ./systemd-initrd-swraid.nix {};
  systemd-journal = handleTest ./systemd-journal.nix {};
@ -531,6 +532,7 @@ in
  systemd-networkd-ipv6-prefix-delegation = handleTest ./systemd-networkd-ipv6-prefix-delegation.nix {};
  systemd-networkd-vrf = handleTest ./systemd-networkd-vrf.nix {};
  systemd-nspawn = handleTest ./systemd-nspawn.nix {};
+  systemd-shutdown = handleTest ./systemd-shutdown.nix {};
  systemd-timesyncd = handleTest ./systemd-timesyncd.nix {};
  systemd-misc = handleTest ./systemd-misc.nix {};
  taskserver = handleTest ./taskserver.nix {};
--- a/nixos/tests/systemd-shutdown.nix
+++ b/nixos/tests/systemd-shutdown.nix
@ -0,0 +1,21 @@
+import ./make-test-python.nix ({ pkgs, systemdStage1 ? false, ...} : {
+  name = "systemd-shutdown";
+  meta = with pkgs.lib.maintainers; {
+    maintainers = [ das_j ];
+  };
+
+  nodes.machine = {
+    imports = [ ../modules/profiles/minimal.nix ];
+    boot.initrd.systemd.enable = systemdStage1;
+  };
+
+  testScript = ''
+    machine.wait_for_unit("multi-user.target")
+    # .shutdown() would wait for the machine to power off
+    machine.succeed("systemctl poweroff")
+    # Message printed by systemd-shutdown
+    machine.wait_for_console_text("All filesystems, swaps, loop devices, MD devices and DM devices detached.")
+    # Don't try to sync filesystems
+    machine.booted = False
+  '';
+})