From c9a1647adeef403328f7b222666648bf8bfa0320 Mon Sep 17 00:00:00 2001 From: David Anderson Date: Sun, 24 Apr 2022 23:31:35 -0700 Subject: [PATCH] nixos/tailscale: use systemctl restart during activation. This avoids the scenario where you activate a new config over Tailscale, and a long delay between the "stop services" and "start services" phases of the activation script lead to your terminal freezing for tens of seconds, until tailscaled finally gets started again and the session recovers. Per the documentation of stopIfChanged, this is only safe to do if the service definition is robust to stopping the old process using the new service definition. As the maintainer of the upstream systemd unit, I can confirm that Tailscale is robust to this scenario: it has to be in order to work right on several other distros that just do unpack-then-restart, rather than the more complex stop-unpack-start dance. Signed-off-by: David Anderson --- nixos/modules/services/networking/tailscale.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/nixos/modules/services/networking/tailscale.nix b/nixos/modules/services/networking/tailscale.nix index 1f64113950a..36db8bfb128 100644 --- a/nixos/modules/services/networking/tailscale.nix +++ b/nixos/modules/services/networking/tailscale.nix @@ -47,6 +47,18 @@ in { ] ++ (lib.optionals (cfg.permitCertUid != null) [ "TS_PERMIT_CERT_UID=${cfg.permitCertUid}" ]); + # Restart tailscaled with a single `systemctl restart` at the + # end of activation, rather than a `stop` followed by a later + # `start`. Activation over Tailscale can hang for tens of + # seconds in the stop+start setup, if the activation script has + # a significant delay between the stop and start phases + # (e.g. script blocked on another unit with a slow shutdown). + # + # Tailscale is aware of the correctness tradeoff involved, and + # already makes its upstream systemd unit robust against unit + # version mismatches on restart for compatibility with other + # linux distros. + stopIfChanged = false; }; }; }