summary refs log tree commit diff
diff options
context:
space:
mode:
authorrnhmjoj <rnhmjoj@inventati.org>2021-09-15 13:43:26 +0200
committerrnhmjoj <rnhmjoj@inventati.org>2021-09-15 14:36:50 +0200
commitdc34788a25664926a04393d5f20a266c4a884385 (patch)
treea0b39a22ff245d7653f67c0d73bdfef417b41a9c
parentddbbf5d80bcee06ff62b0fb53d926e9c8b1174d6 (diff)
downloadnixpkgs-dc34788a25664926a04393d5f20a266c4a884385.tar
nixpkgs-dc34788a25664926a04393d5f20a266c4a884385.tar.gz
nixpkgs-dc34788a25664926a04393d5f20a266c4a884385.tar.bz2
nixpkgs-dc34788a25664926a04393d5f20a266c4a884385.tar.lz
nixpkgs-dc34788a25664926a04393d5f20a266c4a884385.tar.xz
nixpkgs-dc34788a25664926a04393d5f20a266c4a884385.tar.zst
nixpkgs-dc34788a25664926a04393d5f20a266c4a884385.zip
nixos/lock-kernel-modules: use `udevadm settle`
Instead of relying on systemd-udev-settle, which is deprecated,
directly call `udevamd settle` to wait for hardware to settle.
Diffstat
-rw-r--r--nixos/modules/security/lock-kernel-modules.nix28
1 files changed, 19 insertions, 9 deletions
diff --git a/nixos/modules/security/lock-kernel-modules.nix b/nixos/modules/security/lock-kernel-modules.nix
index fc9e7939d81..3c4cc69e0e3 100644
--- a/nixos/modules/security/lock-kernel-modules.nix
+++ b/nixos/modules/security/lock-kernel-modules.nix
@@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ config, pkgs, lib, ... }:
 
 with lib;
 
@@ -13,7 +13,7 @@ with lib;
       default = false;
       description = ''
         Disable kernel module loading once the system is fully initialised.
-        Module loading is disabled until the next reboot.  Problems caused
+        Module loading is disabled until the next reboot. Problems caused
         by delayed module loading can be fixed by adding the module(s) in
         question to <option>boot.kernelModules</option>.
       '';
@@ -29,20 +29,30 @@ with lib;
             else [ x.fsType ]
         else []) config.system.build.fileSystems;
 
-    systemd.services.disable-kernel-module-loading = rec {
+    systemd.services.disable-kernel-module-loading = {
       description = "Disable kernel module loading";
 
+      wants = [ "systemd-udevd.service" ];
       wantedBy = [ config.systemd.defaultUnit ];
 
-      after = [ "systemd-udev-settle.service" "firewall.service" "systemd-modules-load.service" ] ++ wantedBy;
+      before = [ config.systemd.defaultUnit ];
+      after =
+        [ "firewall.service"
+          "systemd-modules-load.service"
+        ];
 
       unitConfig.ConditionPathIsReadWrite = "/proc/sys/kernel";
 
-      serviceConfig = {
-        Type = "oneshot";
-        RemainAfterExit = true;
-        ExecStart = "/bin/sh -c 'echo -n 1 >/proc/sys/kernel/modules_disabled'";
-      };
+      serviceConfig =
+        { Type = "oneshot";
+          RemainAfterExit = true;
+          TimeoutSec = 180;
+        };
+
+      script = ''
+        ${pkgs.udev}/bin/udevadm settle
+        echo -n 1 >/proc/sys/kernel/modules_disabled
+      '';
     };
   };
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-19 00:08:17 +0000