diff options
| author | William A. Kennington III <william@wkennington.com> | 2014-12-01 17:19:06 -0800 |
|---|---|---|
| committer | William A. Kennington III <william@wkennington.com> | 2014-12-01 17:19:44 -0800 |
| commit | 8a94c065951d8f90c0c8ec70b8d40fefef1e644f (patch) | |
| tree | 089ae9a9896cac09d9305c66b16a02b1fd7ea96d /nixos | |
| parent | 2b06a92c2a113f70b1c07a5be3e53a2f229f379b (diff) | |
| download | nixpkgs-8a94c065951d8f90c0c8ec70b8d40fefef1e644f.tar nixpkgs-8a94c065951d8f90c0c8ec70b8d40fefef1e644f.tar.gz nixpkgs-8a94c065951d8f90c0c8ec70b8d40fefef1e644f.tar.bz2 nixpkgs-8a94c065951d8f90c0c8ec70b8d40fefef1e644f.tar.lz nixpkgs-8a94c065951d8f90c0c8ec70b8d40fefef1e644f.tar.xz nixpkgs-8a94c065951d8f90c0c8ec70b8d40fefef1e644f.tar.zst nixpkgs-8a94c065951d8f90c0c8ec70b8d40fefef1e644f.zip | |
nixos: Add network-pre.target and adjust firewall start ordering
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/services/networking/firewall.nix | 5 | ||||
| -rw-r--r-- | nixos/modules/system/boot/systemd.nix | 6 | ||||
| -rw-r--r-- | nixos/modules/tasks/network-interfaces-scripted.nix | 18 | ||||
| -rw-r--r-- | nixos/modules/tasks/network-interfaces.nix | 4 |
4 files changed, 22 insertions, 11 deletions
diff --git a/nixos/modules/services/networking/firewall.nix b/nixos/modules/services/networking/firewall.nix index 51e1679ce4d..b129727087a 100644 --- a/nixos/modules/services/networking/firewall.nix +++ b/nixos/modules/services/networking/firewall.nix @@ -458,8 +458,9 @@ in systemd.services.firewall = { description = "Firewall"; - wantedBy = [ "network.target" ]; - after = [ "network-interfaces.target" "systemd-modules-load.service" ]; + wantedBy = [ "network-pre.target" ]; + before = [ "network-pre.target" ]; + after = [ "systemd-modules-load.service" ]; path = [ pkgs.iptables ]; diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 80208c1525d..78fe8c49fb0 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -36,6 +36,7 @@ let "graphical.target" "multi-user.target" "network.target" + "network-pre.target" "network-online.target" "nss-lookup.target" "nss-user-lookup.target" @@ -947,6 +948,11 @@ in systemd.targets.network-online.after = [ "ip-up.target" ]; + systemd.targets.network-pre = { + wantedBy = [ "network.target" ]; + before = [ "network.target" ]; + }; + systemd.targets.remote-fs-pre = { wantedBy = [ "remote-fs.target" ]; before = [ "remote-fs.target" ]; diff --git a/nixos/modules/tasks/network-interfaces-scripted.nix b/nixos/modules/tasks/network-interfaces-scripted.nix index a994e44c6ec..316e2e33eec 100644 --- a/nixos/modules/tasks/network-interfaces-scripted.nix +++ b/nixos/modules/tasks/network-interfaces-scripted.nix @@ -54,7 +54,7 @@ in networkSetup = { description = "Networking Setup"; - after = [ "network-interfaces.target" ]; + after = [ "network-interfaces.target" "network-pre.target" ]; before = [ "network.target" ]; wantedBy = [ "network.target" ]; @@ -105,7 +105,7 @@ in wantedBy = [ "network-interfaces.target" ]; before = [ "network-interfaces.target" ]; bindsTo = [ (subsystemDevice i.name) ]; - after = [ (subsystemDevice i.name) ]; + after = [ (subsystemDevice i.name) "network-pre.target" ]; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; path = [ pkgs.iproute ]; @@ -155,7 +155,7 @@ in createTunDevice = i: nameValuePair "${i.name}-netdev" { description = "Virtual Network Interface ${i.name}"; requires = [ "dev-net-tun.device" ]; - after = [ "dev-net-tun.device" ]; + after = [ "dev-net-tun.device" "network-pre.target" ]; wantedBy = [ "network.target" (subsystemDevice i.name) ]; before = [ "network-interfaces.target" (subsystemDevice i.name) ]; path = [ pkgs.iproute ]; @@ -180,7 +180,8 @@ in { description = "Bridge Interface ${n}"; wantedBy = [ "network.target" (subsystemDevice n) ]; bindsTo = deps; - after = deps ++ concatMap (i: [ "network-addresses-${i}.service" "network-link-${i}.service" ]) v.interfaces; + after = [ "network-pre.target" ] ++ deps + ++ concatMap (i: [ "network-addresses-${i}.service" "network-link-${i}.service" ]) v.interfaces; before = [ "network-interfaces.target" (subsystemDevice n) ]; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; @@ -214,7 +215,8 @@ in { description = "Bond Interface ${n}"; wantedBy = [ "network.target" (subsystemDevice n) ]; bindsTo = deps; - after = deps ++ concatMap (i: [ "network-addresses-${i}.service" "network-link-${i}.service" ]) v.interfaces; + after = [ "network-pre.target" ] ++ deps + ++ concatMap (i: [ "network-addresses-${i}.service" "network-link-${i}.service" ]) v.interfaces; before = [ "network-interfaces.target" (subsystemDevice n) ]; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; @@ -250,7 +252,7 @@ in { description = "Vlan Interface ${n}"; wantedBy = [ "network.target" (subsystemDevice n) ]; bindsTo = deps; - after = deps; + after = [ "network-pre.target" ] ++ deps; before = [ "network-interfaces.target" (subsystemDevice n) ]; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; @@ -274,7 +276,7 @@ in { description = "6-to-4 Tunnel Interface ${n}"; wantedBy = [ "network.target" (subsystemDevice n) ]; bindsTo = deps; - after = deps; + after = [ "network-pre.target" ] ++ deps; before = [ "network-interfaces.target" (subsystemDevice n) ]; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; @@ -301,7 +303,7 @@ in { description = "Vlan Interface ${n}"; wantedBy = [ "network.target" (subsystemDevice n) ]; bindsTo = deps; - after = deps; + after = [ "network-pre.target" ] ++ deps; before = [ "network-interfaces.target" (subsystemDevice n) ]; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index e4b200ed534..9c6c71a1dbb 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -669,6 +669,7 @@ in { description = "All Network Interfaces"; wantedBy = [ "network.target" ]; before = [ "network.target" ]; + after = [ "network-pre.target" ]; unitConfig.X-StopOnReconfiguration = true; }; @@ -677,6 +678,7 @@ in description = "Extra networking commands."; before = [ "network.target" ]; wantedBy = [ "network.target" ]; + after = [ "network-pre.target" ]; unitConfig.ConditionCapability = "CAP_NET_ADMIN"; path = [ pkgs.iproute ]; serviceConfig.Type = "oneshot"; @@ -692,7 +694,7 @@ in wantedBy = [ "network-interfaces.target" ]; before = [ "network-interfaces.target" ]; bindsTo = [ (subsystemDevice i.name) ]; - after = [ (subsystemDevice i.name) ]; + after = [ (subsystemDevice i.name) "network-pre.target" ]; path = [ pkgs.iproute ]; serviceConfig = { Type = "oneshot"; |