systemd v250

nixos/doc/manual/release-notes/rl-2205.section.md

@@ -13,6 +13,8 @@ In addition to numerous new and upgraded packages, this release has the followin
 
 - PHP 8.1 is now available
 
+- Systemd has been upgraded to the version 250.
+
 ## New Services {#sec-release-22.05-new-services}
 
 - [aesmd](https://github.com/intel/linux-sgx#install-the-intelr-sgx-psw), the Intel SGX Architectural Enclave Service Manager. Available as [services.aesmd](#opt-services.aesmd.enable).
@@ -24,6 +26,21 @@ In addition to numerous new and upgraded packages, this release has the followin
 
 ## Backward Incompatibilities {#sec-release-22.05-incompatibilities}
 
+- Since systemd version 250 wireguard tunnels that are managed using networkd
+  will install routes for each of the `AllowedIPs` entries. This is in contrast
+  to the previous behaviour where routes had to be added manually.
+  To disable the new behaviour you must set the `RoutingTable=off` option in
+  the `WireGuard` section within each of your netdev definitions.
+  For example like this:
+  ```nix
+  {
+    systemd.network.netdev.my-wireguard-interface = {
+      wireguardConfig.RouteTable = "off";
+    };
+  }
+  ```
+-
+
 - `pkgs.ghc` now refers to `pkgs.targetPackages.haskellPackages.ghc`.
   This *only* makes a difference if you are cross-compiling and will
   ensure that `pkgs.ghc` always runs on the host platform and compiles

nixos/modules/system/boot/timesyncd.nix

@@ -60,15 +60,27 @@ with lib;
     };
     users.groups.systemd-timesync.gid = config.ids.gids.systemd-timesync;
 
-    system.activationScripts.systemd-timesyncd-migration = mkIf (versionOlder config.system.stateVersion "19.09") ''
+    system.activationScripts.systemd-timesyncd-migration =
       # workaround an issue of systemd-timesyncd not starting due to upstream systemd reverting their dynamic users changes
       #  - https://github.com/NixOS/nixpkgs/pull/61321#issuecomment-492423742
       #  - https://github.com/systemd/systemd/issues/12131
-      if [ -L /var/lib/systemd/timesync ]; then
-        rm /var/lib/systemd/timesync
-        mv /var/lib/private/systemd/timesync /var/lib/systemd/timesync
+      mkIf (versionOlder config.system.stateVersion "19.09") ''
+        if [ -L /var/lib/systemd/timesync ]; then
+          rm /var/lib/systemd/timesync
+          mv /var/lib/private/systemd/timesync /var/lib/systemd/timesync
+        fi
+      '';
+    system.activationScripts.systemd-timesyncd-init-clock =
+      # Ensure that we have some stored time to prevent systemd-timesyncd to
+      # resort back to the fallback time.
+      # If the file doesn't exist we assume that our current system clock is
+      # good enough to provide an initial value.
+      ''
+      if ! [ -f /var/lib/systemd/timesync/clock ]; then
+        test -d /var/lib/systemd/timesync || mkdir -p /var/lib/systemd/timesync
+        touch /var/lib/systemd/timesync/clock
       fi
-    '';
+      '';
   };
 
 }

pkgs/os-specific/linux/systemd/0001-Start-device-units-for-uninitialised-encrypted-devic.patch

@@ -1,7 +1,7 @@
-From d4ea219a35a09fe02bc9e47e8530644cb4fc4146 Mon Sep 17 00:00:00 2001
+From 8622539fe2ce67934ed2e60626a2303ef8191e40 Mon Sep 17 00:00:00 2001
 From: Eelco Dolstra <eelco.dolstra@logicblox.com>
 Date: Tue, 8 Jan 2013 15:46:30 +0100
-Subject: [PATCH 01/21] Start device units for uninitialised encrypted devices
+Subject: [PATCH 01/19] Start device units for uninitialised encrypted devices
 
 This is necessary because the NixOS service that initialises the
 filesystem depends on the appearance of the device unit.  Also, this
@@ -28,5 +28,5 @@ index 25b8a590a6..d18999ea87 100644
  SUBSYSTEM=="block", ENV{ID_PART_GPT_AUTO_ROOT}=="1", ENV{ID_FS_TYPE}!="crypto_LUKS", SYMLINK+="gpt-auto-root"
  SUBSYSTEM=="block", ENV{ID_PART_GPT_AUTO_ROOT}=="1", ENV{ID_FS_TYPE}=="crypto_LUKS", SYMLINK+="gpt-auto-root-luks"
 -- 
-2.33.0
+2.34.0
 

pkgs/os-specific/linux/systemd/0002-Don-t-try-to-unmount-nix-or-nix-store.patch

@@ -1,7 +1,7 @@
-From 67abd8f22f70d9348bc9d8e0e93dde4d325627ba Mon Sep 17 00:00:00 2001
+From a845786195182c376b72a85433e278c35243676d Mon Sep 17 00:00:00 2001
 From: Eelco Dolstra <eelco.dolstra@logicblox.com>
 Date: Fri, 12 Apr 2013 13:16:57 +0200
-Subject: [PATCH 02/21] Don't try to unmount /nix or /nix/store
+Subject: [PATCH 02/19] Don't try to unmount /nix or /nix/store
 
 They'll still be remounted read-only.
 
@@ -25,10 +25,10 @@ index f683f05981..5a04c2c2a6 100644
                          "/etc"))
                  return true;
 diff --git a/src/shutdown/umount.c b/src/shutdown/umount.c
-index c2a26242c0..9936398f32 100644
+index f5a2cb20c1..51608d24c0 100644
 --- a/src/shutdown/umount.c
 +++ b/src/shutdown/umount.c
-@@ -496,6 +496,8 @@ static int delete_md(MountPoint *m) {
+@@ -502,6 +502,8 @@ static int delete_md(MountPoint *m) {
 
  static bool nonunmountable_path(const char *path) {
          return path_equal(path, "/")
@@ -38,5 +38,5 @@ index c2a26242c0..9936398f32 100644
                  || path_equal(path, "/usr")
  #endif
 -- 
-2.33.0
+2.34.0
 

pkgs/os-specific/linux/systemd/0003-Fix-NixOS-containers.patch

@@ -1,7 +1,7 @@
-From 37c9471f59bd57223014a4a645b5f96a71d78787 Mon Sep 17 00:00:00 2001
+From d33f3461fa2202ef9b0d6cdf2137c510c59fb052 Mon Sep 17 00:00:00 2001
 From: Eelco Dolstra <eelco.dolstra@logicblox.com>
 Date: Wed, 16 Apr 2014 10:59:28 +0200
-Subject: [PATCH 03/21] Fix NixOS containers
+Subject: [PATCH 03/19] Fix NixOS containers
 
 In NixOS containers, the init script is bind-mounted into the
 container, so checking early whether it exists will fail.
@@ -10,18 +10,18 @@ container, so checking early whether it exists will fail.
  1 file changed, 2 insertions(+)
 
 diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
-index 575b9da447..438ca294db 100644
+index 8f17ab8810..197e5aa252 100644
 --- a/src/nspawn/nspawn.c
 +++ b/src/nspawn/nspawn.c
-@@ -5590,6 +5590,7 @@ static int run(int argc, char *argv[]) {
+@@ -5625,6 +5625,7 @@ static int run(int argc, char *argv[]) {
                                  goto finish;
                          }
                  } else {
 +#if 0
                          const char *p, *q;
 
                          if (arg_pivot_root_new)
-@@ -5604,6 +5605,7 @@ static int run(int argc, char *argv[]) {
+@@ -5639,6 +5640,7 @@ static int run(int argc, char *argv[]) {
                                  r = -EINVAL;
                                  goto finish;
                          }
@@ -30,5 +30,5 @@ index 575b9da447..438ca294db 100644
 
          } else {
 -- 
-2.33.0
+2.34.0
 

pkgs/os-specific/linux/systemd/0004-Look-for-fsck-in-the-right-place.patch

@@ -1,14 +1,14 @@
-From 987d6f94dac8e1a75615fd9ddcfb0eb1c2c4c349 Mon Sep 17 00:00:00 2001
+From 8fd5968163f3a1cb5f196d934756ba08ccaa5b1e Mon Sep 17 00:00:00 2001
 From: Eelco Dolstra <eelco.dolstra@logicblox.com>
 Date: Thu, 1 May 2014 14:10:10 +0200
-Subject: [PATCH 04/21] Look for fsck in the right place
+Subject: [PATCH 04/19] Look for fsck in the right place
 
 ---
  src/fsck/fsck.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/src/fsck/fsck.c b/src/fsck/fsck.c
-index cd7adfaeb9..68cebdd158 100644
+index 745d01ff50..dd4eef45c3 100644
 --- a/src/fsck/fsck.c
 +++ b/src/fsck/fsck.c
 @@ -368,7 +368,7 @@ static int run(int argc, char *argv[]) {
@@ -21,5 +21,5 @@ index cd7adfaeb9..68cebdd158 100644
                  cmdline[i++] = "-T";
 
 -- 
-2.33.0
+2.34.0
 

pkgs/os-specific/linux/systemd/0005-Add-some-NixOS-specific-unit-directories.patch

@@ -1,7 +1,7 @@
-From da4f855044b2babe052ce303cca1de736cf952cd Mon Sep 17 00:00:00 2001
+From 90d1a90d3147e9c8db5caec8befabda270e755d4 Mon Sep 17 00:00:00 2001
 From: Eelco Dolstra <eelco.dolstra@logicblox.com>
 Date: Fri, 19 Dec 2014 14:46:17 +0100
-Subject: [PATCH 05/21] Add some NixOS-specific unit directories
+Subject: [PATCH 05/19] Add some NixOS-specific unit directories
 
 Look in `/nix/var/nix/profiles/default/lib/systemd/{system,user}` for
 units provided by packages installed into the default profile via
@@ -14,10 +14,10 @@ Also, remove /usr and /lib as these don't exist on NixOS.
  2 files changed, 6 insertions(+), 19 deletions(-)
 
 diff --git a/src/basic/path-lookup.c b/src/basic/path-lookup.c
-index 05eb17d66c..1cd141d012 100644
+index 6fb8c40e7a..142ecdecec 100644
 --- a/src/basic/path-lookup.c
 +++ b/src/basic/path-lookup.c
-@@ -91,11 +91,7 @@ int xdg_user_data_dir(char **ret, const char *suffix) {
+@@ -92,11 +92,7 @@ int xdg_user_data_dir(char **ret, const char *suffix) {
  }
 
  static const char* const user_data_unit_paths[] = {
@@ -29,7 +29,7 @@ index 05eb17d66c..1cd141d012 100644
          NULL
  };
 
-@@ -613,15 +609,13 @@ int lookup_paths_init(
+@@ -614,15 +610,13 @@ int lookup_paths_init(
                                          persistent_config,
                                          SYSTEM_CONFIG_UNIT_DIR,
                                          "/etc/systemd/system",
@@ -46,7 +46,7 @@ index 05eb17d66c..1cd141d012 100644
                                          STRV_IFNOTNULL(generator_late));
                          break;
 
-@@ -637,14 +631,11 @@ int lookup_paths_init(
+@@ -638,14 +632,11 @@ int lookup_paths_init(
                                          persistent_config,
                                          USER_CONFIG_UNIT_DIR,
                                          "/etc/systemd/user",
@@ -62,23 +62,23 @@ index 05eb17d66c..1cd141d012 100644
                                          STRV_IFNOTNULL(generator_late));
                          break;
 
-@@ -794,7 +785,6 @@ char **generator_binary_paths(UnitFileScope scope) {
+@@ -795,7 +786,6 @@ char **generator_binary_paths(UnitFileScope scope) {
                  case UNIT_FILE_SYSTEM:
                          add = strv_new("/run/systemd/system-generators",
                                         "/etc/systemd/system-generators",
 -                                       "/usr/local/lib/systemd/system-generators",
                                         SYSTEM_GENERATOR_DIR);
                          break;
 
-@@ -802,7 +792,6 @@ char **generator_binary_paths(UnitFileScope scope) {
+@@ -803,7 +793,6 @@ char **generator_binary_paths(UnitFileScope scope) {
                  case UNIT_FILE_USER:
                          add = strv_new("/run/systemd/user-generators",
                                         "/etc/systemd/user-generators",
 -                                       "/usr/local/lib/systemd/user-generators",
                                         USER_GENERATOR_DIR);
                          break;
 
-@@ -841,12 +830,10 @@ char **env_generator_binary_paths(bool is_system) {
+@@ -842,12 +831,10 @@ char **env_generator_binary_paths(bool is_system) {
                  if (is_system)
                          add = strv_new("/run/systemd/system-environment-generators",
                                          "/etc/systemd/system-environment-generators",
@@ -122,5 +122,5 @@ index fc0f8c34fa..162432e77f 100644
 
  systemd_sleep_dir=${root_prefix}/lib/systemd/system-sleep
 -- 
-2.33.0
+2.34.0
 

pkgs/os-specific/linux/systemd/0006-Get-rid-of-a-useless-message-in-user-sessions.patch

@@ -1,7 +1,7 @@
-From c06abdb631527f56a626b739340d1b275349612c Mon Sep 17 00:00:00 2001
+From 213279752124dc4a57a4189df9b5b2e96feaa0b3 Mon Sep 17 00:00:00 2001
 From: Eelco Dolstra <eelco.dolstra@logicblox.com>
 Date: Mon, 11 May 2015 15:39:38 +0200
-Subject: [PATCH 06/21] Get rid of a useless message in user sessions
+Subject: [PATCH 06/19] Get rid of a useless message in user sessions
 
 Namely lots of variants of
 
@@ -13,10 +13,10 @@ in containers.
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/src/core/manager.c b/src/core/manager.c
-index 34891a8754..b9b4789720 100644
+index 9368a1dfa1..5b0bdb1bc7 100644
 --- a/src/core/manager.c
 +++ b/src/core/manager.c
-@@ -1375,7 +1375,8 @@ static unsigned manager_dispatch_stop_when_bound_queue(Manager *m) {
+@@ -1408,7 +1408,8 @@ static unsigned manager_dispatch_stop_when_bound_queue(Manager *m) {
                  if (!unit_is_bound_by_inactive(u, &culprit))
                          continue;
 
@@ -27,5 +27,5 @@ index 34891a8754..b9b4789720 100644
                  /* If stopping a unit fails continuously we might enter a stop loop here, hence stop acting on the
                   * service being unnecessary after a while. */
 -- 
-2.33.0
+2.34.0
 

pkgs/os-specific/linux/systemd/0007-hostnamed-localed-timedated-disable-methods-that-cha.patch

@@ -1,7 +1,7 @@
-From 207c69466cdd164c42ed1901deb06f57b12f4363 Mon Sep 17 00:00:00 2001
+From 14474d5e116609ce4fac60d779b08fa3eab840c3 Mon Sep 17 00:00:00 2001
 From: Gabriel Ebner <gebner@gebner.org>
 Date: Sun, 6 Dec 2015 14:26:36 +0100
-Subject: [PATCH 07/21] hostnamed, localed, timedated: disable methods that
+Subject: [PATCH 07/19] hostnamed, localed, timedated: disable methods that
  change system settings.
 
 ---
@@ -11,10 +11,10 @@ Subject: [PATCH 07/21] hostnamed, localed, timedated: disable methods that
  3 files changed, 25 insertions(+)
 
 diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c
-index 36702f2fb0..669257ea2f 100644
+index b20a93ad81..6292fca4fc 100644
 --- a/src/hostname/hostnamed.c
 +++ b/src/hostname/hostnamed.c
-@@ -797,6 +797,9 @@ static int method_set_static_hostname(sd_bus_message *m, void *userdata, sd_bus_
+@@ -813,6 +813,9 @@ static int method_set_static_hostname(sd_bus_message *m, void *userdata, sd_bus_
          if (r < 0)
                  return r;
 
@@ -24,7 +24,7 @@ index 36702f2fb0..669257ea2f 100644
          name = empty_to_null(name);
 
          context_read_etc_hostname(c);
-@@ -860,6 +863,9 @@ static int set_machine_info(Context *c, sd_bus_message *m, int prop, sd_bus_mess
+@@ -876,6 +879,9 @@ static int set_machine_info(Context *c, sd_bus_message *m, int prop, sd_bus_mess
          if (r < 0)
                  return r;
 
@@ -104,5 +104,5 @@ index 66b454269d..0a8fe25d0f 100644
          if (r < 0)
                  return r;
 -- 
-2.33.0
+2.34.0
 

pkgs/os-specific/linux/systemd/0008-Fix-hwdb-paths.patch

@@ -1,7 +1,7 @@
-From 3ca3855259c3015615983587063fa159cfa7e93c Mon Sep 17 00:00:00 2001
+From d668df39728c992ec0c691ef6e76664e7121f5bd Mon Sep 17 00:00:00 2001
 From: Nikolay Amiantov <ab@fmap.me>
 Date: Thu, 7 Jul 2016 02:47:13 +0300
-Subject: [PATCH 08/21] Fix hwdb paths
+Subject: [PATCH 08/19] Fix hwdb paths
 
 Patch by vcunat.
 ---
@@ -24,5 +24,5 @@ index 5ddc2211e6..ee621eec46 100644
 +        "/etc/udev/hwdb.bin\0"
 +
 -- 
-2.33.0
+2.34.0