Systemd netboot

[astro]

Description of changes

Allows the netboot module to work with boot.initrd.systemd.enable

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
  • sandbox = relaxed
  • sandbox = true
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 23.11 Release Notes (or backporting 23.05 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

Priorities

Add a 👍 reaction to pull requests you find important.

[NickCao]

Please take a look at #233707. Part of the boot failure is due to depends not being honored.

[astro]

Please take a look at #233707. Part of the boot failure is due to depends not being honored.

Note that this PR here is about netboot.nix, not qemu-vm.nix.

x-systemd.requires-mounts-for= was in my first attempt as well but it seemed optional in the end.

Prepending the overlayfs parameters with /sysroot is identical.

In the other PR I am missing ensuring the existence of the upperdir and workdir. overlayfs won't create them by itself but it insists on them being there.

[ElvishJerricco]

The point is that you're using depends wrong. It should be a list of stage 2 paths. NixOS is supposed to take care of prepending the stage 1 /sysroot / /mnt-root for you. This is for depends though, not the overlay mount options. What you've done will necessarily depend on /sysroot/sysroot/foo instead, once depends is implemented for systemd; which, I might add, it is not, so this misuse of depends isn't even doing anything.

[astro]

The point is that you're using depends wrong. It should be a list of stage 2 paths. NixOS is supposed to take care of prepending the stage 1 /sysroot / /mnt-root for you. This is for depends though, not the overlay mount options. What you've done will necessarily depend on /sysroot/sysroot/foo instead, once depends is implemented for systemd; which, I might add, it is not, so this misuse of depends isn't even doing anything.

@ElvishJerricco Right, depends doesn't need to be changed. I dropped that.

[lheckemann]

Could we continue testing with the scripted stage-1 (additionally)? I love that we're enabling use of systemd stage-1, but I'd not like if the scripted stage-1 bitrotted before being removed :)

[astro]

You're right, I dropped that change.

If you tell me where I could still add it as a separate test.

[lheckemann]

Maybe renaming extraConfig to extraMachineConfig and adding an extraSystemConfig argument which gets added to the modules list, then adding another test called uefiNetbootSystemd or something.

Or if you're in the mood for bigger refactors, making use of how the test thing is based on the module system nowadays, but I'm definitely fine for that not to happen now.

[lheckemann]

It's just occurred to me that this would probably break switching configs in the booted system, since /sysroot won't exist in stage-2. We should probably test this, and if my suspicion is correct, work out how to get around it (maybe an initrd-specific mount unit?)

[lheckemann]

#273642 related

[lheckemann]

systemd/systemd#30377 would also eliminate the need for the mkdir service, at least if there's a solution for "what root are the referenced dirs from".

[lheckemann]

Adrian Vovk has pointed out that if we mount the tmpfs under /run, it will be carried over from the initrd into the final system, which solves the config-switching problem. This sounds like a solid approach to me, and I'll be giving it a shot for my work on the ISO image.

[ElvishJerricco]

Why is this only needed for systemd stage 1? Why don't we need /mnt-root in the overlay's mount options for scripted stage 1? Why don't we need any boot.initrd.*Commands to do that mkdir for scripted stage 1?

[lheckemann]

Because stage-1-init.sh has specific support for

Adding the prefix to the overlay component directories

nixpkgs/nixos/modules/system/boot/stage-1-init.sh

Line 390 in 139f397

local optionsPrefixed="$( echo "$optionsFiltered" | sed -E 's#\<(lowerdir|upperdir|workdir)=#\1=/mnt-root#g' )"

and for creating the upper and work dirs if they don't exist

nixpkgs/nixos/modules/system/boot/stage-1-init.sh

Lines 396 to 402 in 139f397

	# Create backing directories for overlayfs
	if [ "$fsType" = overlay ]; then
	for i in upper work; do
	dir="$( echo "$optionsPrefixed" | grep -o "${i}dir=[^,]*" )"
	mkdir -m 0700 -p "${dir##*=}"
	done
	fi

[ElvishJerricco]

Now that #286176 is merged, we should just use that in this PR.

[astro]

Updated to just use #286176 which really works well!