nixos: Add network-pre.target and adjust firewall start ordering

This commit is contained in:
William A. Kennington III 2014-12-01 17:19:06 -08:00
parent 2b06a92c2a
commit 8a94c06595
4 changed files with 22 additions and 11 deletions

View file

@ -458,8 +458,9 @@ in
systemd.services.firewall = { systemd.services.firewall = {
description = "Firewall"; description = "Firewall";
wantedBy = [ "network.target" ]; wantedBy = [ "network-pre.target" ];
after = [ "network-interfaces.target" "systemd-modules-load.service" ]; before = [ "network-pre.target" ];
after = [ "systemd-modules-load.service" ];
path = [ pkgs.iptables ]; path = [ pkgs.iptables ];

View file

@ -36,6 +36,7 @@ let
"graphical.target" "graphical.target"
"multi-user.target" "multi-user.target"
"network.target" "network.target"
"network-pre.target"
"network-online.target" "network-online.target"
"nss-lookup.target" "nss-lookup.target"
"nss-user-lookup.target" "nss-user-lookup.target"
@ -947,6 +948,11 @@ in
systemd.targets.network-online.after = [ "ip-up.target" ]; systemd.targets.network-online.after = [ "ip-up.target" ];
systemd.targets.network-pre = {
wantedBy = [ "network.target" ];
before = [ "network.target" ];
};
systemd.targets.remote-fs-pre = { systemd.targets.remote-fs-pre = {
wantedBy = [ "remote-fs.target" ]; wantedBy = [ "remote-fs.target" ];
before = [ "remote-fs.target" ]; before = [ "remote-fs.target" ];

View file

@ -54,7 +54,7 @@ in
networkSetup = networkSetup =
{ description = "Networking Setup"; { description = "Networking Setup";
after = [ "network-interfaces.target" ]; after = [ "network-interfaces.target" "network-pre.target" ];
before = [ "network.target" ]; before = [ "network.target" ];
wantedBy = [ "network.target" ]; wantedBy = [ "network.target" ];
@ -105,7 +105,7 @@ in
wantedBy = [ "network-interfaces.target" ]; wantedBy = [ "network-interfaces.target" ];
before = [ "network-interfaces.target" ]; before = [ "network-interfaces.target" ];
bindsTo = [ (subsystemDevice i.name) ]; bindsTo = [ (subsystemDevice i.name) ];
after = [ (subsystemDevice i.name) ]; after = [ (subsystemDevice i.name) "network-pre.target" ];
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true; serviceConfig.RemainAfterExit = true;
path = [ pkgs.iproute ]; path = [ pkgs.iproute ];
@ -155,7 +155,7 @@ in
createTunDevice = i: nameValuePair "${i.name}-netdev" createTunDevice = i: nameValuePair "${i.name}-netdev"
{ description = "Virtual Network Interface ${i.name}"; { description = "Virtual Network Interface ${i.name}";
requires = [ "dev-net-tun.device" ]; requires = [ "dev-net-tun.device" ];
after = [ "dev-net-tun.device" ]; after = [ "dev-net-tun.device" "network-pre.target" ];
wantedBy = [ "network.target" (subsystemDevice i.name) ]; wantedBy = [ "network.target" (subsystemDevice i.name) ];
before = [ "network-interfaces.target" (subsystemDevice i.name) ]; before = [ "network-interfaces.target" (subsystemDevice i.name) ];
path = [ pkgs.iproute ]; path = [ pkgs.iproute ];
@ -180,7 +180,8 @@ in
{ description = "Bridge Interface ${n}"; { description = "Bridge Interface ${n}";
wantedBy = [ "network.target" (subsystemDevice n) ]; wantedBy = [ "network.target" (subsystemDevice n) ];
bindsTo = deps; bindsTo = deps;
after = deps ++ concatMap (i: [ "network-addresses-${i}.service" "network-link-${i}.service" ]) v.interfaces; after = [ "network-pre.target" ] ++ deps
++ concatMap (i: [ "network-addresses-${i}.service" "network-link-${i}.service" ]) v.interfaces;
before = [ "network-interfaces.target" (subsystemDevice n) ]; before = [ "network-interfaces.target" (subsystemDevice n) ];
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true; serviceConfig.RemainAfterExit = true;
@ -214,7 +215,8 @@ in
{ description = "Bond Interface ${n}"; { description = "Bond Interface ${n}";
wantedBy = [ "network.target" (subsystemDevice n) ]; wantedBy = [ "network.target" (subsystemDevice n) ];
bindsTo = deps; bindsTo = deps;
after = deps ++ concatMap (i: [ "network-addresses-${i}.service" "network-link-${i}.service" ]) v.interfaces; after = [ "network-pre.target" ] ++ deps
++ concatMap (i: [ "network-addresses-${i}.service" "network-link-${i}.service" ]) v.interfaces;
before = [ "network-interfaces.target" (subsystemDevice n) ]; before = [ "network-interfaces.target" (subsystemDevice n) ];
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true; serviceConfig.RemainAfterExit = true;
@ -250,7 +252,7 @@ in
{ description = "Vlan Interface ${n}"; { description = "Vlan Interface ${n}";
wantedBy = [ "network.target" (subsystemDevice n) ]; wantedBy = [ "network.target" (subsystemDevice n) ];
bindsTo = deps; bindsTo = deps;
after = deps; after = [ "network-pre.target" ] ++ deps;
before = [ "network-interfaces.target" (subsystemDevice n) ]; before = [ "network-interfaces.target" (subsystemDevice n) ];
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true; serviceConfig.RemainAfterExit = true;
@ -274,7 +276,7 @@ in
{ description = "6-to-4 Tunnel Interface ${n}"; { description = "6-to-4 Tunnel Interface ${n}";
wantedBy = [ "network.target" (subsystemDevice n) ]; wantedBy = [ "network.target" (subsystemDevice n) ];
bindsTo = deps; bindsTo = deps;
after = deps; after = [ "network-pre.target" ] ++ deps;
before = [ "network-interfaces.target" (subsystemDevice n) ]; before = [ "network-interfaces.target" (subsystemDevice n) ];
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true; serviceConfig.RemainAfterExit = true;
@ -301,7 +303,7 @@ in
{ description = "Vlan Interface ${n}"; { description = "Vlan Interface ${n}";
wantedBy = [ "network.target" (subsystemDevice n) ]; wantedBy = [ "network.target" (subsystemDevice n) ];
bindsTo = deps; bindsTo = deps;
after = deps; after = [ "network-pre.target" ] ++ deps;
before = [ "network-interfaces.target" (subsystemDevice n) ]; before = [ "network-interfaces.target" (subsystemDevice n) ];
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true; serviceConfig.RemainAfterExit = true;

View file

@ -669,6 +669,7 @@ in
{ description = "All Network Interfaces"; { description = "All Network Interfaces";
wantedBy = [ "network.target" ]; wantedBy = [ "network.target" ];
before = [ "network.target" ]; before = [ "network.target" ];
after = [ "network-pre.target" ];
unitConfig.X-StopOnReconfiguration = true; unitConfig.X-StopOnReconfiguration = true;
}; };
@ -677,6 +678,7 @@ in
description = "Extra networking commands."; description = "Extra networking commands.";
before = [ "network.target" ]; before = [ "network.target" ];
wantedBy = [ "network.target" ]; wantedBy = [ "network.target" ];
after = [ "network-pre.target" ];
unitConfig.ConditionCapability = "CAP_NET_ADMIN"; unitConfig.ConditionCapability = "CAP_NET_ADMIN";
path = [ pkgs.iproute ]; path = [ pkgs.iproute ];
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
@ -692,7 +694,7 @@ in
wantedBy = [ "network-interfaces.target" ]; wantedBy = [ "network-interfaces.target" ];
before = [ "network-interfaces.target" ]; before = [ "network-interfaces.target" ];
bindsTo = [ (subsystemDevice i.name) ]; bindsTo = [ (subsystemDevice i.name) ];
after = [ (subsystemDevice i.name) ]; after = [ (subsystemDevice i.name) "network-pre.target" ];
path = [ pkgs.iproute ]; path = [ pkgs.iproute ];
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";