nixos: Add network-pre.target and adjust firewall start ordering
This commit is contained in:
parent
2b06a92c2a
commit
8a94c06595
4 changed files with 22 additions and 11 deletions
|
@ -458,8 +458,9 @@ in
|
||||||
|
|
||||||
systemd.services.firewall = {
|
systemd.services.firewall = {
|
||||||
description = "Firewall";
|
description = "Firewall";
|
||||||
wantedBy = [ "network.target" ];
|
wantedBy = [ "network-pre.target" ];
|
||||||
after = [ "network-interfaces.target" "systemd-modules-load.service" ];
|
before = [ "network-pre.target" ];
|
||||||
|
after = [ "systemd-modules-load.service" ];
|
||||||
|
|
||||||
path = [ pkgs.iptables ];
|
path = [ pkgs.iptables ];
|
||||||
|
|
||||||
|
|
|
@ -36,6 +36,7 @@ let
|
||||||
"graphical.target"
|
"graphical.target"
|
||||||
"multi-user.target"
|
"multi-user.target"
|
||||||
"network.target"
|
"network.target"
|
||||||
|
"network-pre.target"
|
||||||
"network-online.target"
|
"network-online.target"
|
||||||
"nss-lookup.target"
|
"nss-lookup.target"
|
||||||
"nss-user-lookup.target"
|
"nss-user-lookup.target"
|
||||||
|
@ -947,6 +948,11 @@ in
|
||||||
|
|
||||||
systemd.targets.network-online.after = [ "ip-up.target" ];
|
systemd.targets.network-online.after = [ "ip-up.target" ];
|
||||||
|
|
||||||
|
systemd.targets.network-pre = {
|
||||||
|
wantedBy = [ "network.target" ];
|
||||||
|
before = [ "network.target" ];
|
||||||
|
};
|
||||||
|
|
||||||
systemd.targets.remote-fs-pre = {
|
systemd.targets.remote-fs-pre = {
|
||||||
wantedBy = [ "remote-fs.target" ];
|
wantedBy = [ "remote-fs.target" ];
|
||||||
before = [ "remote-fs.target" ];
|
before = [ "remote-fs.target" ];
|
||||||
|
|
|
@ -54,7 +54,7 @@ in
|
||||||
networkSetup =
|
networkSetup =
|
||||||
{ description = "Networking Setup";
|
{ description = "Networking Setup";
|
||||||
|
|
||||||
after = [ "network-interfaces.target" ];
|
after = [ "network-interfaces.target" "network-pre.target" ];
|
||||||
before = [ "network.target" ];
|
before = [ "network.target" ];
|
||||||
wantedBy = [ "network.target" ];
|
wantedBy = [ "network.target" ];
|
||||||
|
|
||||||
|
@ -105,7 +105,7 @@ in
|
||||||
wantedBy = [ "network-interfaces.target" ];
|
wantedBy = [ "network-interfaces.target" ];
|
||||||
before = [ "network-interfaces.target" ];
|
before = [ "network-interfaces.target" ];
|
||||||
bindsTo = [ (subsystemDevice i.name) ];
|
bindsTo = [ (subsystemDevice i.name) ];
|
||||||
after = [ (subsystemDevice i.name) ];
|
after = [ (subsystemDevice i.name) "network-pre.target" ];
|
||||||
serviceConfig.Type = "oneshot";
|
serviceConfig.Type = "oneshot";
|
||||||
serviceConfig.RemainAfterExit = true;
|
serviceConfig.RemainAfterExit = true;
|
||||||
path = [ pkgs.iproute ];
|
path = [ pkgs.iproute ];
|
||||||
|
@ -155,7 +155,7 @@ in
|
||||||
createTunDevice = i: nameValuePair "${i.name}-netdev"
|
createTunDevice = i: nameValuePair "${i.name}-netdev"
|
||||||
{ description = "Virtual Network Interface ${i.name}";
|
{ description = "Virtual Network Interface ${i.name}";
|
||||||
requires = [ "dev-net-tun.device" ];
|
requires = [ "dev-net-tun.device" ];
|
||||||
after = [ "dev-net-tun.device" ];
|
after = [ "dev-net-tun.device" "network-pre.target" ];
|
||||||
wantedBy = [ "network.target" (subsystemDevice i.name) ];
|
wantedBy = [ "network.target" (subsystemDevice i.name) ];
|
||||||
before = [ "network-interfaces.target" (subsystemDevice i.name) ];
|
before = [ "network-interfaces.target" (subsystemDevice i.name) ];
|
||||||
path = [ pkgs.iproute ];
|
path = [ pkgs.iproute ];
|
||||||
|
@ -180,7 +180,8 @@ in
|
||||||
{ description = "Bridge Interface ${n}";
|
{ description = "Bridge Interface ${n}";
|
||||||
wantedBy = [ "network.target" (subsystemDevice n) ];
|
wantedBy = [ "network.target" (subsystemDevice n) ];
|
||||||
bindsTo = deps;
|
bindsTo = deps;
|
||||||
after = deps ++ concatMap (i: [ "network-addresses-${i}.service" "network-link-${i}.service" ]) v.interfaces;
|
after = [ "network-pre.target" ] ++ deps
|
||||||
|
++ concatMap (i: [ "network-addresses-${i}.service" "network-link-${i}.service" ]) v.interfaces;
|
||||||
before = [ "network-interfaces.target" (subsystemDevice n) ];
|
before = [ "network-interfaces.target" (subsystemDevice n) ];
|
||||||
serviceConfig.Type = "oneshot";
|
serviceConfig.Type = "oneshot";
|
||||||
serviceConfig.RemainAfterExit = true;
|
serviceConfig.RemainAfterExit = true;
|
||||||
|
@ -214,7 +215,8 @@ in
|
||||||
{ description = "Bond Interface ${n}";
|
{ description = "Bond Interface ${n}";
|
||||||
wantedBy = [ "network.target" (subsystemDevice n) ];
|
wantedBy = [ "network.target" (subsystemDevice n) ];
|
||||||
bindsTo = deps;
|
bindsTo = deps;
|
||||||
after = deps ++ concatMap (i: [ "network-addresses-${i}.service" "network-link-${i}.service" ]) v.interfaces;
|
after = [ "network-pre.target" ] ++ deps
|
||||||
|
++ concatMap (i: [ "network-addresses-${i}.service" "network-link-${i}.service" ]) v.interfaces;
|
||||||
before = [ "network-interfaces.target" (subsystemDevice n) ];
|
before = [ "network-interfaces.target" (subsystemDevice n) ];
|
||||||
serviceConfig.Type = "oneshot";
|
serviceConfig.Type = "oneshot";
|
||||||
serviceConfig.RemainAfterExit = true;
|
serviceConfig.RemainAfterExit = true;
|
||||||
|
@ -250,7 +252,7 @@ in
|
||||||
{ description = "Vlan Interface ${n}";
|
{ description = "Vlan Interface ${n}";
|
||||||
wantedBy = [ "network.target" (subsystemDevice n) ];
|
wantedBy = [ "network.target" (subsystemDevice n) ];
|
||||||
bindsTo = deps;
|
bindsTo = deps;
|
||||||
after = deps;
|
after = [ "network-pre.target" ] ++ deps;
|
||||||
before = [ "network-interfaces.target" (subsystemDevice n) ];
|
before = [ "network-interfaces.target" (subsystemDevice n) ];
|
||||||
serviceConfig.Type = "oneshot";
|
serviceConfig.Type = "oneshot";
|
||||||
serviceConfig.RemainAfterExit = true;
|
serviceConfig.RemainAfterExit = true;
|
||||||
|
@ -274,7 +276,7 @@ in
|
||||||
{ description = "6-to-4 Tunnel Interface ${n}";
|
{ description = "6-to-4 Tunnel Interface ${n}";
|
||||||
wantedBy = [ "network.target" (subsystemDevice n) ];
|
wantedBy = [ "network.target" (subsystemDevice n) ];
|
||||||
bindsTo = deps;
|
bindsTo = deps;
|
||||||
after = deps;
|
after = [ "network-pre.target" ] ++ deps;
|
||||||
before = [ "network-interfaces.target" (subsystemDevice n) ];
|
before = [ "network-interfaces.target" (subsystemDevice n) ];
|
||||||
serviceConfig.Type = "oneshot";
|
serviceConfig.Type = "oneshot";
|
||||||
serviceConfig.RemainAfterExit = true;
|
serviceConfig.RemainAfterExit = true;
|
||||||
|
@ -301,7 +303,7 @@ in
|
||||||
{ description = "Vlan Interface ${n}";
|
{ description = "Vlan Interface ${n}";
|
||||||
wantedBy = [ "network.target" (subsystemDevice n) ];
|
wantedBy = [ "network.target" (subsystemDevice n) ];
|
||||||
bindsTo = deps;
|
bindsTo = deps;
|
||||||
after = deps;
|
after = [ "network-pre.target" ] ++ deps;
|
||||||
before = [ "network-interfaces.target" (subsystemDevice n) ];
|
before = [ "network-interfaces.target" (subsystemDevice n) ];
|
||||||
serviceConfig.Type = "oneshot";
|
serviceConfig.Type = "oneshot";
|
||||||
serviceConfig.RemainAfterExit = true;
|
serviceConfig.RemainAfterExit = true;
|
||||||
|
|
|
@ -669,6 +669,7 @@ in
|
||||||
{ description = "All Network Interfaces";
|
{ description = "All Network Interfaces";
|
||||||
wantedBy = [ "network.target" ];
|
wantedBy = [ "network.target" ];
|
||||||
before = [ "network.target" ];
|
before = [ "network.target" ];
|
||||||
|
after = [ "network-pre.target" ];
|
||||||
unitConfig.X-StopOnReconfiguration = true;
|
unitConfig.X-StopOnReconfiguration = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -677,6 +678,7 @@ in
|
||||||
description = "Extra networking commands.";
|
description = "Extra networking commands.";
|
||||||
before = [ "network.target" ];
|
before = [ "network.target" ];
|
||||||
wantedBy = [ "network.target" ];
|
wantedBy = [ "network.target" ];
|
||||||
|
after = [ "network-pre.target" ];
|
||||||
unitConfig.ConditionCapability = "CAP_NET_ADMIN";
|
unitConfig.ConditionCapability = "CAP_NET_ADMIN";
|
||||||
path = [ pkgs.iproute ];
|
path = [ pkgs.iproute ];
|
||||||
serviceConfig.Type = "oneshot";
|
serviceConfig.Type = "oneshot";
|
||||||
|
@ -692,7 +694,7 @@ in
|
||||||
wantedBy = [ "network-interfaces.target" ];
|
wantedBy = [ "network-interfaces.target" ];
|
||||||
before = [ "network-interfaces.target" ];
|
before = [ "network-interfaces.target" ];
|
||||||
bindsTo = [ (subsystemDevice i.name) ];
|
bindsTo = [ (subsystemDevice i.name) ];
|
||||||
after = [ (subsystemDevice i.name) ];
|
after = [ (subsystemDevice i.name) "network-pre.target" ];
|
||||||
path = [ pkgs.iproute ];
|
path = [ pkgs.iproute ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "oneshot";
|
Type = "oneshot";
|
||||||
|
|
Loading…
Reference in a new issue