nixos/udev: systemd initrd improvements

[dasJ]

First, add the builtin udev rules to /etc/udev/rules.d so they are used.
Then, add all networkd .link units to the initrd. This is done in the
old stage 1 as well so I assume this is needed even when networkd is not
used. I assume this is for things like changing the MAC address.

Also limit the number of udev/lib binaries that is put into the initrd
because the old initrd doesn't use all units either.

Description of changes

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 22.05 Release Notes (or backporting 21.11 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
  • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
• Fits CONTRIBUTING.md.

[arianvp]

Correct .link units are part of udev. Not networkd. This is also pointed out in the manpage systemd.link

…

On Sat, 30 Apr 2022, 14:20 Janne Heß, ***@***.***> wrote: @dasJ <https://github.com/dasJ> requested your review on: #171021 <#171021> nixos/udev: systemd initrd improvements. — Reply to this email directly, view it on GitHub <#171021 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAEZNI422ANJCAQ3ERV2KSDVHUQQPANCNFSM5UYJD4LQ> . You are receiving this because your review was requested.Message ID: ***@***.***>

[dasJ]

We'd probably have to move these to the network module if it exists because boot.initrd.systemd.contents doesn't merge directories so the derivation with the .link files would conflict with the one carrying the .network files :/

[ElvishJerricco]

I don't understand this. We don't have to do this in the old initrd, why should we have to with this one?

[arianvp]

I just don't think we did link files in the old initrd. i.e. predictible interface names were not used.

[arianvp]

But can't we use the initrd.systemd.units logic for this?

[ElvishJerricco]

@arianvp That would place units in /etc/systemd/system, not in /etc/systemd/network.

[arianvp]

ah yes; but we have similar logic in the networkd module in stage-2. Perhaps we want to copy that to stage-1 under initrd.systemd.network.links ? (https://search.nixos.org/options?channel=21.11&show=systemd.network.links&from=0&size=50&sort=relevance&type=packages&query=systemd.network.links)

[ElvishJerricco]

@arianvp see: #169116 :)

[arianvp]

So. we can keep this workaround for now; and then clean it up later once that PR is ready? Must just make sure to not forget.

[dasJ]

@ElvishJerricco we do this because the code was actually in the old stage 1 as well ;) It's not a new invention.
Old code:

nixpkgs/nixos/modules/system/boot/stage-1.nix

Lines 223 to 235 in b991bbd

	linkUnits = pkgs.runCommand "link-units" {
	allowedReferences = [ extraUtils ];
	preferLocalBuild = true;
	} (''
	mkdir -p $out
	cp -v ${udev}/lib/systemd/network/*.link $out/
	'' + (
	let
	links = filterAttrs (n: v: hasSuffix ".link" n) config.systemd.network.units;
	files = mapAttrsToList (n: v: "${v.unit}/${n}") links;
	in
	concatMapStringsSep "\n" (file: "cp -v ${file} $out/") files
	));

[ElvishJerricco]

Oh, heh cool. So yea, keep this, and revisit whenever we actually want to take that networkd patch seriously.