about summary refs log tree commit diff
path: root/nixos/modules/system
diff options
context:
space:
mode:
authorWill Fancher <elvishjerricco@gmail.com>2023-10-03 00:28:50 -0700
committerJade Lovelace <software@lfcode.ca>2024-01-18 16:28:41 -0800
commit367d101073db523e88cbad02135ce3fd2b847b17 (patch)
tree0391b306b2ab804527162ac5668fff109a25e923 /nixos/modules/system
parent062be41387b9d571fdb96102a2e676944abefe0d (diff)
downloadnixlib-367d101073db523e88cbad02135ce3fd2b847b17.tar
nixlib-367d101073db523e88cbad02135ce3fd2b847b17.tar.gz
nixlib-367d101073db523e88cbad02135ce3fd2b847b17.tar.bz2
nixlib-367d101073db523e88cbad02135ce3fd2b847b17.tar.lz
nixlib-367d101073db523e88cbad02135ce3fd2b847b17.tar.xz
nixlib-367d101073db523e88cbad02135ce3fd2b847b17.tar.zst
nixlib-367d101073db523e88cbad02135ce3fd2b847b17.zip
nixos/systemd: assert After=network-online.target -> Wants=
This will catch broken services at the evaluation stage.
Diffstat (limited to 'nixos/modules/system')
-rw-r--r--nixos/modules/system/boot/systemd.nix45
1 files changed, 31 insertions, 14 deletions
diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix
index b02f615245d4..331ca5103ba6 100644
--- a/nixos/modules/system/boot/systemd.nix
+++ b/nixos/modules/system/boot/systemd.nix
@@ -451,20 +451,37 @@ in
         cfg.services
     );
 
-    assertions = concatLists (
-      mapAttrsToList
-        (name: service:
-          map (message: {
-            assertion = false;
-            inherit message;
-          }) (concatLists [
-            (optional ((builtins.elem "network-interfaces.target" service.after) || (builtins.elem "network-interfaces.target" service.wants))
-              "Service '${name}.service' is using the deprecated target network-interfaces.target, which no longer exists. Using network.target is recommended instead."
-            )
-          ])
-        )
-        cfg.services
-    );
+    assertions = let
+      mkOneAssert = typeStr: name: def: {
+        assertion = lib.elem "network-online.target" def.after -> lib.elem "network-online.target" (def.wants ++ def.requires ++ def.bindsTo);
+        message = "${name}.${typeStr} is ordered after 'network-online.target' but doesn't depend on it";
+      };
+      mkAsserts = typeStr: lib.mapAttrsToList (mkOneAssert typeStr);
+      mkMountAsserts = typeStr: map (m: mkOneAssert typeStr m.what m);
+    in mkMerge [
+      (concatLists (
+        mapAttrsToList
+          (name: service:
+            map (message: {
+              assertion = false;
+              inherit message;
+            }) (concatLists [
+              (optional ((builtins.elem "network-interfaces.target" service.after) || (builtins.elem "network-interfaces.target" service.wants))
+                "Service '${name}.service' is using the deprecated target network-interfaces.target, which no longer exists. Using network.target is recommended instead."
+              )
+            ])
+          )
+          cfg.services
+      ))
+      (mkAsserts "target" cfg.targets)
+      (mkAsserts "service" cfg.services)
+      (mkAsserts "socket" cfg.sockets)
+      (mkAsserts "timer" cfg.timers)
+      (mkAsserts "path" cfg.paths)
+      (mkMountAsserts "mount" cfg.mounts)
+      (mkMountAsserts "automount" cfg.automounts)
+      (mkAsserts "slice" cfg.slices)
+    ];
 
     system.build.units = cfg.units;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-13 10:35:41 +0000