Seeking Feedback on the Removal of "Scripted Initrd Networking" in NixOS

Hello NixOS community,

As part of our ongoing efforts to improve NixOS early code (initrd) with various contributors (systemd team, @ElvishJerricco notably!), we are considering the removal of the “scripted initrd networking” feature. This feature is currently deemed unmaintained and can already be effectively replaced by the “networkd initrd” feature utilizing the new systemd initrd functionality.

The primary motivation behind this proposed change is to enhance the overall maintainability and offer a modern “better by default” solution for networking in initrds. We understand that changes like these can impact users, and we want to make the transition as smooth as possible for everyone involved.

Before proceeding, we would like to gather valuable feedback from the community to ensure that the upcoming changes align with your needs and use cases. Your input is crucial in helping us draft comprehensive migration documents and provide the necessary resources to guide users through this transition.

What we’re seeking from you:

1. Use Cases: Please share your specific use cases where you currently rely on the “scripted initrd networking” feature. Understanding how you use this functionality will enable us to address potential challenges or missing features and create tailored migration resources.

2. Concerns: If you have any concerns about the removal of this feature, please voice them. We want to address any potential issues or hurdles that may arise during the transition.

3. Suggestions: Feel free to provide any suggestions or alternative approaches that you believe could enhance the migration process or offer improved solutions.

See nixos: drop scripted initrd networking by RaitoBezarius · Pull Request #287043 · NixOS/nixpkgs · GitHub for the draft removal PR.

About the systemd stage 1

@hexa drove work on bringing documentation on networkd in systemd-networkd - NixOS Wiki and most of those are reusable for your migration and can give you ideas on how to use this.

Most of the stage 1 options with networkd are exposed here: NixOS Search.

You can look in our NixOS tests to find some examples.

Perhaps in the category of suggestions, and something I think we can perhaps apply to similar deprecations more broadly as well:

In addition to collecting use-cases, collecting a list of documentation references that talk about the to-be-removed feature. Especially with the wiki migration underway, updating content there will help avoid new users copying the outdated methods and avoid stale content generally

I have no attachment to the scripted initrd networking, am using the networkd version on a couple systems, but I’m thinking about the removal process. Given the potential importance of this component, I think we need to consider an extended timeline for deprecation and removal.

I would suggest something like:

• Change the default for 24.05 to initrd networkd
• Mark scripted initrd network as deprecated in 24.11
• Completely remove after 24.11 branch off, meaning it’ll be gone in 25.05

I know this drags out the removal, but it gives plenty of time and data to validate that the replacement (networkd) is able to fulfill all the previous use cases while still giving people an ability to switch back while bugs are fixed or gaps are filled.

I’m a bigger fan of compressing one step (i.e. get done by 24.11) and moving the modules out of tree because it’s not realistic to expect anyone and everyone working in those areas will fix any use case out there.

Making things solid takes time and efforts, we are volunteers.

Use-Case: Use-case is unlocking encrypted ZFS via SSH on a server that requires tagged VLANs to be configured on the network already in initrd phase.

Correct me if I’m wrong, but this should work:

• VLAN support is added to the systemd initrd by nixos/network-interfaces-systemd: support `vlans`, `bridges` in systemd-initrd by Majiir · Pull Request #251290 · NixOS/nixpkgs · GitHub. Is anything else needed for your usecase?
• boot.initrd.network.ssh already checks if a systemd-initrd is being used and switches to a systemd service instead of scripts.

Once configured, SSHing and running systemd-tty-ask-password-agent will prompt for decryption credentials.

I’m not using VLANs, but everything else works for me.

I am running exactly that setup, and it’s why I wrote the VLANs PR.