units/systemd-firstboot.service

#  SPDX-License-Identifier: LGPL-2.1-or-later
#
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.

[Unit]
Description=Initial Setup
Documentation=man:systemd-firstboot(1)

ConditionPathIsReadWrite=/etc
ConditionFirstBoot=yes

DefaultDependencies=no
# This service may need to write to the file system:
After=systemd-remount-fs.service
# Both systemd-sysusers and systemd-tmpfiles may create the root account
# (via factory files or credentials), obviating the need for us to do that:
After=systemd-sysusers.service systemd-tmpfiles-setup.service
# Let vconsole-setup do its setup before starting user interaction:
After=systemd-vconsole-setup.service
After=systemd-mute-console.socket

Wants=first-boot-complete.target
Before=first-boot-complete.target sysinit.target
Conflicts=shutdown.target
Before=shutdown.target

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=systemd-firstboot --prompt-locale --prompt-keymap-auto --prompt-timezone --prompt-root-password --mute-console=yes
StandardOutput=tty
StandardInput=tty
StandardError=tty
TTYReset=yes

# Optionally, pick up basic fields from credentials passed to the service
# manager. This is useful for importing this data from nspawn's
# --set-credential= switch.
ImportCredential=passwd.hashed-password.root
ImportCredential=passwd.plaintext-password.root
ImportCredential=passwd.shell.root
ImportCredential=firstboot.*
license: LGPL-2.1+ -> LGPL-2.1-or-later 2020-11-09 13:23:58 +09:00			`# SPDX-License-Identifier: LGPL-2.1-or-later`
Add SPDX license headers to unit files 2017-11-18 17:35:03 +01:00			`#`
firstboot: add new component to query basic system settings on first boot, or when creating OS images offline A new tool "systemd-firstboot" can be used either interactively on boot, where it will query basic locale, timezone, hostname, root password information and set it. Or it can be used non-interactively from the command line when prepareing disk images for booting. When used non-inertactively the tool can either copy settings from the host, or take settings on the command line. $ systemd-firstboot --root=/path/to/my/new/root --copy-locale --copy-root-password --hostname=waldi The tool will be automatically invoked (interactively) now on first boot if /etc is found unpopulated. This also creates the infrastructure for generators to be notified via an environment variable whether they are running on the first boot, or not. 2014-07-07 15:05:37 +02:00			`# This file is part of systemd.`
			`#`
			`# systemd is free software; you can redistribute it and/or modify it`
			`# under the terms of the GNU Lesser General Public License as published by`
			`# the Free Software Foundation; either version 2.1 of the License, or`
			`# (at your option) any later version.`

			`[Unit]`
firstboot: don't call this thing a "wizard" It isn't really, it's an initial setup tool, which is what GNOME calls their equivalent too. 2025-09-11 21:12:15 +02:00			`Description=Initial Setup`
systemd-firstboot.service: fix man page section Found with systemd-analyze verify. 2014-08-28 22:01:44 +02:00			`Documentation=man:systemd-firstboot(1)`
units: do more reordering of ordering config No functional change, just a cleanup to make the subsequent changes easier to see. This is a continuation of 9810e419425263bde86787bc21251f1ad3c35628 > The block is reordered and split to have: > 1. description + documentation > 2. (optionally) conditions > 3. all the dependencies The dependencies for shutdown.target are listed separately because they are the other deps are for startup, and shutdown.target only matter much later. 2022-09-15 15:54:18 +02:00
			`ConditionPathIsReadWrite=/etc`
			`ConditionFirstBoot=yes`

firstboot: add new component to query basic system settings on first boot, or when creating OS images offline A new tool "systemd-firstboot" can be used either interactively on boot, where it will query basic locale, timezone, hostname, root password information and set it. Or it can be used non-interactively from the command line when prepareing disk images for booting. When used non-inertactively the tool can either copy settings from the host, or take settings on the command line. $ systemd-firstboot --root=/path/to/my/new/root --copy-locale --copy-root-password --hostname=waldi The tool will be automatically invoked (interactively) now on first boot if /etc is found unpopulated. This also creates the infrastructure for generators to be notified via an environment variable whether they are running on the first boot, or not. 2014-07-07 15:05:37 +02:00			`DefaultDependencies=no`
units/systemd-firstboot: start the service after systemd-vconsole-setup.service This way, we don't start user interaction before (or while) the configured fonts are loading. Tweak the comments a bit while at it. 2023-07-12 15:51:07 +02:00			`# This service may need to write to the file system:`
			`After=systemd-remount-fs.service`
			`# Both systemd-sysusers and systemd-tmpfiles may create the root account`
			`# (via factory files or credentials), obviating the need for us to do that:`
			`After=systemd-sysusers.service systemd-tmpfiles-setup.service`
			`# Let vconsole-setup do its setup before starting user interaction:`
			`After=systemd-vconsole-setup.service`
firstboot: mute console while running on the console at boot Fixes: #34448 2025-09-16 09:27:07 +02:00			`After=systemd-mute-console.socket`
units/systemd-firstboot: start the service after systemd-vconsole-setup.service This way, we don't start user interaction before (or while) the configured fonts are loading. Tweak the comments a bit while at it. 2023-07-12 15:51:07 +02:00
units: order systemd-firstboot.service before first-boot-complete.target Make sure systemd-firstboot completes before reaching first-boot-complete.target and thus marking the first boot as completed. This way, it is guaranteed that systemd-firstboot has a chance to complete provisioning at least once, even in cases of the first boot getting aborted early. 2020-09-06 21:23:36 +02:00			`Wants=first-boot-complete.target`
firstboot: synchronously wait for systemd-vconsole-setup.service/restart job Requested in https://github.com/systemd/systemd/pull/27755#pullrequestreview-1443489520. I dropped the info message about the job being requested, because we get fairly verbose logs from starting the unit, and the additional message isn't useful. In the unit, the ordering before systemd-vconsole-setup.service is dropped, because now it needs to happen in parallel, while systemd-firstboot.service is running. This means that we may potentially execute vconsole-setup twice, but it's fairly quick, so this doesn't matter much. 2023-05-25 12:26:37 +02:00			`Before=first-boot-complete.target sysinit.target`
units: do more reordering of ordering config No functional change, just a cleanup to make the subsequent changes easier to see. This is a continuation of 9810e419425263bde86787bc21251f1ad3c35628 > The block is reordered and split to have: > 1. description + documentation > 2. (optionally) conditions > 3. all the dependencies The dependencies for shutdown.target are listed separately because they are the other deps are for startup, and shutdown.target only matter much later. 2022-09-15 15:54:18 +02:00			`Conflicts=shutdown.target`
			`Before=shutdown.target`
firstboot: add new component to query basic system settings on first boot, or when creating OS images offline A new tool "systemd-firstboot" can be used either interactively on boot, where it will query basic locale, timezone, hostname, root password information and set it. Or it can be used non-interactively from the command line when prepareing disk images for booting. When used non-inertactively the tool can either copy settings from the host, or take settings on the command line. $ systemd-firstboot --root=/path/to/my/new/root --copy-locale --copy-root-password --hostname=waldi The tool will be automatically invoked (interactively) now on first boot if /etc is found unpopulated. This also creates the infrastructure for generators to be notified via an environment variable whether they are running on the first boot, or not. 2014-07-07 15:05:37 +02:00
			`[Service]`
			`Type=oneshot`
			`RemainAfterExit=yes`
firstboot: optionally, don't query for keymap unless connected to a real VT The keymap only really matters if there's local access to a system, i.e. if there's actually a physical kbd directly connected to it, to apply it to. If during firstboot we are not talked to via a VT (but via SSH, container, or hypervisor console or so instead), then it's very unlikely we ever are. Hence, don't ask for a keymap, and let#s shortcut the questions asked at boot. 2025-09-19 15:42:32 +02:00			`ExecStart=systemd-firstboot --prompt-locale --prompt-keymap-auto --prompt-timezone --prompt-root-password --mute-console=yes`
firstboot: add new component to query basic system settings on first boot, or when creating OS images offline A new tool "systemd-firstboot" can be used either interactively on boot, where it will query basic locale, timezone, hostname, root password information and set it. Or it can be used non-interactively from the command line when prepareing disk images for booting. When used non-inertactively the tool can either copy settings from the host, or take settings on the command line. $ systemd-firstboot --root=/path/to/my/new/root --copy-locale --copy-root-password --hostname=waldi The tool will be automatically invoked (interactively) now on first boot if /etc is found unpopulated. This also creates the infrastructure for generators to be notified via an environment variable whether they are running on the first boot, or not. 2014-07-07 15:05:37 +02:00			`StandardOutput=tty`
			`StandardInput=tty`
			`StandardError=tty`
units: explicitly reset TTY before running stuff on console This adds TTYReset=yes to all units which run directly on the TTY. We already had this in place for the gettys, but this adds it for the rest that basically has StandardInput=tty + StandardOutput=tty set. Originally, for these tools it wasn't necessary to reset the TTY, because we after all already reset /dev/console very very early on once, during PID1's early initialization, and hence there's no real reason to do it again for these early boot services. But that's actually not right, because since #36666 the TTY we reset from PID 1 is typically /dev/console but the TTY those services are invoked on is typically the resolved version of that, i.e. wherever that points. Now you might think: if one is just an alias to the other, why does it matter to reset this again? Well, because it's only a half-assed alias, and as it turns out WIOCSWINSZ is not propagated from one to the other, i.e the terminal dimesions we initialize for /dev/console don't propagate to whatever that points to. One option to address that would be to immediately propagate this down ourselves (or to fix the kernel for it), but it felt safer to simply do the reset again before the use, after all these one one-off services, and there's no point in optimizing much here. Moreover, its probably safer to give the guarantee that when the firstboot stuff (which after all queries for pws to set) runs it definitely certainly guaranteed has a properly reset terminal. 2025-09-18 17:50:06 +02:00			`TTYReset=yes`
firstboot: allow provisioning of firstboot params via creds too 2021-03-11 11:47:57 +01:00
			`# Optionally, pick up basic fields from credentials passed to the service`
			`# manager. This is useful for importing this data from nspawn's`
			`# --set-credential= switch.`
units: Use ImportCredential= where applicable 2023-06-08 14:09:36 +02:00			`ImportCredential=passwd.hashed-password.root`
			`ImportCredential=passwd.plaintext-password.root`
			`ImportCredential=passwd.shell.root`
			`ImportCredential=firstboot.*`