15coreos-network: Add new unit to remove firstboot networking config

We would like to mount `/boot` read-only in the real root, so add a
new unit in 15coreos-network to temporarily mount /boot rw and clean
up firstboot networking configuration files late in the initramfs.
Remove the current 15-coreos-firstboot-network.conf since it would
not work once `/boot` is mounted ro.

xref coreos#659

overlay.d/05core/usr/lib/dracut/modules.d/15coreos-network/coreos-cleanup-firstboot-network.service

@@ -0,0 +1,20 @@
+# This unit will run late in the initrd process and clean up firstboot
+# networking config files if the user copied them into the installed
+# system (most likely by using `coreos-installer install --copy-network`).
+# We want to make sure the firstboot networking config files in /boot are
+# cleaned up only after Ignition completed successfully. 
+
+[Unit]
+Description=CoreOS Clean Up Firstboot Networking Config
+OnFailure=emergency.target
+OnFailureJobMode=isolate
+
+After=ignition-files.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/sbin/coreos-cleanup-firstboot-network
+RemainAfterExit=no
+# MountFlags=slave is so the umount of /boot is guaranteed to happen.
+# /boot will only be mounted for the lifetime of the unit.
+MountFlags=slave

overlay.d/05core/usr/lib/dracut/modules.d/15coreos-network/coreos-cleanup-firstboot-network.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+set -euo pipefail
+
+# For a description of how this is used, see coreos-cleanup-firstboot-network.service
+
+bootmnt=/mnt/boot_partition
+bootdev=/dev/disk/by-label/boot
+firstboot_network_dir_basename="coreos-firstboot-network"
+initramfs_firstboot_network_dir="${bootmnt}/${firstboot_network_dir_basename}"
+
+# Mount /boot. Note that we mount /boot but we don't unmount it because we
+# are run in a systemd unit with MountFlags=slave so it is unmounted for us.
+mount -o rw ${bootdev} ${bootmnt}
+
+if [ -n "$(ls -A ${initramfs_firstboot_network_dir} 2>/dev/null)" ]; then
+    rm -r ${initramfs_firstboot_network_dir}
+else
+    echo "info: no firstboot networking config files to clean from /boot. skipping"
+fi

overlay.d/05core/usr/lib/dracut/modules.d/15coreos-network/coreos-copy-firstboot-network.sh

@@ -26,10 +26,6 @@ if [ -n "$(ls -A ${initramfs_firstboot_network_dir} 2>/dev/null)" ]; then
     echo "info: copying files from ${initramfs_firstboot_network_dir} to ${initramfs_network_dir}"
     mkdir -p ${initramfs_network_dir}
     cp -v ${initramfs_firstboot_network_dir}/* ${initramfs_network_dir}/
-    # If we make it to the realroot (successfully ran ignition) then
-    # clean up the files in the firstboot network dir
-    echo "R ${realroot_firstboot_network_dir} - - - - -" > \
-        /run/tmpfiles.d/15-coreos-firstboot-network.conf
 else
     echo "info: no files to copy from ${initramfs_firstboot_network_dir}. skipping"
 fi

overlay.d/05core/usr/lib/dracut/modules.d/15coreos-network/module-setup.sh

@@ -24,4 +24,9 @@ install() {
     inst_simple "$moddir/50-afterburn-network-kargs-default.conf" \
         "/usr/lib/systemd/system/afterburn-network-kargs.service.d/50-afterburn-network-kargs-default.conf"
 
+    inst_simple "$moddir/coreos-cleanup-firstboot-network.sh" \
+        "/usr/sbin/coreos-cleanup-firstboot-network"
+    install_and_enable_unit "coreos-cleanup-firstboot-network.service" \
+        "initrd.target"
+
 }