gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

linger-users: allow disabling for bashless profile

Browse Source 
The linger-users systemd unit runs a Bash script.  To allow this to be
avoided for the bashless profile, provide an option to have NixOS not
manage lingering for any users.

To make this feasible, add the possibility for each individual user
account to not have its lingering configuration managed by NixOS at all,
and make this the default from 26.05.  In practice, this won't result in
a change of behaviour except for people who manually use `loginctl
enable-linger` commands to add lingering for some user accounts, then
rely on NixOS to disable lingering the next time the systemd units are
restarted.
This commit is contained in:
Adam Dinwoodie
2025-11-09 19:12:05 +00:00
parent 2130c0a63e
commit 531d3a9a45
3 changed files with 51 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/doc/manual/release-notes/rl-2511.section.md
View File

@@ -379,6 +379,8 @@ and [release notes for v18](https://goteleport.com/docs/changelog/#1800-070325).
- In all other cases, you'll need to set this option to `true` yourself.
- `boot.isNspawnContainer` being `true` implies [](#opt-boot.isContainer) being `true`.
- `users.users.*.linger` now defaults to `null` rather than `false`, meaning NixOS will not attempt to enable or disable lingering for that user account. In practice, this is unlikely to make a difference for most people, as new users are created without lingering configured, but it means users who use `loginctl` commands to manage lingering imperatively will not have their changes overridden by default. There is a new, related option, `users.manageLingering`, which can be used to prevent NixOS attempting to manage lingering entirely.
- Due to [deprecation of gnome-session X11 support](https://blogs.gnome.org/alatiera/2025/06/08/the-x11-session-removal/), `services.desktopManager.pantheon` now defaults to pantheon-wayland session. The X11 session has been removed, see [this issue](https://github.com/elementary/session-settings/issues/91) for details.
- `bcachefs` file systems will now use the out-of-tree module for supported kernels. The in-tree module has been removed, and users will need to switch to kernels that support the out-of-tree module.

60
nixos/modules/config/users-groups.nix
View File

@@ -11,6 +11,7 @@ let
any
attrNames
attrValues
boolToString
concatMap
concatMapStringsSep
concatStrings
@@ -43,6 +44,7 @@ let
stringLength
trace
types
versionOlder
xor
;
@@ -128,6 +130,10 @@ let
'';
userOpts =
let
# Pass state version through despite config being overwritten in the inner module
inherit (config.system) stateVersion;
in
{ name, config, ... }:
{
@@ -455,16 +461,22 @@ let
};
linger = mkOption {
type = types.bool;
default = false;
type = types.nullOr types.bool;
example = true;
default = if versionOlder stateVersion "26.11" then false else null;
defaultText = literalExpression "if lib.versionOlder config.system.stateVersion \"25.11\" then false else null";
description = ''
Whether to enable lingering for this user. If true, systemd user
units will start at boot, rather than starting at login and stopping
at logout. This is the declarative equivalent of running
`loginctl enable-linger` for this user.
Whether to enable or disable lingering for this user. Without
lingering, user units will not be started until the user logs in,
and may be stopped on logout depending on the settings in
`logind.conf`.
If false, user units will not be started until the user logs in, and
may be stopped on logout depending on the settings in `logind.conf`.
By default, NixOS will not manage lingering, new users will default
to not lingering, and you can change the linger setting using
`loginctl enable-linger` or `loginctl disable-linger`. Setting
this option to `true` or `false` is the declarative equivalent of
running `loginctl enable-linger` or `loginctl disable-linger`
respectively.
'';
};
};
@@ -708,6 +720,13 @@ in
'';
};
users.manageLingering = mkOption {
type = types.bool;
default = true;
description = "Whether to manage whether users linger or not.";
example = false;
};
users.users = mkOption {
default = { };
type = with types; attrsOf (submodule userOpts);
@@ -892,16 +911,17 @@ in
else
""; # keep around for backwards compatibility
systemd.services.linger-users = {
systemd.services.linger-users = lib.mkIf cfg.manageLingering {
wantedBy = [ "multi-user.target" ];
after = [ "systemd-logind.service" ];
requires = [ "systemd-logind.service" ];
script =
let
userPartition = lib.lists.partition (u: u.linger) (builtins.attrValues cfg.users);
lingeringUserNames = map (u: u.name) userPartition.right;
nonLingeringUserNames = map (u: u.name) userPartition.wrong;
lingeringUsers = filterAttrs (n: v: v.linger == true) cfg.users;
nonLingeringUsers = filterAttrs (n: v: v.linger == false) cfg.users;
lingeringUserNames = mapAttrsToList (n: v: v.name) lingeringUsers;
nonLingeringUserNames = mapAttrsToList (n: v: v.name) nonLingeringUsers;
in
''
${lib.strings.toShellVars { inherit lingeringUserNames nonLingeringUserNames; }}
@@ -1180,6 +1200,22 @@ in
users.groups.${user.name} = {};
'';
}
{
assertion = user.linger != null -> cfg.manageLingering;
message = ''
users.manageLingering is set to false, but
users.users.${user.name}.linger is configured.
If you want NixOS to manage whether user accounts linger or
not, you must set users.manageLingering to true. This is the
default setting.
If you do not want NixOS to manage whether user accounts linger
or not, you must set users.users.${user.name}.linger to null.
This is the default setting provided system.stateVersion is at
least "25.11".
'';
}
]
++ (map
(shell: {

1
nixos/modules/profiles/bashless.nix
View File

@@ -32,6 +32,7 @@
boot.kexec.enable = lib.mkDefault false;
# Relies on bash scripts
powerManagement.enable = lib.mkDefault false;
users.manageLingering = lib.mkDefault false;
# Relies on the gzip command which depends on bash
services.logrotate.enable = lib.mkDefault false;