The linger-users systemd unit runs a Bash script. To allow this to be
avoided for the bashless profile, provide an option to have NixOS not
manage lingering for any users.
To make this feasible, add the possibility for each individual user
account to not have its lingering configuration managed by NixOS at all,
and make this the default from 26.05. In practice, this won't result in
a change of behaviour except for people who manually use `loginctl
enable-linger` commands to add lingering for some user accounts, then
rely on NixOS to disable lingering the next time the systemd units are
restarted.
Infra is interested in deprecating the redirect over the domain apex
eventually, since it is just a redirect to channels.nixos.org, which
we can more reliably redistribute with a CDN.
The nixos.org domain currently offers no IPv6 due to issues we've had
with our DNS hoster. (cf. nixos/infra#873)
If systemd has recorded that a user should be lingering despite them not
having an account on the system, that record is removed. When that
happens, log for the sake of future debugging and investigations.
Suggested-By: Grimmauld <grimmauld@grimmauld.de>
Using systemd properties avoids the need for manually running mkdir and
cd commands, and helps systemd clean up properly when appropriate.
Suggested-By: Grimmauld <grimmauld@grimmauld.de>
If a user has configured a different systemd package,
linger-users.service should respect that and use the provided loginctl
executable rather than the one from the default nixpkgs package.
Running with systemd.enableStrictShellChecks with lingering users causes
failures due to parsing the output from `ls`. Rewrite the script to
avoid parsing ls, and instead rely on loginctl enable-linger and
disable-linger commands being idempotent and run them unconditionally.
This also fixes a bug where the systemd unit for adding and removing
lingering user configuration is only enabled if there are users
configured with lingering in the NixOS configuration. This means that
if a NixOS system is built with some lingering users, then the linger
configuration is removed from all those users, the script to disable
lingering won't be run, and those users will incorrectly continue to
have lingering enabled.
Fixes#418101.
These were done manually by me, either due to not matching the regexes in the previous ones, or because of nixf-diagnose, which I have as a pre-commit hook.
The commit 01e8f570c6 unpinned the
LLVM version, which led to building errors similar to this when
Scudo is used:
building the system configuration...
error: builder for '/nix/store/1f9z73haq6avvv19glifalfnmpw3gsbx-malloc-provider-scudo.drv' failed with exit code 1;
last 1 log lines:
> cp: cannot stat '/nix/store/s43991isxhvknqmk53q7pqmkdrfvj1p4-compiler-rt-libc-19.1.7/lib/linux/libclang_rt.scudo-x86_64.so': No such file or directory
For full logs, run:
nix log /nix/store/1f9z73haq6avvv19glifalfnmpw3gsbx-malloc-provider-scudo.drv
It seems in the new LLVM version the Scudo library was moved:
$ ls /nix/store/*-compiler-rt-libc-20.1.8/lib/linux/libclang_rt.scudo*
/nix/store/z98mwyi0w8f4kgk3rw6av946azh28hc9-compiler-rt-libc-20.1.8/lib/linux/libclang_rt.scudo_standalone_cxx-x86_64.a
/nix/store/z98mwyi0w8f4kgk3rw6av946azh28hc9-compiler-rt-libc-20.1.8/lib/linux/libclang_rt.scudo_standalone-x86_64.a
/nix/store/z98mwyi0w8f4kgk3rw6av946azh28hc9-compiler-rt-libc-20.1.8/lib/linux/libclang_rt.scudo_standalone-x86_64.so
This commit adjusts the library path.
Co-authored-by: CUB3D <callumthom11@gmail.com>
Prevent implicitly disabling a negative-sized ZRAM because disabling the
ZRAM should probably always be done by disabling the zrawmSwap.enable
option.
Fixes: cd1b48bc35 ("nixos: Add zram swap module")
adds `nixConf` (to generate `nix.conf` files) as a file format to
`lib.formats`, and uses it for serializing `nix.settings`.
this makes it easier to 'manually' serialize `nix.settings`, which is
relevant in e.g. safely handling sensitive values such as that of
`nix.settings.access-tokens`.
Signed-off-by: cinereal <cinereal@riseup.net>
Link compression libs directly.
- Clean up derivation
- Remove NIX_LDFLAGS which achieved nothing. Static compilation works
without it on master. It's unclear what this should've every achieved.
kbd doesn't link against audit.
- Build directly from source now instead of the preconfigured tarball
(avoids xz-style issues)
