nixos/systemd: let systemd setup /etc/machine-id #327552
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
6.topic: nixos
jmbaur
force-pushed
the
systemd-machine-id
branch
from
f293383 to
6fd6364
Compare
If we let systemd setup /etc/machine-id, we get to use ConditionFirstBoot in systemd units and any other integrations related to systemd's detection of first boot. See machine-id(5).
jmbaur
force-pushed
the
systemd-machine-id
branch
from
6fd6364 to
2b982b9
Compare
|
@ofborg test systemd |
|
@ofborg test systemd-initrd-simple |
| @@ -125,14 +125,6 @@ ln -sfn "$systemConfig" /run/booted-system | |||
| @shell@ @postBootCommands@ | |||
|
|
|||
|
|
|||
| # Ensure systemd doesn't try to populate /etc, by forcing its first-boot | |||
There was a problem hiding this comment.
What are the consequences of this? Are there a bunch of other etc files it's going to try to create that we don't want it doing?
There was a problem hiding this comment.
AFAICT, the only difference is that /etc/machine-id is created by systemd instead of us. Doing a quick list of files under etc after boot on master and on this branch result in the exact same list of files:
vm-test-run-systemd> /etc
vm-test-run-systemd> /etc/.clean
vm-test-run-systemd> /etc/.updated
vm-test-run-systemd> /etc/NIXOS
vm-test-run-systemd> /etc/X11
vm-test-run-systemd> /etc/X11/xorg.conf.d
vm-test-run-systemd> /etc/X11/xorg.conf.d/00-keyboard.conf
vm-test-run-systemd> /etc/X11/xorg.conf.d/10-evdev.conf
vm-test-run-systemd> /etc/X11/xorg.conf.d/40-libinput.conf
vm-test-run-systemd> /etc/bashrc
vm-test-run-systemd> /etc/binfmt.d
vm-test-run-systemd> /etc/binfmt.d/nixos.conf
vm-test-run-systemd> /etc/dbus-1
vm-test-run-systemd> /etc/default
vm-test-run-systemd> /etc/default/useradd
vm-test-run-systemd> /etc/dhcpcd.conf
vm-test-run-systemd> /etc/fonts
vm-test-run-systemd> /etc/fstab
vm-test-run-systemd> /etc/fuse.conf
vm-test-run-systemd> /etc/group
vm-test-run-systemd> /etc/host.conf
vm-test-run-systemd> /etc/hostname
vm-test-run-systemd> /etc/hosts
vm-test-run-systemd> /etc/inputrc
vm-test-run-systemd> /etc/issue
vm-test-run-systemd> /etc/kbd
vm-test-run-systemd> /etc/lightdm
vm-test-run-systemd> /etc/lightdm/lightdm-gtk-greeter.conf
vm-test-run-systemd> /etc/lightdm/lightdm.conf
vm-test-run-systemd> /etc/lightdm/users.conf
vm-test-run-systemd> /etc/locale.conf
vm-test-run-systemd> /etc/login.defs
vm-test-run-systemd> /etc/lsb-release
vm-test-run-systemd> /etc/lvm
vm-test-run-systemd> /etc/lvm/lvm.conf
vm-test-run-systemd> /etc/machine-id
vm-test-run-systemd> /etc/man_db.conf
vm-test-run-systemd> /etc/modprobe.d
vm-test-run-systemd> /etc/modprobe.d/debian.conf
vm-test-run-systemd> /etc/modprobe.d/firmware.conf
vm-test-run-systemd> /etc/modprobe.d/nixos.conf
vm-test-run-systemd> /etc/modprobe.d/systemd.conf
vm-test-run-systemd> /etc/modprobe.d/ubuntu.conf
vm-test-run-systemd> /etc/modules-load.d
vm-test-run-systemd> /etc/modules-load.d/nixos.conf
vm-test-run-systemd> /etc/mtab
vm-test-run-systemd> /etc/nanorc
vm-test-run-systemd> /etc/netgroup
vm-test-run-systemd> /etc/nix
vm-test-run-systemd> /etc/nix/nix.conf
vm-test-run-systemd> /etc/nix/registry.json
vm-test-run-systemd> /etc/nixos
vm-test-run-systemd> /etc/nscd.conf
vm-test-run-systemd> /etc/nsswitch.conf
vm-test-run-systemd> /etc/os-release
vm-test-run-systemd> /etc/pam
vm-test-run-systemd> /etc/pam.d
vm-test-run-systemd> /etc/pam.d/chfn
vm-test-run-systemd> /etc/pam.d/chpasswd
vm-test-run-systemd> /etc/pam.d/chsh
vm-test-run-systemd> /etc/pam.d/groupadd
vm-test-run-systemd> /etc/pam.d/groupdel
vm-test-run-systemd> /etc/pam.d/groupmems
vm-test-run-systemd> /etc/pam.d/groupmod
vm-test-run-systemd> /etc/pam.d/i3lock
vm-test-run-systemd> /etc/pam.d/i3lock-color
vm-test-run-systemd> /etc/pam.d/lightdm
vm-test-run-systemd> /etc/pam.d/lightdm-autologin
vm-test-run-systemd> /etc/pam.d/lightdm-greeter
vm-test-run-systemd> /etc/pam.d/login
vm-test-run-systemd> /etc/pam.d/other
vm-test-run-systemd> /etc/pam.d/passwd
vm-test-run-systemd> /etc/pam.d/polkit-1
vm-test-run-systemd> /etc/pam.d/runuser
vm-test-run-systemd> /etc/pam.d/runuser-l
vm-test-run-systemd> /etc/pam.d/su
vm-test-run-systemd> /etc/pam.d/sudo
vm-test-run-systemd> /etc/pam.d/systemd-user
vm-test-run-systemd> /etc/pam.d/useradd
vm-test-run-systemd> /etc/pam.d/userdel
vm-test-run-systemd> /etc/pam.d/usermod
vm-test-run-systemd> /etc/pam.d/vlock
vm-test-run-systemd> /etc/pam.d/xlock
vm-test-run-systemd> /etc/pam.d/xscreensaver
vm-test-run-systemd> /etc/pam/environment
vm-test-run-systemd> /etc/passwd
vm-test-run-systemd> /etc/pki
vm-test-run-systemd> /etc/pki/tls
vm-test-run-systemd> /etc/pki/tls/certs
vm-test-run-systemd> /etc/pki/tls/certs/ca-bundle.crt
vm-test-run-systemd> /etc/polkit-1
vm-test-run-systemd> /etc/polkit-1/rules.d
vm-test-run-systemd> /etc/polkit-1/rules.d/10-nixos.rules
vm-test-run-systemd> /etc/profile
vm-test-run-systemd> /etc/protocols
vm-test-run-systemd> /etc/resolv.conf
vm-test-run-systemd> /etc/resolvconf.conf
vm-test-run-systemd> /etc/rpc
vm-test-run-systemd> /etc/services
vm-test-run-systemd> /etc/set-environment
vm-test-run-systemd> /etc/shadow
vm-test-run-systemd> /etc/shells
vm-test-run-systemd> /etc/ssh
vm-test-run-systemd> /etc/ssh/ssh_config
vm-test-run-systemd> /etc/ssh/ssh_known_hosts
vm-test-run-systemd> /etc/ssl
vm-test-run-systemd> /etc/ssl/certs
vm-test-run-systemd> /etc/ssl/certs/ca-bundle.crt
vm-test-run-systemd> /etc/ssl/certs/ca-certificates.crt
vm-test-run-systemd> /etc/ssl/trust-source
vm-test-run-systemd> /etc/static
vm-test-run-systemd> /etc/subgid
vm-test-run-systemd> /etc/subuid
vm-test-run-systemd> /etc/sudoers
vm-test-run-systemd> /etc/sysctl.d
vm-test-run-systemd> /etc/sysctl.d/50-coredump.conf
vm-test-run-systemd> /etc/sysctl.d/50-default.conf
vm-test-run-systemd> /etc/sysctl.d/60-nixos.conf
vm-test-run-systemd> /etc/systemd
vm-test-run-systemd> /etc/systemd/coredump.conf
vm-test-run-systemd> /etc/systemd/journald.conf
vm-test-run-systemd> /etc/systemd/logind.conf
vm-test-run-systemd> /etc/systemd/network
vm-test-run-systemd> /etc/systemd/network/40-eth1.link
vm-test-run-systemd> /etc/systemd/oomd.conf
vm-test-run-systemd> /etc/systemd/sleep.conf
vm-test-run-systemd> /etc/systemd/system
vm-test-run-systemd> /etc/systemd/system-generators
vm-test-run-systemd> /etc/systemd/system-shutdown
vm-test-run-systemd> /etc/systemd/system.conf
vm-test-run-systemd> /etc/systemd/user
vm-test-run-systemd> /etc/systemd/user-generators
vm-test-run-systemd> /etc/systemd/user.conf
vm-test-run-systemd> /etc/terminfo
vm-test-run-systemd> /etc/tmpfiles.d
vm-test-run-systemd> /etc/tmpfiles.d/00-nixos.conf
vm-test-run-systemd> /etc/tmpfiles.d/graphics-driver.conf
vm-test-run-systemd> /etc/tmpfiles.d/home.conf
vm-test-run-systemd> /etc/tmpfiles.d/journal-nocow.conf
vm-test-run-systemd> /etc/tmpfiles.d/lvm2.conf
vm-test-run-systemd> /etc/tmpfiles.d/nix-daemon.conf
vm-test-run-systemd> /etc/tmpfiles.d/portables.conf
vm-test-run-systemd> /etc/tmpfiles.d/static-nodes-permissions.conf
vm-test-run-systemd> /etc/tmpfiles.d/systemd-nologin.conf
vm-test-run-systemd> /etc/tmpfiles.d/systemd-nspawn.conf
vm-test-run-systemd> /etc/tmpfiles.d/systemd-tmp.conf
vm-test-run-systemd> /etc/tmpfiles.d/systemd.conf
vm-test-run-systemd> /etc/tmpfiles.d/tmp.conf
vm-test-run-systemd> /etc/tmpfiles.d/var.conf
vm-test-run-systemd> /etc/tmpfiles.d/x11.conf
vm-test-run-systemd> /etc/udev
vm-test-run-systemd> /etc/udev/hwdb.bin
vm-test-run-systemd> /etc/udev/rules.d
vm-test-run-systemd> /etc/vconsole.conf
vm-test-run-systemd> /etc/zoneinfo
There was a problem hiding this comment.
And a quick run that inspects the contents of the files don't appear to differ meaningfully either.
A check on master:
vm-test-run-systemd> machine: must succeed: find /etc -type f -exec sh -c 'echo {} && cat {}' \;
vm-test-run-systemd> /etc/.clean
vm-test-run-systemd> sudoers
vm-test-run-systemd> /etc/shadow
vm-test-run-systemd> nixbld20:!:1::::::
vm-test-run-systemd> nixbld1:!:1::::::
vm-test-run-systemd> nixbld9:!:1::::::
vm-test-run-systemd> nixbld24:!:1::::::
vm-test-run-systemd> messagebus:!:1::::::
vm-test-run-systemd> nixbld16:!:1::::::
vm-test-run-systemd> nixbld12:!:1::::::
vm-test-run-systemd> nixbld13:!:1::::::
vm-test-run-systemd> nixbld11:!:1::::::
vm-test-run-systemd> systemd-oom:!:1::::::
vm-test-run-systemd> polkituser:!:1::::::
vm-test-run-systemd> nixbld19:!:1::::::
vm-test-run-systemd> nixbld4:!:1::::::
vm-test-run-systemd> nixbld6:!:1::::::
vm-test-run-systemd> nixbld30:!:1::::::
vm-test-run-systemd> nixbld27:!:1::::::
vm-test-run-systemd> nixbld28:!:1::::::
vm-test-run-systemd> nixbld25:!:1::::::
vm-test-run-systemd> lightdm:!:1::::::
vm-test-run-systemd> bob:$6$uH1EbpXz$B2wpWy.IR4cmgV.mIihMUl66L.HjMzj7MTPuf8FtO9ZvOVwzBVaKLAPcEdKeVrDJjPw6zxzGn/eg1InxqZ8lI/:1::::::
vm-test-run-systemd> nixbld7:!:1::::::
vm-test-run-systemd> nixbld5:!:1::::::
vm-test-run-systemd> nixbld18:!:1::::::
vm-test-run-systemd> nixbld3:!:1::::::
vm-test-run-systemd> dhcpcd:!:1::::::
vm-test-run-systemd> nixbld15:!:1::::::
vm-test-run-systemd> nixbld17:!:1::::::
vm-test-run-systemd> root::1::::::
vm-test-run-systemd> nixbld8:!:1::::::
vm-test-run-systemd> nixbld32:!:1::::::
vm-test-run-systemd> nixbld29:!:1::::::
vm-test-run-systemd> nixbld21:!:1::::::
vm-test-run-systemd> nscd:!:1::::::
vm-test-run-systemd> nixbld23:!:1::::::
vm-test-run-systemd> systemd-resolve:!:1::::::
vm-test-run-systemd> systemd-coredump:!:1::::::
vm-test-run-systemd> nixbld22:!:1::::::
vm-test-run-systemd> nixbld26:!:1::::::
vm-test-run-systemd> nixbld31:!:1::::::
vm-test-run-systemd> alice:$6$Chf6QRwS$VDolJFiDWYO7uz01EPVOK1fNfx1gK2Uz26CRxRogxbPFxsFI57t73yCm0TFRDpUMaBk3tqno3e7YUJkMRBi4D/:1::::::
vm-test-run-systemd> systemd-network:!:1::::::
vm-test-run-systemd> nixbld2:!:1::::::
vm-test-run-systemd> nixbld14:!:1::::::
vm-test-run-systemd> nobody:!:1::::::
vm-test-run-systemd> nixbld10:!:1::::::
vm-test-run-systemd> /etc/group
vm-test-run-systemd> root:x:0:
vm-test-run-systemd> wheel:x:1:
vm-test-run-systemd> kmem:x:2:
vm-test-run-systemd> tty:x:3:
vm-test-run-systemd> messagebus:x:4:
vm-test-run-systemd> disk:x:6:
vm-test-run-systemd> audio:x:17:
vm-test-run-systemd> floppy:x:18:
vm-test-run-systemd> uucp:x:19:
vm-test-run-systemd> lp:x:20:
vm-test-run-systemd> cdrom:x:24:
vm-test-run-systemd> tape:x:25:
vm-test-run-systemd> video:x:26:
vm-test-run-systemd> dialout:x:27:
vm-test-run-systemd> utmp:x:29:
vm-test-run-systemd> adm:x:55:
vm-test-run-systemd> systemd-journal:x:62:
vm-test-run-systemd> lightdm:x:78:
vm-test-run-systemd> keys:x:96:
vm-test-run-systemd> users:x:100:
vm-test-run-systemd> systemd-network:x:152:
vm-test-run-systemd> systemd-resolve:x:153:
vm-test-run-systemd> input:x:174:
vm-test-run-systemd> kvm:x:302:
vm-test-run-systemd> render:x:303:
vm-test-run-systemd> sgx:x:304:
vm-test-run-systemd> shadow:x:318:
vm-test-run-systemd> systemd-oom:x:995:
vm-test-run-systemd> systemd-coredump:x:996:
vm-test-run-systemd> polkituser:x:997:
vm-test-run-systemd> nscd:x:998:
vm-test-run-systemd> dhcpcd:x:999:
vm-test-run-systemd> nixbld:x:30000:nixbld1,nixbld10,nixbld11,nixbld12,nixbld13,nixbld14,nixbld15,nixbld16,nixbld17,nixbld18,nixbld19,nixbld2,nixbld20,nixbld21,nixbld22,nixbld23,nixbld24,nixbld25,nixbld26,nixbld27,nixbld28,nixbld29,nixbld3,nixbld30,nixbld31,nixbld32,nixbld4,nixbld5,nixbld6,nixbld7,nixbld8,nixbld9
vm-test-run-systemd> nogroup:x:65534:
vm-test-run-systemd> /etc/passwd
vm-test-run-systemd> root:x:0:0:System administrator:/root:/run/current-system/sw/bin/bash
vm-test-run-systemd> messagebus:x:4:4:D-Bus system message bus daemon user:/run/dbus:/run/current-system/sw/bin/nologin
vm-test-run-systemd> polkituser:x:28:997:PolKit daemon:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> lightdm:x:78:78::/var/lib/lightdm:/run/current-system/sw/bin/nologin
vm-test-run-systemd> systemd-coredump:x:151:996::/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> systemd-network:x:152:152::/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> systemd-resolve:x:153:153::/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> systemd-oom:x:997:995:systemd-oomd service user:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nscd:x:998:998::/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> dhcpcd:x:999:999::/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> alice:x:1000:100:Alice Foobar:/home/alice:/run/current-system/sw/bin/bash
vm-test-run-systemd> bob:x:1001:100:Bob Foobar:/home/bob:/run/current-system/sw/bin/bash
vm-test-run-systemd> nixbld1:x:30001:30000:Nix build user 1:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld2:x:30002:30000:Nix build user 2:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld3:x:30003:30000:Nix build user 3:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld4:x:30004:30000:Nix build user 4:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld5:x:30005:30000:Nix build user 5:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld6:x:30006:30000:Nix build user 6:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld7:x:30007:30000:Nix build user 7:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld8:x:30008:30000:Nix build user 8:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld9:x:30009:30000:Nix build user 9:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld10:x:30010:30000:Nix build user 10:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld11:x:30011:30000:Nix build user 11:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld12:x:30012:30000:Nix build user 12:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld13:x:30013:30000:Nix build user 13:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld14:x:30014:30000:Nix build user 14:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld15:x:30015:30000:Nix build user 15:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld16:x:30016:30000:Nix build user 16:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld17:x:30017:30000:Nix build user 17:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld18:x:30018:30000:Nix build user 18:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld19:x:30019:30000:Nix build user 19:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld20:x:30020:30000:Nix build user 20:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld21:x:30021:30000:Nix build user 21:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld22:x:30022:30000:Nix build user 22:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld23:x:30023:30000:Nix build user 23:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld24:x:30024:30000:Nix build user 24:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld25:x:30025:30000:Nix build user 25:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld26:x:30026:30000:Nix build user 26:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld27:x:30027:30000:Nix build user 27:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld28:x:30028:30000:Nix build user 28:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld29:x:30029:30000:Nix build user 29:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld30:x:30030:30000:Nix build user 30:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld31:x:30031:30000:Nix build user 31:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld32:x:30032:30000:Nix build user 32:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nobody:x:65534:65534:Unprivileged account (don't use!):/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> /etc/subgid
vm-test-run-systemd> bob:100000:65536
vm-test-run-systemd> alice:165536:65536
vm-test-run-systemd> /etc/resolv.conf
vm-test-run-systemd> # Generated by resolvconf
vm-test-run-systemd> nameserver 10.0.2.3
vm-test-run-systemd> options edns0
vm-test-run-systemd> /etc/NIXOS
vm-test-run-systemd> /etc/subuid
vm-test-run-systemd> bob:100000:65536
vm-test-run-systemd> alice:165536:65536
vm-test-run-systemd> /etc/.updated
vm-test-run-systemd> # This file was created by systemd-update-done. Its only
vm-test-run-systemd> # purpose is to hold a timestamp of the time this directory
vm-test-run-systemd> # was updated. See man:systemd-update-done.service(8).
vm-test-run-systemd> TIMESTAMP_NSEC=1721117468456121518
vm-test-run-systemd> /etc/machine-id
vm-test-run-systemd> 90bd78773cdc43e1bd0b7cd0bddb70af
vm-test-run-systemd> /etc/sudoers
vm-test-run-systemd> # Don't edit this file. Set the NixOS options ‘security.sudo.configFile’
vm-test-run-systemd> # or ‘security.sudo.extraRules’ instead.
vm-test-run-systemd> root ALL=(ALL:ALL) SETENV: ALL
vm-test-run-systemd> %wheel ALL=(ALL:ALL) SETENV: ALL
vm-test-run-systemd> # extraConfig
vm-test-run-systemd> # Keep terminfo database for root and %wheel.
vm-test-run-systemd> Defaults:root,%wheel env_keep+=TERMINFO_DIRS
vm-test-run-systemd> Defaults:root,%wheel env_keep+=TERMINFO
and on this branch:
vm-test-run-systemd> machine: must succeed: find /etc -type f -exec sh -c 'echo {} && cat {}' \;
vm-test-run-systemd> /etc/.clean
vm-test-run-systemd> sudoers
vm-test-run-systemd> /etc/.updated
vm-test-run-systemd> # This file was created by systemd-update-done. Its only
vm-test-run-systemd> # purpose is to hold a timestamp of the time this directory
vm-test-run-systemd> # was updated. See man:systemd-update-done.service(8).
vm-test-run-systemd> TIMESTAMP_NSEC=1721117551472123551
vm-test-run-systemd> /etc/NIXOS
vm-test-run-systemd> /etc/subgid
vm-test-run-systemd> bob:100000:65536
vm-test-run-systemd> alice:165536:65536
vm-test-run-systemd> /etc/subuid
vm-test-run-systemd> bob:100000:65536
vm-test-run-systemd> alice:165536:65536
vm-test-run-systemd> /etc/resolv.conf
vm-test-run-systemd> # Generated by resolvconf
vm-test-run-systemd> nameserver 10.0.2.3
vm-test-run-systemd> options edns0
vm-test-run-systemd> /etc/machine-id
vm-test-run-systemd> d89cf4c761cc47f096a2e781050a65fb
vm-test-run-systemd> /etc/group
vm-test-run-systemd> root:x:0:
vm-test-run-systemd> wheel:x:1:
vm-test-run-systemd> kmem:x:2:
vm-test-run-systemd> tty:x:3:
vm-test-run-systemd> messagebus:x:4:
vm-test-run-systemd> disk:x:6:
vm-test-run-systemd> audio:x:17:
vm-test-run-systemd> floppy:x:18:
vm-test-run-systemd> uucp:x:19:
vm-test-run-systemd> lp:x:20:
vm-test-run-systemd> cdrom:x:24:
vm-test-run-systemd> tape:x:25:
vm-test-run-systemd> video:x:26:
vm-test-run-systemd> dialout:x:27:
vm-test-run-systemd> utmp:x:29:
vm-test-run-systemd> adm:x:55:
vm-test-run-systemd> systemd-journal:x:62:
vm-test-run-systemd> lightdm:x:78:
vm-test-run-systemd> keys:x:96:
vm-test-run-systemd> users:x:100:
vm-test-run-systemd> systemd-network:x:152:
vm-test-run-systemd> systemd-resolve:x:153:
vm-test-run-systemd> input:x:174:
vm-test-run-systemd> kvm:x:302:
vm-test-run-systemd> render:x:303:
vm-test-run-systemd> sgx:x:304:
vm-test-run-systemd> shadow:x:318:
vm-test-run-systemd> systemd-oom:x:995:
vm-test-run-systemd> systemd-coredump:x:996:
vm-test-run-systemd> polkituser:x:997:
vm-test-run-systemd> nscd:x:998:
vm-test-run-systemd> dhcpcd:x:999:
vm-test-run-systemd> nixbld:x:30000:nixbld1,nixbld10,nixbld11,nixbld12,nixbld13,nixbld14,nixbld15,nixbld16,nixbld17,nixbld18,nixbld19,nixbld2,nixbld20,nixbld21,nixbld22,nixbld23,nixbld24,nixbld25,nixbld26,nixbld27,nixbld28,nixbld29,nixbld3,nixbld30,nixbld31,nixbld32,nixbld4,nixbld5,nixbld6,nixbld7,nixbld8,nixbld9
vm-test-run-systemd> nogroup:x:65534:
vm-test-run-systemd> /etc/sudoers
vm-test-run-systemd> # Don't edit this file. Set the NixOS options ‘security.sudo.configFile’
vm-test-run-systemd> # or ‘security.sudo.extraRules’ instead.
vm-test-run-systemd> root ALL=(ALL:ALL) SETENV: ALL
vm-test-run-systemd> %wheel ALL=(ALL:ALL) SETENV: ALL
vm-test-run-systemd> # extraConfig
vm-test-run-systemd> # Keep terminfo database for root and %wheel.
vm-test-run-systemd> Defaults:root,%wheel env_keep+=TERMINFO_DIRS
vm-test-run-systemd> Defaults:root,%wheel env_keep+=TERMINFO
vm-test-run-systemd> /etc/passwd
vm-test-run-systemd> root:x:0:0:System administrator:/root:/run/current-system/sw/bin/bash
vm-test-run-systemd> messagebus:x:4:4:D-Bus system message bus daemon user:/run/dbus:/run/current-system/sw/bin/nologin
vm-test-run-systemd> polkituser:x:28:997:PolKit daemon:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> lightdm:x:78:78::/var/lib/lightdm:/run/current-system/sw/bin/nologin
vm-test-run-systemd> systemd-coredump:x:151:996::/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> systemd-network:x:152:152::/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> systemd-resolve:x:153:153::/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> systemd-oom:x:997:995:systemd-oomd service user:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nscd:x:998:998::/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> dhcpcd:x:999:999::/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> alice:x:1000:100:Alice Foobar:/home/alice:/run/current-system/sw/bin/bash
vm-test-run-systemd> bob:x:1001:100:Bob Foobar:/home/bob:/run/current-system/sw/bin/bash
vm-test-run-systemd> nixbld1:x:30001:30000:Nix build user 1:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld2:x:30002:30000:Nix build user 2:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld3:x:30003:30000:Nix build user 3:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld4:x:30004:30000:Nix build user 4:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld5:x:30005:30000:Nix build user 5:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld6:x:30006:30000:Nix build user 6:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld7:x:30007:30000:Nix build user 7:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld8:x:30008:30000:Nix build user 8:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld9:x:30009:30000:Nix build user 9:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld10:x:30010:30000:Nix build user 10:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld11:x:30011:30000:Nix build user 11:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld12:x:30012:30000:Nix build user 12:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld13:x:30013:30000:Nix build user 13:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld14:x:30014:30000:Nix build user 14:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld15:x:30015:30000:Nix build user 15:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld16:x:30016:30000:Nix build user 16:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld17:x:30017:30000:Nix build user 17:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld18:x:30018:30000:Nix build user 18:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld19:x:30019:30000:Nix build user 19:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld20:x:30020:30000:Nix build user 20:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld21:x:30021:30000:Nix build user 21:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld22:x:30022:30000:Nix build user 22:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld23:x:30023:30000:Nix build user 23:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld24:x:30024:30000:Nix build user 24:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld25:x:30025:30000:Nix build user 25:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld26:x:30026:30000:Nix build user 26:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld27:x:30027:30000:Nix build user 27:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld28:x:30028:30000:Nix build user 28:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld29:x:30029:30000:Nix build user 29:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld30:x:30030:30000:Nix build user 30:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld31:x:30031:30000:Nix build user 31:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nixbld32:x:30032:30000:Nix build user 32:/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> nobody:x:65534:65534:Unprivileged account (don't use!):/var/empty:/run/current-system/sw/bin/nologin
vm-test-run-systemd> /etc/shadow
vm-test-run-systemd> nixbld25:!:1::::::
vm-test-run-systemd> nixbld5:!:1::::::
vm-test-run-systemd> nixbld21:!:1::::::
vm-test-run-systemd> nixbld3:!:1::::::
vm-test-run-systemd> nixbld27:!:1::::::
vm-test-run-systemd> nixbld9:!:1::::::
vm-test-run-systemd> nixbld32:!:1::::::
vm-test-run-systemd> root::1::::::
vm-test-run-systemd> nixbld28:!:1::::::
vm-test-run-systemd> systemd-coredump:!:1::::::
vm-test-run-systemd> nixbld14:!:1::::::
vm-test-run-systemd> nixbld30:!:1::::::
vm-test-run-systemd> nixbld23:!:1::::::
vm-test-run-systemd> dhcpcd:!:1::::::
vm-test-run-systemd> nixbld13:!:1::::::
vm-test-run-systemd> messagebus:!:1::::::
vm-test-run-systemd> nixbld24:!:1::::::
vm-test-run-systemd> nixbld18:!:1::::::
vm-test-run-systemd> nixbld7:!:1::::::
vm-test-run-systemd> nixbld17:!:1::::::
vm-test-run-systemd> systemd-resolve:!:1::::::
vm-test-run-systemd> lightdm:!:1::::::
vm-test-run-systemd> nixbld11:!:1::::::
vm-test-run-systemd> nobody:!:1::::::
vm-test-run-systemd> nixbld15:!:1::::::
vm-test-run-systemd> bob:$6$1hhg2iQ6$sB3UNan8oKF9/ULCN6zB0f4B3F3vmRgbtCcyL2zqIEszleZxIN5uZ7Q0UyWUFcmGGQhVTbnceGXip2oRFQr791:1::::::
vm-test-run-systemd> nixbld4:!:1::::::
vm-test-run-systemd> nixbld10:!:1::::::
vm-test-run-systemd> nixbld12:!:1::::::
vm-test-run-systemd> nixbld1:!:1::::::
vm-test-run-systemd> nixbld26:!:1::::::
vm-test-run-systemd> systemd-network:!:1::::::
vm-test-run-systemd> systemd-oom:!:1::::::
vm-test-run-systemd> nixbld29:!:1::::::
vm-test-run-systemd> nscd:!:1::::::
vm-test-run-systemd> nixbld19:!:1::::::
vm-test-run-systemd> nixbld16:!:1::::::
vm-test-run-systemd> nixbld31:!:1::::::
vm-test-run-systemd> nixbld2:!:1::::::
vm-test-run-systemd> polkituser:!:1::::::
vm-test-run-systemd> nixbld6:!:1::::::
vm-test-run-systemd> alice:$6$8Z3Bz/rk$jkvZJg3t81JJDgBg8p3eX9fOFnWH4.M1RWAe9Bvkapa3S5K8ZaeyoY4OgLylGEWblz1Q5PBmLuYbBpy4dI5CN0:1::::::
vm-test-run-systemd> nixbld8:!:1::::::
vm-test-run-systemd> nixbld20:!:1::::::
vm-test-run-systemd> nixbld22:!:1::::::
There was a problem hiding this comment.
I think this is only used by systemd-firstboot.service. As long as we don't include this unit I think things change is fine
There was a problem hiding this comment.
Looks like we don't even build in firstboot by default: https://github.com/nixos/nixpkgs/blob/04b5c34ff31e123d196eaaf605570e606626ade9/pkgs/os-specific/linux/systemd/default.nix#L106. Should we add an assertion that firstboot is not enabled?
There was a problem hiding this comment.
The systemd(1) manager itself will initialize machine-id(5) and preset all units, enabling or disabling them according to the systemd.preset(5) settings.
So it sounds like we'll want to make sure there are no unintended side effects of unit presets, and that the system manager doesn't get confused / make bogus errors because of our readonly /etc/systemd/system directory.
There was a problem hiding this comment.
That's a good catch! I added another commit that ensures presets are not used, the entire point of presets wouldn't currently work with nixos anyways, as enabling and disabling units at runtime would attempt to modify read-only paths.
There was a problem hiding this comment.
gentle ping @ElvishJerricco
|
By the way I'm totally for the spirit of this PR. The least nixos specific
hacks the better. But the hack was added for a reason and I want to make
sure we don't break what the hack originally intended to fix
…On Tue, Jul 16, 2024, 11:42 Will Fancher ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In nixos/modules/system/boot/stage-2-init.sh
<#327552 (comment)>:
> @@ -125,14 +125,6 @@ ln -sfn "$systemConfig" /run/booted-system
@shell@ @postBootCommands@
-# Ensure systemd doesn't try to populate /etc, by forcing its first-boot
The systemd(1) <https://www.man7.org/linux/man-pages/man1/systemd.1.html>
manager itself will initialize machine-id(5)
<https://www.man7.org/linux/man-pages/man5/machine-id.5.html> and preset
all units, enabling or disabling them according to the systemd.preset(5)
<https://www.man7.org/linux/man-pages/man5/systemd.preset.5.html>
settings.
So it sounds like we'll want to make sure there are no unintended side
effects of unit presets, and that the system manager doesn't get confused /
make bogus errors because of our readonly /etc/systemd/system directory.
—
Reply to this email directly, view it on GitHub
<#327552 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAEZNIYM65WPDALFVVQXOHDZMTTJ5AVCNFSM6AAAAABK5YUZRKVHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMZDCNZZG42DCMZTGQ>
.
You are receiving this because your review was requested.Message ID:
***@***.***>
|
One of the main premises of NixOS is being able to declaratively specify the services enabled/running on a machine. Since systemd presets allow to bypass this this declarative nature, add a single preset with the highest priority (prefixed with "00") that makes systemd ignore all other presets.
Princemachiavelli
approved these changes
Sep 30, 2024
|
This LGTM. Thanks for adding this to the test! |
|
I see this message in the logs when running the nixos tests with an immutable overlay mounted on /etc. Not sure if this causes other issues at runtime. There are some messages about tmpfiles rules being ignored that might also be related. Should we do something extra in the case of immutable /etc? |
|
I think the solution here is to add an empty |
|
Seems related to systemd/systemd#14131 |
Probably okay for fixing the test, but systemd would generate a new machine-id on every boot, no? Also, the If the ConditionFirstBoot mechanism should work with an r/o /etc overlay, there must be an exception for |
Probably can also be done via |
13 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of changes
If we let systemd setup /etc/machine-id, we get to use ConditionFirstBoot in systemd units and any other integrations related to systemd's detection of first boot. See machine-id(5).
Things done
nix.conf? (See Nix manual)sandbox = relaxedsandbox = truenix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)Add a 👍 reaction to pull requests you find important.