nixos/systemd: let systemd setup /etc/machine-id #327552

ElvishJerricco · 2024-07-16T07:00:55Z

What are the consequences of this? Are there a bunch of other etc files it's going to try to create that we don't want it doing?

AFAICT, the only difference is that /etc/machine-id is created by systemd instead of us. Doing a quick list of files under etc after boot on master and on this branch result in the exact same list of files:

vm-test-run-systemd> /etc vm-test-run-systemd> /etc/.clean vm-test-run-systemd> /etc/.updated vm-test-run-systemd> /etc/NIXOS vm-test-run-systemd> /etc/X11 vm-test-run-systemd> /etc/X11/xorg.conf.d vm-test-run-systemd> /etc/X11/xorg.conf.d/00-keyboard.conf vm-test-run-systemd> /etc/X11/xorg.conf.d/10-evdev.conf vm-test-run-systemd> /etc/X11/xorg.conf.d/40-libinput.conf vm-test-run-systemd> /etc/bashrc vm-test-run-systemd> /etc/binfmt.d vm-test-run-systemd> /etc/binfmt.d/nixos.conf vm-test-run-systemd> /etc/dbus-1 vm-test-run-systemd> /etc/default vm-test-run-systemd> /etc/default/useradd vm-test-run-systemd> /etc/dhcpcd.conf vm-test-run-systemd> /etc/fonts vm-test-run-systemd> /etc/fstab vm-test-run-systemd> /etc/fuse.conf vm-test-run-systemd> /etc/group vm-test-run-systemd> /etc/host.conf vm-test-run-systemd> /etc/hostname vm-test-run-systemd> /etc/hosts vm-test-run-systemd> /etc/inputrc vm-test-run-systemd> /etc/issue vm-test-run-systemd> /etc/kbd vm-test-run-systemd> /etc/lightdm vm-test-run-systemd> /etc/lightdm/lightdm-gtk-greeter.conf vm-test-run-systemd> /etc/lightdm/lightdm.conf vm-test-run-systemd> /etc/lightdm/users.conf vm-test-run-systemd> /etc/locale.conf vm-test-run-systemd> /etc/login.defs vm-test-run-systemd> /etc/lsb-release vm-test-run-systemd> /etc/lvm vm-test-run-systemd> /etc/lvm/lvm.conf vm-test-run-systemd> /etc/machine-id vm-test-run-systemd> /etc/man_db.conf vm-test-run-systemd> /etc/modprobe.d vm-test-run-systemd> /etc/modprobe.d/debian.conf vm-test-run-systemd> /etc/modprobe.d/firmware.conf vm-test-run-systemd> /etc/modprobe.d/nixos.conf vm-test-run-systemd> /etc/modprobe.d/systemd.conf vm-test-run-systemd> /etc/modprobe.d/ubuntu.conf vm-test-run-systemd> /etc/modules-load.d vm-test-run-systemd> /etc/modules-load.d/nixos.conf vm-test-run-systemd> /etc/mtab vm-test-run-systemd> /etc/nanorc vm-test-run-systemd> /etc/netgroup vm-test-run-systemd> /etc/nix vm-test-run-systemd> /etc/nix/nix.conf vm-test-run-systemd> /etc/nix/registry.json vm-test-run-systemd> /etc/nixos vm-test-run-systemd> /etc/nscd.conf vm-test-run-systemd> /etc/nsswitch.conf vm-test-run-systemd> /etc/os-release vm-test-run-systemd> /etc/pam vm-test-run-systemd> /etc/pam.d vm-test-run-systemd> /etc/pam.d/chfn vm-test-run-systemd> /etc/pam.d/chpasswd vm-test-run-systemd> /etc/pam.d/chsh vm-test-run-systemd> /etc/pam.d/groupadd vm-test-run-systemd> /etc/pam.d/groupdel vm-test-run-systemd> /etc/pam.d/groupmems vm-test-run-systemd> /etc/pam.d/groupmod vm-test-run-systemd> /etc/pam.d/i3lock vm-test-run-systemd> /etc/pam.d/i3lock-color vm-test-run-systemd> /etc/pam.d/lightdm vm-test-run-systemd> /etc/pam.d/lightdm-autologin vm-test-run-systemd> /etc/pam.d/lightdm-greeter vm-test-run-systemd> /etc/pam.d/login vm-test-run-systemd> /etc/pam.d/other vm-test-run-systemd> /etc/pam.d/passwd vm-test-run-systemd> /etc/pam.d/polkit-1 vm-test-run-systemd> /etc/pam.d/runuser vm-test-run-systemd> /etc/pam.d/runuser-l vm-test-run-systemd> /etc/pam.d/su vm-test-run-systemd> /etc/pam.d/sudo vm-test-run-systemd> /etc/pam.d/systemd-user vm-test-run-systemd> /etc/pam.d/useradd vm-test-run-systemd> /etc/pam.d/userdel vm-test-run-systemd> /etc/pam.d/usermod vm-test-run-systemd> /etc/pam.d/vlock vm-test-run-systemd> /etc/pam.d/xlock vm-test-run-systemd> /etc/pam.d/xscreensaver vm-test-run-systemd> /etc/pam/environment vm-test-run-systemd> /etc/passwd vm-test-run-systemd> /etc/pki vm-test-run-systemd> /etc/pki/tls vm-test-run-systemd> /etc/pki/tls/certs vm-test-run-systemd> /etc/pki/tls/certs/ca-bundle.crt vm-test-run-systemd> /etc/polkit-1 vm-test-run-systemd> /etc/polkit-1/rules.d vm-test-run-systemd> /etc/polkit-1/rules.d/10-nixos.rules vm-test-run-systemd> /etc/profile vm-test-run-systemd> /etc/protocols vm-test-run-systemd> /etc/resolv.conf vm-test-run-systemd> /etc/resolvconf.conf vm-test-run-systemd> /etc/rpc vm-test-run-systemd> /etc/services vm-test-run-systemd> /etc/set-environment vm-test-run-systemd> /etc/shadow vm-test-run-systemd> /etc/shells vm-test-run-systemd> /etc/ssh vm-test-run-systemd> /etc/ssh/ssh_config vm-test-run-systemd> /etc/ssh/ssh_known_hosts vm-test-run-systemd> /etc/ssl vm-test-run-systemd> /etc/ssl/certs vm-test-run-systemd> /etc/ssl/certs/ca-bundle.crt vm-test-run-systemd> /etc/ssl/certs/ca-certificates.crt vm-test-run-systemd> /etc/ssl/trust-source vm-test-run-systemd> /etc/static vm-test-run-systemd> /etc/subgid vm-test-run-systemd> /etc/subuid vm-test-run-systemd> /etc/sudoers vm-test-run-systemd> /etc/sysctl.d vm-test-run-systemd> /etc/sysctl.d/50-coredump.conf vm-test-run-systemd> /etc/sysctl.d/50-default.conf vm-test-run-systemd> /etc/sysctl.d/60-nixos.conf vm-test-run-systemd> /etc/systemd vm-test-run-systemd> /etc/systemd/coredump.conf vm-test-run-systemd> /etc/systemd/journald.conf vm-test-run-systemd> /etc/systemd/logind.conf vm-test-run-systemd> /etc/systemd/network vm-test-run-systemd> /etc/systemd/network/40-eth1.link vm-test-run-systemd> /etc/systemd/oomd.conf vm-test-run-systemd> /etc/systemd/sleep.conf vm-test-run-systemd> /etc/systemd/system vm-test-run-systemd> /etc/systemd/system-generators vm-test-run-systemd> /etc/systemd/system-shutdown vm-test-run-systemd> /etc/systemd/system.conf vm-test-run-systemd> /etc/systemd/user vm-test-run-systemd> /etc/systemd/user-generators vm-test-run-systemd> /etc/systemd/user.conf vm-test-run-systemd> /etc/terminfo vm-test-run-systemd> /etc/tmpfiles.d vm-test-run-systemd> /etc/tmpfiles.d/00-nixos.conf vm-test-run-systemd> /etc/tmpfiles.d/graphics-driver.conf vm-test-run-systemd> /etc/tmpfiles.d/home.conf vm-test-run-systemd> /etc/tmpfiles.d/journal-nocow.conf vm-test-run-systemd> /etc/tmpfiles.d/lvm2.conf vm-test-run-systemd> /etc/tmpfiles.d/nix-daemon.conf vm-test-run-systemd> /etc/tmpfiles.d/portables.conf vm-test-run-systemd> /etc/tmpfiles.d/static-nodes-permissions.conf vm-test-run-systemd> /etc/tmpfiles.d/systemd-nologin.conf vm-test-run-systemd> /etc/tmpfiles.d/systemd-nspawn.conf vm-test-run-systemd> /etc/tmpfiles.d/systemd-tmp.conf vm-test-run-systemd> /etc/tmpfiles.d/systemd.conf vm-test-run-systemd> /etc/tmpfiles.d/tmp.conf vm-test-run-systemd> /etc/tmpfiles.d/var.conf vm-test-run-systemd> /etc/tmpfiles.d/x11.conf vm-test-run-systemd> /etc/udev vm-test-run-systemd> /etc/udev/hwdb.bin vm-test-run-systemd> /etc/udev/rules.d vm-test-run-systemd> /etc/vconsole.conf vm-test-run-systemd> /etc/zoneinfo

And a quick run that inspects the contents of the files don't appear to differ meaningfully either.

A check on master:

vm-test-run-systemd> machine: must succeed: find /etc -type f -exec sh -c 'echo {} && cat {}' \; vm-test-run-systemd> /etc/.clean vm-test-run-systemd> sudoers vm-test-run-systemd> /etc/shadow vm-test-run-systemd> nixbld20:!:1:::::: vm-test-run-systemd> nixbld1:!:1:::::: vm-test-run-systemd> nixbld9:!:1:::::: vm-test-run-systemd> nixbld24:!:1:::::: vm-test-run-systemd> messagebus:!:1:::::: vm-test-run-systemd> nixbld16:!:1:::::: vm-test-run-systemd> nixbld12:!:1:::::: vm-test-run-systemd> nixbld13:!:1:::::: vm-test-run-systemd> nixbld11:!:1:::::: vm-test-run-systemd> systemd-oom:!:1:::::: vm-test-run-systemd> polkituser:!:1:::::: vm-test-run-systemd> nixbld19:!:1:::::: vm-test-run-systemd> nixbld4:!:1:::::: vm-test-run-systemd> nixbld6:!:1:::::: vm-test-run-systemd> nixbld30:!:1:::::: vm-test-run-systemd> nixbld27:!:1:::::: vm-test-run-systemd> nixbld28:!:1:::::: vm-test-run-systemd> nixbld25:!:1:::::: vm-test-run-systemd> lightdm:!:1:::::: vm-test-run-systemd> bob:$6$uH1EbpXz$B2wpWy.IR4cmgV.mIihMUl66L.HjMzj7MTPuf8FtO9ZvOVwzBVaKLAPcEdKeVrDJjPw6zxzGn/eg1InxqZ8lI/:1:::::: vm-test-run-systemd> nixbld7:!:1:::::: vm-test-run-systemd> nixbld5:!:1:::::: vm-test-run-systemd> nixbld18:!:1:::::: vm-test-run-systemd> nixbld3:!:1:::::: vm-test-run-systemd> dhcpcd:!:1:::::: vm-test-run-systemd> nixbld15:!:1:::::: vm-test-run-systemd> nixbld17:!:1:::::: vm-test-run-systemd> root::1:::::: vm-test-run-systemd> nixbld8:!:1:::::: vm-test-run-systemd> nixbld32:!:1:::::: vm-test-run-systemd> nixbld29:!:1:::::: vm-test-run-systemd> nixbld21:!:1:::::: vm-test-run-systemd> nscd:!:1:::::: vm-test-run-systemd> nixbld23:!:1:::::: vm-test-run-systemd> systemd-resolve:!:1:::::: vm-test-run-systemd> systemd-coredump:!:1:::::: vm-test-run-systemd> nixbld22:!:1:::::: vm-test-run-systemd> nixbld26:!:1:::::: vm-test-run-systemd> nixbld31:!:1:::::: vm-test-run-systemd> alice:$6$Chf6QRwS$VDolJFiDWYO7uz01EPVOK1fNfx1gK2Uz26CRxRogxbPFxsFI57t73yCm0TFRDpUMaBk3tqno3e7YUJkMRBi4D/:1:::::: vm-test-run-systemd> systemd-network:!:1:::::: vm-test-run-systemd> nixbld2:!:1:::::: vm-test-run-systemd> nixbld14:!:1:::::: vm-test-run-systemd> nobody:!:1:::::: vm-test-run-systemd> nixbld10:!:1:::::: vm-test-run-systemd> /etc/group vm-test-run-systemd> root:x:0: vm-test-run-systemd> wheel:x:1: vm-test-run-systemd> kmem:x:2: vm-test-run-systemd> tty:x:3: vm-test-run-systemd> messagebus:x:4: vm-test-run-systemd> disk:x:6: vm-test-run-systemd> audio:x:17: vm-test-run-systemd> floppy:x:18: vm-test-run-systemd> uucp:x:19: vm-test-run-systemd> lp:x:20: vm-test-run-systemd> cdrom:x:24: vm-test-run-systemd> tape:x:25: vm-test-run-systemd> video:x:26: vm-test-run-systemd> dialout:x:27: vm-test-run-systemd> utmp:x:29: vm-test-run-systemd> adm:x:55: vm-test-run-systemd> systemd-journal:x:62: vm-test-run-systemd> lightdm:x:78: vm-test-run-systemd> keys:x:96: vm-test-run-systemd> users:x:100: vm-test-run-systemd> systemd-network:x:152: vm-test-run-systemd> systemd-resolve:x:153: vm-test-run-systemd> input:x:174: vm-test-run-systemd> kvm:x:302: vm-test-run-systemd> render:x:303: vm-test-run-systemd> sgx:x:304: vm-test-run-systemd> shadow:x:318: vm-test-run-systemd> systemd-oom:x:995: vm-test-run-systemd> systemd-coredump:x:996: vm-test-run-systemd> polkituser:x:997: vm-test-run-systemd> nscd:x:998: vm-test-run-systemd> dhcpcd:x:999: vm-test-run-systemd> nixbld:x:30000:nixbld1,nixbld10,nixbld11,nixbld12,nixbld13,nixbld14,nixbld15,nixbld16,nixbld17,nixbld18,nixbld19,nixbld2,nixbld20,nixbld21,nixbld22,nixbld23,nixbld24,nixbld25,nixbld26,nixbld27,nixbld28,nixbld29,nixbld3,nixbld30,nixbld31,nixbld32,nixbld4,nixbld5,nixbld6,nixbld7,nixbld8,nixbld9 vm-test-run-systemd> nogroup:x:65534: vm-test-run-systemd> /etc/passwd vm-test-run-systemd> root:x:0:0:System administrator:/root:/run/current-system/sw/bin/bash vm-test-run-systemd> messagebus:x:4:4:D-Bus system message bus daemon user:/run/dbus:/run/current-system/sw/bin/nologin vm-test-run-systemd> polkituser:x:28:997:PolKit daemon:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> lightdm:x:78:78::/var/lib/lightdm:/run/current-system/sw/bin/nologin vm-test-run-systemd> systemd-coredump:x:151:996::/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> systemd-network:x:152:152::/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> systemd-resolve:x:153:153::/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> systemd-oom:x:997:995:systemd-oomd service user:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nscd:x:998:998::/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> dhcpcd:x:999:999::/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> alice:x:1000:100:Alice Foobar:/home/alice:/run/current-system/sw/bin/bash vm-test-run-systemd> bob:x:1001:100:Bob Foobar:/home/bob:/run/current-system/sw/bin/bash vm-test-run-systemd> nixbld1:x:30001:30000:Nix build user 1:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld2:x:30002:30000:Nix build user 2:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld3:x:30003:30000:Nix build user 3:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld4:x:30004:30000:Nix build user 4:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld5:x:30005:30000:Nix build user 5:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld6:x:30006:30000:Nix build user 6:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld7:x:30007:30000:Nix build user 7:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld8:x:30008:30000:Nix build user 8:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld9:x:30009:30000:Nix build user 9:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld10:x:30010:30000:Nix build user 10:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld11:x:30011:30000:Nix build user 11:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld12:x:30012:30000:Nix build user 12:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld13:x:30013:30000:Nix build user 13:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld14:x:30014:30000:Nix build user 14:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld15:x:30015:30000:Nix build user 15:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld16:x:30016:30000:Nix build user 16:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld17:x:30017:30000:Nix build user 17:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld18:x:30018:30000:Nix build user 18:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld19:x:30019:30000:Nix build user 19:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld20:x:30020:30000:Nix build user 20:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld21:x:30021:30000:Nix build user 21:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld22:x:30022:30000:Nix build user 22:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld23:x:30023:30000:Nix build user 23:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld24:x:30024:30000:Nix build user 24:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld25:x:30025:30000:Nix build user 25:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld26:x:30026:30000:Nix build user 26:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld27:x:30027:30000:Nix build user 27:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld28:x:30028:30000:Nix build user 28:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld29:x:30029:30000:Nix build user 29:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld30:x:30030:30000:Nix build user 30:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld31:x:30031:30000:Nix build user 31:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld32:x:30032:30000:Nix build user 32:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nobody:x:65534:65534:Unprivileged account (don't use!):/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> /etc/subgid vm-test-run-systemd> bob:100000:65536 vm-test-run-systemd> alice:165536:65536 vm-test-run-systemd> /etc/resolv.conf vm-test-run-systemd> # Generated by resolvconf vm-test-run-systemd> nameserver 10.0.2.3 vm-test-run-systemd> options edns0 vm-test-run-systemd> /etc/NIXOS vm-test-run-systemd> /etc/subuid vm-test-run-systemd> bob:100000:65536 vm-test-run-systemd> alice:165536:65536 vm-test-run-systemd> /etc/.updated vm-test-run-systemd> # This file was created by systemd-update-done. Its only vm-test-run-systemd> # purpose is to hold a timestamp of the time this directory vm-test-run-systemd> # was updated. See man:systemd-update-done.service(8). vm-test-run-systemd> TIMESTAMP_NSEC=1721117468456121518 vm-test-run-systemd> /etc/machine-id vm-test-run-systemd> 90bd78773cdc43e1bd0b7cd0bddb70af vm-test-run-systemd> /etc/sudoers vm-test-run-systemd> # Don't edit this file. Set the NixOS options ‘security.sudo.configFile’ vm-test-run-systemd> # or ‘security.sudo.extraRules’ instead. vm-test-run-systemd> root ALL=(ALL:ALL) SETENV: ALL vm-test-run-systemd> %wheel ALL=(ALL:ALL) SETENV: ALL vm-test-run-systemd> # extraConfig vm-test-run-systemd> # Keep terminfo database for root and %wheel. vm-test-run-systemd> Defaults:root,%wheel env_keep+=TERMINFO_DIRS vm-test-run-systemd> Defaults:root,%wheel env_keep+=TERMINFO

and on this branch:

vm-test-run-systemd> machine: must succeed: find /etc -type f -exec sh -c 'echo {} && cat {}' \; vm-test-run-systemd> /etc/.clean vm-test-run-systemd> sudoers vm-test-run-systemd> /etc/.updated vm-test-run-systemd> # This file was created by systemd-update-done. Its only vm-test-run-systemd> # purpose is to hold a timestamp of the time this directory vm-test-run-systemd> # was updated. See man:systemd-update-done.service(8). vm-test-run-systemd> TIMESTAMP_NSEC=1721117551472123551 vm-test-run-systemd> /etc/NIXOS vm-test-run-systemd> /etc/subgid vm-test-run-systemd> bob:100000:65536 vm-test-run-systemd> alice:165536:65536 vm-test-run-systemd> /etc/subuid vm-test-run-systemd> bob:100000:65536 vm-test-run-systemd> alice:165536:65536 vm-test-run-systemd> /etc/resolv.conf vm-test-run-systemd> # Generated by resolvconf vm-test-run-systemd> nameserver 10.0.2.3 vm-test-run-systemd> options edns0 vm-test-run-systemd> /etc/machine-id vm-test-run-systemd> d89cf4c761cc47f096a2e781050a65fb vm-test-run-systemd> /etc/group vm-test-run-systemd> root:x:0: vm-test-run-systemd> wheel:x:1: vm-test-run-systemd> kmem:x:2: vm-test-run-systemd> tty:x:3: vm-test-run-systemd> messagebus:x:4: vm-test-run-systemd> disk:x:6: vm-test-run-systemd> audio:x:17: vm-test-run-systemd> floppy:x:18: vm-test-run-systemd> uucp:x:19: vm-test-run-systemd> lp:x:20: vm-test-run-systemd> cdrom:x:24: vm-test-run-systemd> tape:x:25: vm-test-run-systemd> video:x:26: vm-test-run-systemd> dialout:x:27: vm-test-run-systemd> utmp:x:29: vm-test-run-systemd> adm:x:55: vm-test-run-systemd> systemd-journal:x:62: vm-test-run-systemd> lightdm:x:78: vm-test-run-systemd> keys:x:96: vm-test-run-systemd> users:x:100: vm-test-run-systemd> systemd-network:x:152: vm-test-run-systemd> systemd-resolve:x:153: vm-test-run-systemd> input:x:174: vm-test-run-systemd> kvm:x:302: vm-test-run-systemd> render:x:303: vm-test-run-systemd> sgx:x:304: vm-test-run-systemd> shadow:x:318: vm-test-run-systemd> systemd-oom:x:995: vm-test-run-systemd> systemd-coredump:x:996: vm-test-run-systemd> polkituser:x:997: vm-test-run-systemd> nscd:x:998: vm-test-run-systemd> dhcpcd:x:999: vm-test-run-systemd> nixbld:x:30000:nixbld1,nixbld10,nixbld11,nixbld12,nixbld13,nixbld14,nixbld15,nixbld16,nixbld17,nixbld18,nixbld19,nixbld2,nixbld20,nixbld21,nixbld22,nixbld23,nixbld24,nixbld25,nixbld26,nixbld27,nixbld28,nixbld29,nixbld3,nixbld30,nixbld31,nixbld32,nixbld4,nixbld5,nixbld6,nixbld7,nixbld8,nixbld9 vm-test-run-systemd> nogroup:x:65534: vm-test-run-systemd> /etc/sudoers vm-test-run-systemd> # Don't edit this file. Set the NixOS options ‘security.sudo.configFile’ vm-test-run-systemd> # or ‘security.sudo.extraRules’ instead. vm-test-run-systemd> root ALL=(ALL:ALL) SETENV: ALL vm-test-run-systemd> %wheel ALL=(ALL:ALL) SETENV: ALL vm-test-run-systemd> # extraConfig vm-test-run-systemd> # Keep terminfo database for root and %wheel. vm-test-run-systemd> Defaults:root,%wheel env_keep+=TERMINFO_DIRS vm-test-run-systemd> Defaults:root,%wheel env_keep+=TERMINFO vm-test-run-systemd> /etc/passwd vm-test-run-systemd> root:x:0:0:System administrator:/root:/run/current-system/sw/bin/bash vm-test-run-systemd> messagebus:x:4:4:D-Bus system message bus daemon user:/run/dbus:/run/current-system/sw/bin/nologin vm-test-run-systemd> polkituser:x:28:997:PolKit daemon:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> lightdm:x:78:78::/var/lib/lightdm:/run/current-system/sw/bin/nologin vm-test-run-systemd> systemd-coredump:x:151:996::/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> systemd-network:x:152:152::/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> systemd-resolve:x:153:153::/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> systemd-oom:x:997:995:systemd-oomd service user:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nscd:x:998:998::/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> dhcpcd:x:999:999::/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> alice:x:1000:100:Alice Foobar:/home/alice:/run/current-system/sw/bin/bash vm-test-run-systemd> bob:x:1001:100:Bob Foobar:/home/bob:/run/current-system/sw/bin/bash vm-test-run-systemd> nixbld1:x:30001:30000:Nix build user 1:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld2:x:30002:30000:Nix build user 2:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld3:x:30003:30000:Nix build user 3:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld4:x:30004:30000:Nix build user 4:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld5:x:30005:30000:Nix build user 5:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld6:x:30006:30000:Nix build user 6:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld7:x:30007:30000:Nix build user 7:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld8:x:30008:30000:Nix build user 8:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld9:x:30009:30000:Nix build user 9:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld10:x:30010:30000:Nix build user 10:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld11:x:30011:30000:Nix build user 11:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld12:x:30012:30000:Nix build user 12:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld13:x:30013:30000:Nix build user 13:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld14:x:30014:30000:Nix build user 14:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld15:x:30015:30000:Nix build user 15:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld16:x:30016:30000:Nix build user 16:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld17:x:30017:30000:Nix build user 17:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld18:x:30018:30000:Nix build user 18:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld19:x:30019:30000:Nix build user 19:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld20:x:30020:30000:Nix build user 20:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld21:x:30021:30000:Nix build user 21:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld22:x:30022:30000:Nix build user 22:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld23:x:30023:30000:Nix build user 23:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld24:x:30024:30000:Nix build user 24:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld25:x:30025:30000:Nix build user 25:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld26:x:30026:30000:Nix build user 26:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld27:x:30027:30000:Nix build user 27:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld28:x:30028:30000:Nix build user 28:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld29:x:30029:30000:Nix build user 29:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld30:x:30030:30000:Nix build user 30:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld31:x:30031:30000:Nix build user 31:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nixbld32:x:30032:30000:Nix build user 32:/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> nobody:x:65534:65534:Unprivileged account (don't use!):/var/empty:/run/current-system/sw/bin/nologin vm-test-run-systemd> /etc/shadow vm-test-run-systemd> nixbld25:!:1:::::: vm-test-run-systemd> nixbld5:!:1:::::: vm-test-run-systemd> nixbld21:!:1:::::: vm-test-run-systemd> nixbld3:!:1:::::: vm-test-run-systemd> nixbld27:!:1:::::: vm-test-run-systemd> nixbld9:!:1:::::: vm-test-run-systemd> nixbld32:!:1:::::: vm-test-run-systemd> root::1:::::: vm-test-run-systemd> nixbld28:!:1:::::: vm-test-run-systemd> systemd-coredump:!:1:::::: vm-test-run-systemd> nixbld14:!:1:::::: vm-test-run-systemd> nixbld30:!:1:::::: vm-test-run-systemd> nixbld23:!:1:::::: vm-test-run-systemd> dhcpcd:!:1:::::: vm-test-run-systemd> nixbld13:!:1:::::: vm-test-run-systemd> messagebus:!:1:::::: vm-test-run-systemd> nixbld24:!:1:::::: vm-test-run-systemd> nixbld18:!:1:::::: vm-test-run-systemd> nixbld7:!:1:::::: vm-test-run-systemd> nixbld17:!:1:::::: vm-test-run-systemd> systemd-resolve:!:1:::::: vm-test-run-systemd> lightdm:!:1:::::: vm-test-run-systemd> nixbld11:!:1:::::: vm-test-run-systemd> nobody:!:1:::::: vm-test-run-systemd> nixbld15:!:1:::::: vm-test-run-systemd> bob:$6$1hhg2iQ6$sB3UNan8oKF9/ULCN6zB0f4B3F3vmRgbtCcyL2zqIEszleZxIN5uZ7Q0UyWUFcmGGQhVTbnceGXip2oRFQr791:1:::::: vm-test-run-systemd> nixbld4:!:1:::::: vm-test-run-systemd> nixbld10:!:1:::::: vm-test-run-systemd> nixbld12:!:1:::::: vm-test-run-systemd> nixbld1:!:1:::::: vm-test-run-systemd> nixbld26:!:1:::::: vm-test-run-systemd> systemd-network:!:1:::::: vm-test-run-systemd> systemd-oom:!:1:::::: vm-test-run-systemd> nixbld29:!:1:::::: vm-test-run-systemd> nscd:!:1:::::: vm-test-run-systemd> nixbld19:!:1:::::: vm-test-run-systemd> nixbld16:!:1:::::: vm-test-run-systemd> nixbld31:!:1:::::: vm-test-run-systemd> nixbld2:!:1:::::: vm-test-run-systemd> polkituser:!:1:::::: vm-test-run-systemd> nixbld6:!:1:::::: vm-test-run-systemd> alice:$6$8Z3Bz/rk$jkvZJg3t81JJDgBg8p3eX9fOFnWH4.M1RWAe9Bvkapa3S5K8ZaeyoY4OgLylGEWblz1Q5PBmLuYbBpy4dI5CN0:1:::::: vm-test-run-systemd> nixbld8:!:1:::::: vm-test-run-systemd> nixbld20:!:1:::::: vm-test-run-systemd> nixbld22:!:1::::::

I think this is only used by systemd-firstboot.service. As long as we don't include this unit I think things change is fine

Looks like we don't even build in firstboot by default: https://github.com/nixos/nixpkgs/blob/04b5c34ff31e123d196eaaf605570e606626ade9/pkgs/os-specific/linux/systemd/default.nix#L106. Should we add an assertion that firstboot is not enabled?

The systemd(1) manager itself will initialize machine-id(5) and preset all units, enabling or disabling them according to the systemd.preset(5) settings.

So it sounds like we'll want to make sure there are no unintended side effects of unit presets, and that the system manager doesn't get confused / make bogus errors because of our readonly /etc/systemd/system directory.

That's a good catch! I added another commit that ensures presets are not used, the entire point of presets wouldn't currently work with nixos anyways, as enabling and disabling units at runtime would attempt to modify read-only paths.

gentle ping @ElvishJerricco

-Original file line number
+Diff line change
@@ Expand Up / @@ -125,14 +125,6 @@ ln -sfn "$systemConfig" /run/booted-system @@
     @shell@ @postBootCommands@
-    # Ensure systemd doesn't try to populate /etc, by forcing its first-boot
-    # heuristic off. It doesn't matter what's in /etc/machine-id for this purpose,
-    # and systemd will immediately fill in the file when it starts, so just
-    # creating it is enough. This `: >>` pattern avoids forking and avoids changing
-    # the mtime if the file already exists.
-    : >> /etc/machine-id
     # No need to restore the stdout/stderr streams we never redirected and
     # especially no need to start systemd
     if [ "${IN_NIXOS_SYSTEMD_STAGE1:-}" != true ]; then
@@ Expand Down @@

-Original file line number
+Diff line change
@@ Expand Up / @@ -33,6 +33,7 @@ let @@
           "nss-lookup.target"
           "nss-user-lookup.target"
           "time-sync.target"
+          "first-boot-complete.target"
         ] ++ optionals cfg.package.withCryptsetup [
           "cryptsetup.target"
           "cryptsetup-pre.target"
@@ Expand Down Expand Up / @@ -565,6 +566,15 @@ in @@
           "systemd/user-generators" = { source = hooks "user-generators" cfg.user.generators; };
           "systemd/system-generators" = { source = hooks "system-generators" cfg.generators; };
           "systemd/system-shutdown" = { source = hooks "system-shutdown" cfg.shutdown; };
+          # Ignore all other preset files so systemd doesn't try to enable/disable
+          # units during runtime.
+          "systemd/system-preset/00-nixos.preset".text = ''
+            ignore *
+          '';
+          "systemd/user-preset/00-nixos.preset".text = ''
+            ignore *
+          '';
         });
         services.dbus.enable = true;
@@ Expand Down @@

-Original file line number
+Diff line change
@@ Expand Up / @@ -75,12 +75,19 @@ import ./make-test-python.nix ({ pkgs, ... }: { @@
           rebootTime = "10min";
           kexecTime = "5min";
         };
+        environment.etc."systemd/system-preset/10-testservice.preset".text = ''
+          disable ${config.systemd.services.testservice1.name}
+        '';
       };
-      testScript = ''
+      testScript = { nodes, ... }: ''
         import re
         import subprocess
+        # Will not succeed unless ConditionFirstBoot=yes
+        machine.wait_for_unit("first-boot-complete.target")
         machine.wait_for_x()
         # wait for user services
         machine.wait_for_unit("default.target", "alice")
@@ Expand Down Expand Up / @@ -210,5 +217,9 @@ import ./make-test-python.nix ({ pkgs, ... }: { @@
         with subtest("systemd environment is properly set"):
             machine.systemctl("daemon-reexec")  # Rewrites /proc/1/environ
             machine.succeed("grep -q TZDIR=/etc/zoneinfo /proc/1/environ")
+        with subtest("systemd presets are ignored"):
+            machine.succeed("systemctl preset ${nodes.machine.systemd.services.testservice1.name}")
+            machine.succeed("test -e /etc/systemd/system/${nodes.machine.systemd.services.testservice1.name}")
       '';
     })

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

nixos/systemd: let systemd setup /etc/machine-id #327552

Diff view

Diff view

There are no files selected for viewing

ElvishJerricco Jul 16, 2024

jmbaur Jul 16, 2024 •

edited

Loading

jmbaur Jul 16, 2024

arianvp Jul 16, 2024

jmbaur Jul 16, 2024

ElvishJerricco Jul 16, 2024

jmbaur Jul 16, 2024

jmbaur Jul 24, 2024

nixos/systemd: let systemd setup /etc/machine-id #327552

nixos/systemd: let systemd setup /etc/machine-id #327552

Diff view

Diff view

There are no files selected for viewing

ElvishJerricco Jul 16, 2024

Choose a reason for hiding this comment

jmbaur Jul 16, 2024 • edited Loading

Choose a reason for hiding this comment

jmbaur Jul 16, 2024

Choose a reason for hiding this comment

arianvp Jul 16, 2024

Choose a reason for hiding this comment

jmbaur Jul 16, 2024

Choose a reason for hiding this comment

ElvishJerricco Jul 16, 2024

Choose a reason for hiding this comment

jmbaur Jul 16, 2024

Choose a reason for hiding this comment

jmbaur Jul 24, 2024

Choose a reason for hiding this comment

jmbaur Jul 16, 2024 •

edited

Loading