nixos/systemd: clarify what enableStrictShellChecks checks (#401460)

2025-06-10 19:55:41 +03:00 · 2025-04-27 14:15:15 +02:00 · 2025-04-27 14:15:15 +02:00 · 86a1af8a7b
commit 86a1af8a7b
parent 51f9cfd088 02555cd0bd
2 changed files with 41 additions and 4 deletions
--- a/nixos/lib/systemd-unit-options.nix
+++ b/nixos/lib/systemd-unit-options.nix
@ -398,9 +398,21 @@ rec {

        enableStrictShellChecks = mkOption {
          type = types.bool;
-          description = "Enable running shellcheck on the generated scripts for this unit.";
-          # The default gets set in systemd-lib.nix because we don't have access to
-          # the full NixOS config here.
+          description = ''
+            Enable running `shellcheck` on the generated scripts for this unit.
+
+            When enabled, scripts generated by the unit will be checked with
+            `shellcheck` and any errors or warnings will cause the build to
+            fail.
+
+            This affects all scripts that have been created through the
+            `script`, `reload`, `preStart`, `postStart`, `preStop` and
+            `postStop` options for systemd services. This does not affect
+            command lines passed directly to `ExecStart`, `ExecReload`,
+            `ExecStartPre`, `ExecStartPost`, `ExecStop` or `ExecStopPost`.
+          '';
+          # The default gets set in systemd-lib.nix because we don't have
+          # access to the full NixOS config here.
          defaultText = literalExpression "config.systemd.enableStrictShellChecks";
        };

--- a/nixos/modules/system/boot/systemd.nix
+++ b/nixos/modules/system/boot/systemd.nix
@ -226,7 +226,32 @@ in
    package = mkPackageOption pkgs "systemd" { };

    enableStrictShellChecks = mkEnableOption "" // {
-      description = "Whether to run shellcheck on the generated scripts for systemd units.";
+      description = ''
+        Whether to run `shellcheck` on the generated scripts for systemd
+        units.
+
+        When enabled, all systemd scripts generated by NixOS will be checked
+        with `shellcheck` and any errors or warnings will cause the build to
+        fail.
+
+        This affects all scripts that have been created through the `script`,
+        `reload`, `preStart`, `postStart`, `preStop` and `postStop` options for
+        systemd services. This does not affect command lines passed directly
+        to `ExecStart`, `ExecReload`, `ExecStartPre`, `ExecStartPost`,
+        `ExecStop` or `ExecStopPost`.
+
+        It therefore also does not affect systemd units that are coming from
+        packages and that are not defined through the NixOS config. This option
+        is disabled by default, and although some services have already been
+        fixed, it is still likely that you will encounter build failures when
+        enabling this.
+
+        We encourage people to enable this option when they are willing and
+        able to submit fixes for potential build failures to Nixpkgs. The
+        option can also be enabled or disabled for individual services using
+        the `enableStrictShellChecks` option on the service itself, which will
+        take precedence over the global setting.
+      '';
    };

    units = mkOption {