diff --git a/nixos/modules/system/activation/activation-script.nix b/nixos/modules/system/activation/activation-script.nix index 140d453589b8..14e7769ca8fe 100644 --- a/nixos/modules/system/activation/activation-script.nix +++ b/nixos/modules/system/activation/activation-script.nix @@ -234,11 +234,12 @@ in system.activationScripts.var = ""; # obsolete systemd.tmpfiles.rules = [ + "D /var/empty 0555 root root -" + "h /var/empty - - - - +i" + ] ++ lib.optionals config.nix.enable [ # Prevent the current configuration from being garbage-collected. "d /nix/var/nix/gcroots -" "L+ /nix/var/nix/gcroots/current-system - - - - /run/current-system" - "D /var/empty 0555 root root -" - "h /var/empty - - - - +i" ]; system.activationScripts.usrbinenv = if config.environment.usrbinenv != null diff --git a/nixos/modules/system/boot/systemd/tmpfiles.nix b/nixos/modules/system/boot/systemd/tmpfiles.nix index 44c72f2768cc..9a0f18c26f94 100644 --- a/nixos/modules/system/boot/systemd/tmpfiles.nix +++ b/nixos/modules/system/boot/systemd/tmpfiles.nix @@ -281,15 +281,19 @@ in ) cfg.settings); systemd.tmpfiles.rules = [ - "d /nix/var 0755 root root - -" - "L+ /nix/var/nix/gcroots/booted-system 0755 root root - /run/booted-system" "d /run/lock 0755 root root - -" "d /var/db 0755 root root - -" "L /var/lock - - - - ../run/lock" - # Boot-time cleanup + ] ++ lib.optionals config.nix.enable [ + "d /nix/var 0755 root root - -" + "L+ /nix/var/nix/gcroots/booted-system 0755 root root - /run/booted-system" + ] + # Boot-time cleanup + ++ [ "R! /etc/group.lock - - - - -" "R! /etc/passwd.lock - - - - -" "R! /etc/shadow.lock - - - - -" + ] ++ lib.optionals config.nix.enable [ "R! /nix/var/nix/gcroots/tmp - - - - -" "R! /nix/var/nix/temproots - - - - -" ];