Regardless of mutable or immutable users, systemd-sysupdate never
updates existing user records and thus will for example never change
passwords for you.
It only support initial passwords and now actively asserts agains other
paswords.
On Linux we cannot feasbibly generate users statically because we need
to take care to not change or re-use UIDs over the lifetime of a machine
(i.e. over multiple generations). This means we need the context of the
running machine.
Thus, stop creating users statically and instead generate them at
runtime irrespective of mutableUsers.
When /etc is immutable, the password files (e.g. /etc/passwd etc.) are
created in a separate directory (/var/lib/nixos/etc). /etc will be
pre-populated with symlinks to this separate directory.
Immutable users are now implemented by bind-mounting the password files
read-only onto themselves and only briefly re-mounting them writable to
re-execute sysusers. The biggest limitation of this design is that you
now need to manually unmount this bind mount to change passwords because
sysusers cannot change passwords for you. This shouldn't be too much of
an issue because system users should only rarely need to change their
passwords.
systemd-sysusers cannot create normal users (i.e. with a UID > 1000).
Thus we stop trying an explitily only use systemd-sysusers when there
are no normal users on the system (e.g. appliances).
This allows us to set things like dependencies in a way that we can
catch typos at eval time.
So instead of
```nix
systemd.services.foo.wants = [ "bar.service" ];
```
we can write
```nix
systemd.services.foo.wants = [ config.systemd.services.bar.name ];
```
which will throw an error if no such service has been defined.
Not all cases can be done like this (eg template services), but in a lot
of cases this will allow to avoid typos.
There is a matching option on the unit option
(`systemd.units."foo.service".name`) as well.
these changes were generated with nixq 0.0.2, by running
nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix
nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix
nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix
two mentions of the mdDoc function remain in nixos/, both of which
are inside of comments.
Since lib.mdDoc is already defined as just id, this commit is a no-op as
far as Nix (and the built manual) is concerned.
The maximum length for a GPT label supported by systemd is 36
characters. When a repart definition contains a label that is longer
than the supported maximum length, it is ignored by systemd-repart and
a log message is produced.
The new assertion makes this obvious to the user at evaluation time,
allowing them to either drop the property entirely or choose a supported
label within the length limit instead.
Before there was a kernel modules path named kernel-modules which then got turned
into linux-X.X.XX-modules-shrunk. Now the unshrunk package is called linux-X.X.XX-modules
and gets turned into X.X.XX-modules-shrunk.
These should be defaults as they're pretty reasonable to want to
override as a user. Unsure how to change the slice defaults to be
overridable, that should probably be a later conversation.
Lists are convenient to have in sysupdate configuration when using
multiple `MatchPattern` under `Target` when the target can have multiple
filenames. This use-case is helpful for BootLoaderSpec bootcounting where the target file on
disk can have multiple filenames, and in order for sysupdate to properly
ensure only N number of instances of this target exist at one time, we
need to have multiple match patterns.
Removed patches:
- 0007-Fix-hwdb-paths.patch
The directory we want seems to already be included in the list. Is there
a reason why we want to restrict it further?
- 0010-build-don-t-create-statedir-and-don-t-touch-prefixdi.patch
This patch has little to do with how the meson.build file looks now. The
new patch 0017 is the successor to this one.
- 0015-pkg-config-derive-prefix-from-prefix.patch
This is fixed upstream. We don't need this anymore.
The example systemd-sysupdate transfer name has a ".conf" suffix,
although the files on the final system are already appended with this
suffix, so the file ends up being "transfer-name.conf.conf". Remove the
suffix in the example so that users will get a transfer filename they
expect.
Systemd-repart will use loopback devices for partition creation if it is
able to, and will fallback to doing "offline" partition creation writing
data directly to files. From what I see looking at the repart code,
there are specific features that cannot be taken advantage of when not
using loopback devices (e.g. no BTRFS subvolumes in systemd v255) and in
certain places they have to perform some manual re-sizing work that can
otherwise be avoided.
