nixos/users-groups: add user option to enable lingering #260248
Conversation
Adapted from https://gist.github.com/graham33/fdbdcc18317a621d9dd54beb36be6683 Fixes NixOS#3702 Lingering users can still be managed mutably by root with `loginctl`, but the settings here will take precedence when `nixos-rebuild` is run.
github-actions
bot
added
6.topic: nixos
delroth
added
the
12.approvals: 1
ofborg
bot
added
10.rebuild-darwin: 1-10
10.rebuild-darwin: 1
10.rebuild-linux: 1-10
labels
|
Oh, this is great, thank you! |
|
Should this be enabled by default when |
| in stringAfter [ "users" ] '' | ||
| if [ -e ${lingerDir} ] ; then | ||
| cd ${lingerDir} | ||
| ls ${lingerDir} | sort | comm -3 -1 ${lingeringUsersFile} - | xargs -r ${pkgs.systemd}/bin/loginctl disable-linger |
There was a problem hiding this comment.
This wouldn't deactivate lingering for a user after it is was enabled and disabled again, right? It would just flip lingering for all users that have it enabled.
Edit: I didn't immediately catch the comm usage here which reveals another problem: Now we deactivate any lingering for any user that has it manually configured and there is no way to deactivate this. This breaks at least one of my systems which I would need to switch to this setting. Since there is no release not for this change, normally it would went unnoticed.
I think we can only enforce this when users cannot be manually changed, so we would need to rely on users.mutableUsers
There was a problem hiding this comment.
Sorry, I'm just a random person that followed the issue where this commit was first introduced, and I may be missing a bunch of things here, but wouldn't relying on mutableUsers in turn break the ability of setting this through configuration.nix for users that aren't mutable?
There was a problem hiding this comment.
does this "break" (i'm using this term very lightly) my system if i remove a user? i'm thinking yes because the update-lingering activation script keeps failing on me - consider
$ sudo loginctl disable-linger someone-who-no-longer-exists nix-shell-env
Failed to look up user someone-who-no-longer-exists: No such process
my system works fine if i simply rm the offending file out of /var/lib/systemd/linger
There was a problem hiding this comment.
as mentioned in #283769 (comment) i'm considering reverting this PR - would anyone care to comment before i do that?
Description of changes
Adds a new boolean user option,
linger, which can be used to enable systemd lingering for individual users.This is not the same as
DontKillUserProcesses=true; (a) it allows configuration per-user rather than per-system and (b) lingering users will have their slice and services start on boot (or on nixos-rebuild) rather than on first login.Adapted from
https://gist.github.com/graham33/fdbdcc18317a621d9dd54beb36be6683
Fixes #3702
Lingering users can still be managed mutably by root with
loginctl, but the settings here will take precedence whennixos-rebuildis run.Things done
sandbox = trueset innix.conf? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)