Loading nixos/modules/config/users-groups.nix +22 −14 Original line number Diff line number Diff line Loading @@ -496,6 +496,7 @@ let in filter types.shellPackage.check shells; lingeringUsers = map (u: u.name) (attrValues (flip filterAttrs cfg.users (n: u: u.linger))); in { imports = [ (mkAliasOptionModuleMD [ "users" "extraUsers" ] [ "users" "users" ]) Loading Loading @@ -695,25 +696,32 @@ in { ''; } else ""; # keep around for backwards compatibility system.activationScripts.update-lingering = let systemd.services.linger-users = lib.mkIf ((builtins.length lingeringUsers) > 0) { wantedBy = ["multi-user.target"]; after = ["systemd-logind.service"]; requires = ["systemd-logind.service"]; script = let lingerDir = "/var/lib/systemd/linger"; lingeringUsers = map (u: u.name) (attrValues (flip filterAttrs cfg.users (n: u: u.linger))); lingeringUsersFile = builtins.toFile "lingering-users" (concatStrings (map (s: "${s}\n") (sort (a: b: a < b) lingeringUsers))); # this sorting is important for `comm` to work correctly in stringAfter [ "users" ] '' if [ -e ${lingerDir} ] ; then in '' mkdir -vp ${lingerDir} cd ${lingerDir} for user in ${lingerDir}/*; do if ! id "$user" >/dev/null 2>&1; then for user in $(ls); do if ! id "$user" >/dev/null; then echo "Removing linger for missing user $user" rm --force -- "$user" fi done ls ${lingerDir} | sort | comm -3 -1 ${lingeringUsersFile} - | xargs -r ${pkgs.systemd}/bin/loginctl disable-linger ls ${lingerDir} | sort | comm -3 -2 ${lingeringUsersFile} - | xargs -r ${pkgs.systemd}/bin/loginctl enable-linger fi ls | sort | comm -3 -1 ${lingeringUsersFile} - | xargs -r ${pkgs.systemd}/bin/loginctl disable-linger ls | sort | comm -3 -2 ${lingeringUsersFile} - | xargs -r ${pkgs.systemd}/bin/loginctl enable-linger ''; serviceConfig.Type = "oneshot"; }; # Warn about user accounts with deprecated password hashing schemes # This does not work when the users and groups are created by # systemd-sysusers because the users are created too late then. Loading nixos/modules/programs/steam.nix +2 −2 Original line number Diff line number Diff line Loading @@ -45,6 +45,8 @@ in { apply = steam: steam.override (prev: { extraEnv = (lib.optionalAttrs (cfg.extraCompatPackages != [ ]) { STEAM_EXTRA_COMPAT_TOOLS_PATHS = makeSearchPathOutput "steamcompattool" "" cfg.extraCompatPackages; }) // (optionalAttrs cfg.extest.enable { LD_PRELOAD = "${pkgs.pkgsi686Linux.extest}/lib/libextest.so"; }) // (prev.extraEnv or {}); extraLibraries = pkgs: let prevLibs = if prev ? extraLibraries then prev.extraLibraries pkgs else [ ]; Loading @@ -59,8 +61,6 @@ in { # use the setuid wrapped bubblewrap bubblewrap = "${config.security.wrapperDir}/.."; }; } // optionalAttrs cfg.extest.enable { extraEnv.LD_PRELOAD = "${pkgs.pkgsi686Linux.extest}/lib/libextest.so"; }); description = lib.mdDoc '' The Steam package to use. Additional libraries are added from the system Loading nixos/tests/all-tests.nix +1 −0 Original line number Diff line number Diff line Loading @@ -902,6 +902,7 @@ in { systemd-sysusers-immutable = runTest ./systemd-sysusers-immutable.nix; systemd-timesyncd = handleTest ./systemd-timesyncd.nix {}; systemd-timesyncd-nscd-dnssec = handleTest ./systemd-timesyncd-nscd-dnssec.nix {}; systemd-user-linger = handleTest ./systemd-user-linger.nix {}; systemd-user-tmpfiles-rules = handleTest ./systemd-user-tmpfiles-rules.nix {}; systemd-misc = handleTest ./systemd-misc.nix {}; systemd-userdbd = handleTest ./systemd-userdbd.nix {}; Loading nixos/tests/goss.nix +2 −6 Original line number Diff line number Diff line Loading @@ -28,10 +28,6 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { }; group.root.exists = true; kernel-param."kernel.ostype".value = "Linux"; service.goss = { enabled = true; running = true; }; user.root.exists = true; }; }; Loading @@ -46,8 +42,8 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { with subtest("returns health status"): result = json.loads(machine.succeed("curl -sS http://localhost:8080/healthz")) assert len(result["results"]) == 10, f".results should be an array of 10 items, was {result['results']!r}" assert len(result["results"]) == 8, f".results should be an array of 10 items, was {result['results']!r}" assert result["summary"]["failed-count"] == 0, f".summary.failed-count should be zero, was {result['summary']['failed-count']}" assert result["summary"]["test-count"] == 10, f".summary.test-count should be 10, was {result['summary']['test-count']}" assert result["summary"]["test-count"] == 8, f".summary.test-count should be 10, was {result['summary']['test-count']}" ''; }) nixos/tests/systemd-user-linger.nix 0 → 100644 +39 −0 Original line number Diff line number Diff line import ./make-test-python.nix ( { lib, ... }: { name = "systemd-user-linger"; nodes.machine = { ... }: { users.users = { alice = { isNormalUser = true; linger = true; uid = 1000; }; bob = { isNormalUser = true; linger = false; uid = 10001; }; }; }; testScript = { ... }: '' machine.wait_for_file("/var/lib/systemd/linger/alice") machine.succeed("systemctl status user-1000.slice") machine.fail("test -e /var/lib/systemd/linger/bob") machine.fail("systemctl status user-1001.slice") with subtest("missing users have linger purged"): machine.succeed("touch /var/lib/systemd/linger/missing") machine.systemctl("restart linger-users") machine.succeed("test ! -e /var/lib/systemd/linger/missing") ''; } ) Loading
nixos/modules/config/users-groups.nix +22 −14 Original line number Diff line number Diff line Loading @@ -496,6 +496,7 @@ let in filter types.shellPackage.check shells; lingeringUsers = map (u: u.name) (attrValues (flip filterAttrs cfg.users (n: u: u.linger))); in { imports = [ (mkAliasOptionModuleMD [ "users" "extraUsers" ] [ "users" "users" ]) Loading Loading @@ -695,25 +696,32 @@ in { ''; } else ""; # keep around for backwards compatibility system.activationScripts.update-lingering = let systemd.services.linger-users = lib.mkIf ((builtins.length lingeringUsers) > 0) { wantedBy = ["multi-user.target"]; after = ["systemd-logind.service"]; requires = ["systemd-logind.service"]; script = let lingerDir = "/var/lib/systemd/linger"; lingeringUsers = map (u: u.name) (attrValues (flip filterAttrs cfg.users (n: u: u.linger))); lingeringUsersFile = builtins.toFile "lingering-users" (concatStrings (map (s: "${s}\n") (sort (a: b: a < b) lingeringUsers))); # this sorting is important for `comm` to work correctly in stringAfter [ "users" ] '' if [ -e ${lingerDir} ] ; then in '' mkdir -vp ${lingerDir} cd ${lingerDir} for user in ${lingerDir}/*; do if ! id "$user" >/dev/null 2>&1; then for user in $(ls); do if ! id "$user" >/dev/null; then echo "Removing linger for missing user $user" rm --force -- "$user" fi done ls ${lingerDir} | sort | comm -3 -1 ${lingeringUsersFile} - | xargs -r ${pkgs.systemd}/bin/loginctl disable-linger ls ${lingerDir} | sort | comm -3 -2 ${lingeringUsersFile} - | xargs -r ${pkgs.systemd}/bin/loginctl enable-linger fi ls | sort | comm -3 -1 ${lingeringUsersFile} - | xargs -r ${pkgs.systemd}/bin/loginctl disable-linger ls | sort | comm -3 -2 ${lingeringUsersFile} - | xargs -r ${pkgs.systemd}/bin/loginctl enable-linger ''; serviceConfig.Type = "oneshot"; }; # Warn about user accounts with deprecated password hashing schemes # This does not work when the users and groups are created by # systemd-sysusers because the users are created too late then. Loading
nixos/modules/programs/steam.nix +2 −2 Original line number Diff line number Diff line Loading @@ -45,6 +45,8 @@ in { apply = steam: steam.override (prev: { extraEnv = (lib.optionalAttrs (cfg.extraCompatPackages != [ ]) { STEAM_EXTRA_COMPAT_TOOLS_PATHS = makeSearchPathOutput "steamcompattool" "" cfg.extraCompatPackages; }) // (optionalAttrs cfg.extest.enable { LD_PRELOAD = "${pkgs.pkgsi686Linux.extest}/lib/libextest.so"; }) // (prev.extraEnv or {}); extraLibraries = pkgs: let prevLibs = if prev ? extraLibraries then prev.extraLibraries pkgs else [ ]; Loading @@ -59,8 +61,6 @@ in { # use the setuid wrapped bubblewrap bubblewrap = "${config.security.wrapperDir}/.."; }; } // optionalAttrs cfg.extest.enable { extraEnv.LD_PRELOAD = "${pkgs.pkgsi686Linux.extest}/lib/libextest.so"; }); description = lib.mdDoc '' The Steam package to use. Additional libraries are added from the system Loading
nixos/tests/all-tests.nix +1 −0 Original line number Diff line number Diff line Loading @@ -902,6 +902,7 @@ in { systemd-sysusers-immutable = runTest ./systemd-sysusers-immutable.nix; systemd-timesyncd = handleTest ./systemd-timesyncd.nix {}; systemd-timesyncd-nscd-dnssec = handleTest ./systemd-timesyncd-nscd-dnssec.nix {}; systemd-user-linger = handleTest ./systemd-user-linger.nix {}; systemd-user-tmpfiles-rules = handleTest ./systemd-user-tmpfiles-rules.nix {}; systemd-misc = handleTest ./systemd-misc.nix {}; systemd-userdbd = handleTest ./systemd-userdbd.nix {}; Loading
nixos/tests/goss.nix +2 −6 Original line number Diff line number Diff line Loading @@ -28,10 +28,6 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { }; group.root.exists = true; kernel-param."kernel.ostype".value = "Linux"; service.goss = { enabled = true; running = true; }; user.root.exists = true; }; }; Loading @@ -46,8 +42,8 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { with subtest("returns health status"): result = json.loads(machine.succeed("curl -sS http://localhost:8080/healthz")) assert len(result["results"]) == 10, f".results should be an array of 10 items, was {result['results']!r}" assert len(result["results"]) == 8, f".results should be an array of 10 items, was {result['results']!r}" assert result["summary"]["failed-count"] == 0, f".summary.failed-count should be zero, was {result['summary']['failed-count']}" assert result["summary"]["test-count"] == 10, f".summary.test-count should be 10, was {result['summary']['test-count']}" assert result["summary"]["test-count"] == 8, f".summary.test-count should be 10, was {result['summary']['test-count']}" ''; })
nixos/tests/systemd-user-linger.nix 0 → 100644 +39 −0 Original line number Diff line number Diff line import ./make-test-python.nix ( { lib, ... }: { name = "systemd-user-linger"; nodes.machine = { ... }: { users.users = { alice = { isNormalUser = true; linger = true; uid = 1000; }; bob = { isNormalUser = true; linger = false; uid = 10001; }; }; }; testScript = { ... }: '' machine.wait_for_file("/var/lib/systemd/linger/alice") machine.succeed("systemctl status user-1000.slice") machine.fail("test -e /var/lib/systemd/linger/bob") machine.fail("systemctl status user-1001.slice") with subtest("missing users have linger purged"): machine.succeed("touch /var/lib/systemd/linger/missing") machine.systemctl("restart linger-users") machine.succeed("test ! -e /var/lib/systemd/linger/missing") ''; } )
![github-actions[bot]'s avatar](https://secure.gravatar.com/avatar/e7cd911927c7d1acf6281b69d385990d8fadcd26871048bbcdbff2e88da7f607?s=48&d=identicon "github-actions[bot]")