diff options
| author | Adam Stephens <adam@valkor.net> | 2024-03-21 19:51:05 -0400 |
|---|---|---|
| committer | Adam Stephens <adam@valkor.net> | 2024-03-21 19:51:05 -0400 |
| commit | 790fb86a7f46dff6c89445fe332aee5b9740e19b (patch) | |
| tree | 28857cf6b0fc084b8ab0b9f43f4226802f74c74d /nixos/modules/config | |
| parent | 564c3749d90b865df2b978482659d73fe7ee2e7c (diff) | |
nixos/users-groups: move linger to oneshot and add nixos test
Diffstat (limited to 'nixos/modules/config')
| -rw-r--r-- | nixos/modules/config/users-groups.nix | 33 |
1 files changed, 20 insertions, 13 deletions
diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index 2fbb376258056..f9750b7263cac 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -496,6 +496,7 @@ let in filter types.shellPackage.check shells; + lingeringUsers = map (u: u.name) (attrValues (flip filterAttrs cfg.users (n: u: u.linger))); in { imports = [ (mkAliasOptionModuleMD [ "users" "extraUsers" ] [ "users" "users" ]) @@ -695,25 +696,31 @@ in { ''; } else ""; # keep around for backwards compatibility - system.activationScripts.update-lingering = let - lingerDir = "/var/lib/systemd/linger"; - lingeringUsers = map (u: u.name) (attrValues (flip filterAttrs cfg.users (n: u: u.linger))); - lingeringUsersFile = builtins.toFile "lingering-users" - (concatStrings (map (s: "${s}\n") - (sort (a: b: a < b) lingeringUsers))); # this sorting is important for `comm` to work correctly - in stringAfter [ "users" ] '' - if [ -e ${lingerDir} ] ; then + systemd.services.linger-users = lib.mkIf ((builtins.length lingeringUsers) > 0) { + wantedBy = ["multi-user.target"]; + after = ["systemd-logind.service"]; + requires = ["systemd-logind.service"]; + + script = let + lingerDir = "/var/lib/systemd/linger"; + lingeringUsersFile = builtins.toFile "lingering-users" + (concatStrings (map (s: "${s}\n") + (sort (a: b: a < b) lingeringUsers))); # this sorting is important for `comm` to work correctly + in '' + mkdir -vp ${lingerDir} cd ${lingerDir} for user in $(ls); do if ! id "$user" >/dev/null; then - echo "Removing linger for deleted user $user" + echo "Removing linger for missing user $user" rm --force -- "$user" fi done - ls ${lingerDir} | sort | comm -3 -1 ${lingeringUsersFile} - | xargs -r ${pkgs.systemd}/bin/loginctl disable-linger - ls ${lingerDir} | sort | comm -3 -2 ${lingeringUsersFile} - | xargs -r ${pkgs.systemd}/bin/loginctl enable-linger - fi - ''; + ls | sort | comm -3 -1 ${lingeringUsersFile} - | xargs -r ${pkgs.systemd}/bin/loginctl disable-linger + ls | sort | comm -3 -2 ${lingeringUsersFile} - | xargs -r ${pkgs.systemd}/bin/loginctl enable-linger + ''; + + serviceConfig.Type = "oneshot"; + }; # Warn about user accounts with deprecated password hashing schemes # This does not work when the users and groups are created by |