diff options
| author | Andrew Marshall <andrew@johnandrewmarshall.com> | 2022-10-12 08:27:21 -0400 |
|---|---|---|
| committer | Andrew Marshall <andrew@johnandrewmarshall.com> | 2022-11-30 22:57:08 -0500 |
| commit | c88944f025429430a58dff13b9b4c653ce955535 (patch) | |
| tree | f1b6db13c31833d0651819cabf14cb6f1e53a8fa /nixos/modules/system | |
| parent | c49f0b22e178f2ad18b4e16e16fb623b341f8179 (diff) | |
nixos: nix.readOnlyStore -> boot.readOnlyNixStore
The placement of this option under `nix` was misleading, as it is not configuration of the Nix daemon, but rather configuration of the NixOS boot process and how it mounts the Nix store. As such, make it an option of `boot` to clarify what it actually affects, and imply that it will only take effect on a reboot. Since it no longer has the context of nix, adjust the name to include it.
Diffstat (limited to 'nixos/modules/system')
| -rwxr-xr-x | nixos/modules/system/boot/stage-2-init.sh | 2 | ||||
| -rw-r--r-- | nixos/modules/system/boot/stage-2.nix | 14 |
2 files changed, 13 insertions, 3 deletions
diff --git a/nixos/modules/system/boot/stage-2-init.sh b/nixos/modules/system/boot/stage-2-init.sh index f2a839d078681..78cc8e8d45a30 100755 --- a/nixos/modules/system/boot/stage-2-init.sh +++ b/nixos/modules/system/boot/stage-2-init.sh @@ -68,7 +68,7 @@ fi # like squashfs. chown -f 0:30000 /nix/store chmod -f 1775 /nix/store -if [ -n "@readOnlyStore@" ]; then +if [ -n "@readOnlyNixStore@" ]; then if ! [[ "$(findmnt --noheadings --output OPTIONS /nix/store)" =~ ro(,|$) ]]; then if [ -z "$container" ]; then mount --bind /nix/store /nix/store diff --git a/nixos/modules/system/boot/stage-2.nix b/nixos/modules/system/boot/stage-2.nix index 6b4193ea29674..6ed915c339e0c 100644 --- a/nixos/modules/system/boot/stage-2.nix +++ b/nixos/modules/system/boot/stage-2.nix @@ -10,9 +10,8 @@ let src = ./stage-2-init.sh; shellDebug = "${pkgs.bashInteractive}/bin/bash"; shell = "${pkgs.bash}/bin/bash"; - inherit (config.boot) systemdExecutable extraSystemdUnitPaths; + inherit (config.boot) readOnlyNixStore systemdExecutable extraSystemdUnitPaths; isExecutable = true; - inherit (config.nix) readOnlyStore; inherit useHostResolvConf; inherit (config.system.build) earlyMountScript; path = lib.makeBinPath ([ @@ -42,6 +41,17 @@ in ''; }; + readOnlyNixStore = mkOption { + type = types.bool; + default = true; + description = lib.mdDoc '' + If set, NixOS will enforce the immutability of the Nix store + by making {file}`/nix/store` a read-only bind + mount. Nix will automatically make the store writable when + needed. + ''; + }; + systemdExecutable = mkOption { default = "/run/current-system/systemd/lib/systemd/systemd"; type = types.str; |