Ensure permission bits are (re)set on each system activation with
explicit chmod call.
mkdir -m MODE PATH will only set the permission bits if PATH is
*created*, which means users that have old NixOS versions will continue
to have the old 700 permissions on /var/log/journal until they chmod
manually. With this commit the permissions will be set to 755 on system
activation.
This makes the system journal readable by users in the
systemd-journal, wheel and adm groups. It also allows users to read
their own journals.
Note that this doesn't change the permissions of existing journals.
Turns out that remote-fs-pre.target is not actually "wanted" anywhere,
so statd is not started before remote filesystems are mounted. But
remote filesystems do "want" network-online.target, so we can use that
to pull in statd and idmapd.
Not sure if this is really the right thing to do, but it works for
now. Background:
https://bugzilla.redhat.com/show_bug.cgi?id=787314http://hydra.nixos.org/build/5542230
Grub uses mdadm to find out the device it is on, especially when mdadm itself
resides in a separate boot partition. When bootstrapping from a NixOS
installation CD, it's not a big issue because usually the paths from the Nix
store of the installation CD are matching with the ones in the chrooted
environment.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
If we only need to generate a GRUB boot menu, we don't need GRUB
itself. This cuts 38 MiB from EC2 system closures (in particular
because it gets rid of the need for the 32-bit Glibc).
"require" is a stronger version of "want",
and just like wantedBy allows you to specify this relation in reverse,
requiredBy does the same.
It may seem pointless to be able to specify these stronger relations in
reverse, because if something is really required, you would expect the
other unit to specify this himself.
However, this is still useful for virtual/automatic units (like
devices) that are created by systemd on demand and hence have no unit
file you can alter.
Previously we synced just before calling switch-to-configuration.
That prevents corruption of the Nix store, but it can leave the boot
loader configuration and kernel files in /boot corrupted. So do the
sync after installing the boot loader.
Usually timers.target is pulled in by basic.target, but we don't
restart basic.target. So timers.target wouldn't be started when
coming from an older systemd.
Now that nixUnstable supports remounting in the "/nix/store is a
mountpoint" case, this is no longer necessary.
This reverts commit f1d48aec43.
Signed-off-by: Shea Levy <shea@shealevy.com>
This makes it so multiple definitions are merged by adding a newline
between each entry, to avoid the need to add a newline to the end of
every definition of extraModprobeConfig. See #119 for an example of an
issue this has caused.
Signed-off-by: Shea Levy <shea@shealevy.com>
In principle this could work, but the current remount logic in nix fails
to remount mountpoints that are root in their own filesystem (as would
be the case with bind-mounting a mountpoint over itself). nixos/nix#98
is aimed at fixing this.
Signed-off-by: Shea Levy <shea@shealevy.com>
man logind.conf clearly states that the header is [Login] (no 'd').
Without this fix services.logind.extraConfig does not take effect
because logind ignores the invalidly named section.
So that we can customize systemd-logind in configuration.nix.
Example:
services.logind.extraConfig = "HandleLidSwitch=ignore";
See man logind.conf for available options.
