Skip to content

Commit

Permalink
nixos/activation: replace var activationScript via tmpfiles
Browse files Browse the repository at this point in the history
  • Loading branch information
nikstur committed Oct 24, 2023
1 parent 3c1c4b6 commit 59e3726
Show file tree
Hide file tree
Showing 3 changed files with 24 additions and 16 deletions.
21 changes: 5 additions & 16 deletions nixos/modules/system/activation/activation-script.nix
Original file line number Diff line number Diff line change
Expand Up @@ -233,23 +233,12 @@ in
config = {

system.activationScripts.stdio = ""; # obsolete
system.activationScripts.var = ""; # obsolete

system.activationScripts.var =
''
# Various log/runtime directories.
mkdir -p /var/tmp
chmod 1777 /var/tmp
# Empty, immutable home directory of many system accounts.
mkdir -p /var/empty
# Make sure it's really empty
${pkgs.e2fsprogs}/bin/chattr -f -i /var/empty || true
find /var/empty -mindepth 1 -delete
chmod 0555 /var/empty
chown root:root /var/empty
${pkgs.e2fsprogs}/bin/chattr -f +i /var/empty || true
'';
systemd.tmpfiles.rules = [
"D /var/empty 0555 root root -"
"h /var/empty - - - - +i"
];

system.activationScripts.usrbinenv = if config.environment.usrbinenv != null
then ''
Expand Down
18 changes: 18 additions & 0 deletions nixos/tests/activation/var.nix
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
{ lib, ... }:

{

name = "activation-var";

meta.maintainers = with lib.maintainers; [ nikstur ];

nodes.machine = { };

testScript = ''
assert machine.succeed("stat -c '%a' /var/tmp") == "1777\n"
assert machine.succeed("stat -c '%a' /var/empty") == "555\n"
assert machine.succeed("stat -c '%U' /var/empty") == "root\n"
assert machine.succeed("stat -c '%G' /var/empty") == "root\n"
assert "i" in machine.succeed("lsattr -d /var/empty")
'';
}
1 change: 1 addition & 0 deletions nixos/tests/all-tests.nix
Original file line number Diff line number Diff line change
Expand Up @@ -264,6 +264,7 @@ in {
esphome = handleTest ./esphome.nix {};
etc = pkgs.callPackage ../modules/system/etc/test.nix { inherit evalMinimalConfig; };
activation = pkgs.callPackage ../modules/system/activation/test.nix { };
activation-var = runTest ./activation/var.nix;
etcd = handleTestOn ["x86_64-linux"] ./etcd.nix {};
etcd-cluster = handleTestOn ["x86_64-linux"] ./etcd-cluster.nix {};
etebase-server = handleTest ./etebase-server.nix {};
Expand Down

0 comments on commit 59e3726

Please sign in to comment.