diff options
| author | nikstur <nikstur@outlook.com> | 2023-10-17 17:35:16 +0200 |
|---|---|---|
| committer | nikstur <nikstur@outlook.com> | 2023-10-25 00:48:37 +0200 |
| commit | 59e37267556eb917146ca3110ab7c96905b9ffbd (patch) | |
| tree | 1b9cfa0456ab8af2f0296cfa9f4e1679c508f92a | |
| parent | 3c1c4b65e9eaf68e49113cba5dfe6750596fc86f (diff) | |
| download | nixlib-59e37267556eb917146ca3110ab7c96905b9ffbd.tar nixlib-59e37267556eb917146ca3110ab7c96905b9ffbd.tar.gz nixlib-59e37267556eb917146ca3110ab7c96905b9ffbd.tar.bz2 nixlib-59e37267556eb917146ca3110ab7c96905b9ffbd.tar.lz nixlib-59e37267556eb917146ca3110ab7c96905b9ffbd.tar.xz nixlib-59e37267556eb917146ca3110ab7c96905b9ffbd.tar.zst nixlib-59e37267556eb917146ca3110ab7c96905b9ffbd.zip | |
nixos/activation: replace var activationScript via tmpfiles
| -rw-r--r-- | nixos/modules/system/activation/activation-script.nix | 21 | ||||
| -rw-r--r-- | nixos/tests/activation/var.nix | 18 | ||||
| -rw-r--r-- | nixos/tests/all-tests.nix | 1 |
3 files changed, 24 insertions, 16 deletions
diff --git a/nixos/modules/system/activation/activation-script.nix b/nixos/modules/system/activation/activation-script.nix index c8407dd6779a..c62e3933405d 100644 --- a/nixos/modules/system/activation/activation-script.nix +++ b/nixos/modules/system/activation/activation-script.nix @@ -233,23 +233,12 @@ in config = { system.activationScripts.stdio = ""; # obsolete + system.activationScripts.var = ""; # obsolete - system.activationScripts.var = - '' - # Various log/runtime directories. - - mkdir -p /var/tmp - chmod 1777 /var/tmp - - # Empty, immutable home directory of many system accounts. - mkdir -p /var/empty - # Make sure it's really empty - ${pkgs.e2fsprogs}/bin/chattr -f -i /var/empty || true - find /var/empty -mindepth 1 -delete - chmod 0555 /var/empty - chown root:root /var/empty - ${pkgs.e2fsprogs}/bin/chattr -f +i /var/empty || true - ''; + systemd.tmpfiles.rules = [ + "D /var/empty 0555 root root -" + "h /var/empty - - - - +i" + ]; system.activationScripts.usrbinenv = if config.environment.usrbinenv != null then '' diff --git a/nixos/tests/activation/var.nix b/nixos/tests/activation/var.nix new file mode 100644 index 000000000000..1a546a7671c5 --- /dev/null +++ b/nixos/tests/activation/var.nix @@ -0,0 +1,18 @@ +{ lib, ... }: + +{ + + name = "activation-var"; + + meta.maintainers = with lib.maintainers; [ nikstur ]; + + nodes.machine = { }; + + testScript = '' + assert machine.succeed("stat -c '%a' /var/tmp") == "1777\n" + assert machine.succeed("stat -c '%a' /var/empty") == "555\n" + assert machine.succeed("stat -c '%U' /var/empty") == "root\n" + assert machine.succeed("stat -c '%G' /var/empty") == "root\n" + assert "i" in machine.succeed("lsattr -d /var/empty") + ''; +} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 22371c9fec37..c92acdebcc85 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -264,6 +264,7 @@ in { esphome = handleTest ./esphome.nix {}; etc = pkgs.callPackage ../modules/system/etc/test.nix { inherit evalMinimalConfig; }; activation = pkgs.callPackage ../modules/system/activation/test.nix { }; + activation-var = runTest ./activation/var.nix; etcd = handleTestOn ["x86_64-linux"] ./etcd.nix {}; etcd-cluster = handleTestOn ["x86_64-linux"] ./etcd-cluster.nix {}; etebase-server = handleTest ./etebase-server.nix {}; |