From d60f3cf6e9c904912199ea64156fea295494430a Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Thu, 17 Mar 2022 22:59:43 +0100 Subject: [PATCH 1/2] nix-daemon.conf.in: add tmpfiles file to create nix/daemon-socket directory nix-daemon.socket is used to socket-activate nix-daemon.service when /nix/var/nix/daemon-socket/socket is accessed. In container usecases, sometimes /nix/var/nix/daemon-socket is bind-mounted read-only into the container. In these cases, we want to skip starting nix-daemon.socket. However, since systemd 250, `ConditionPathIsReadWrite` is also not met if /nix/var/nix/daemon-socket doesn't exist at all. This means, a regular NixOS system will skip starting nix-daemon.socket: > [ 237.187747] systemd[1]: Nix Daemon Socket was skipped because of a failed condition check (ConditionPathIsReadWrite=/nix/var/nix/daemon-socket). To prevent this from happening, ship a tmpfiles file that'll cause the directory to be created if it doesn't exist already. In the case of NixOS, we can just add Nix to `systemd.tmpfiles.packages` and have these files picked up automatically. --- misc/systemd/local.mk | 3 ++- misc/systemd/nix-daemon.conf.in | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) create mode 100644 misc/systemd/nix-daemon.conf.in diff --git a/misc/systemd/local.mk b/misc/systemd/local.mk index 1fa037485..76121a0f9 100644 --- a/misc/systemd/local.mk +++ b/misc/systemd/local.mk @@ -1,7 +1,8 @@ ifdef HOST_LINUX $(foreach n, nix-daemon.socket nix-daemon.service, $(eval $(call install-file-in, $(d)/$(n), $(prefix)/lib/systemd/system, 0644))) + $(foreach n, nix-daemon.conf, $(eval $(call install-file-in, $(d)/$(n), $(prefix)/lib/tmpfiles.d, 0644))) - clean-files += $(d)/nix-daemon.socket $(d)/nix-daemon.service + clean-files += $(d)/nix-daemon.socket $(d)/nix-daemon.service $(d)/nix-daemon.conf endif diff --git a/misc/systemd/nix-daemon.conf.in b/misc/systemd/nix-daemon.conf.in new file mode 100644 index 000000000..e7b264234 --- /dev/null +++ b/misc/systemd/nix-daemon.conf.in @@ -0,0 +1 @@ +d @localstatedir@/nix/daemon-socket 0755 root root - - From 67af5f7eda1dade544cc15397a7d0d35d0913cb2 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Tue, 22 Mar 2022 17:06:09 +0100 Subject: [PATCH 2/2] scripts/install-systemd-multi-user.sh: install /etc/tmpfiles.d/nix-daemon.conf, too While `create_directories()` from install-multi-user.sh seems to already create parts of the directory structure, it's marked as deprecated, and it won't hurt also copying over the tmpfiles config and have it execute once. --- scripts/install-systemd-multi-user.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/scripts/install-systemd-multi-user.sh b/scripts/install-systemd-multi-user.sh index f4a2dfc5d..24884a023 100755 --- a/scripts/install-systemd-multi-user.sh +++ b/scripts/install-systemd-multi-user.sh @@ -9,6 +9,8 @@ readonly SERVICE_DEST=/etc/systemd/system/nix-daemon.service readonly SOCKET_SRC=/lib/systemd/system/nix-daemon.socket readonly SOCKET_DEST=/etc/systemd/system/nix-daemon.socket +readonly TMPFILES_SRC=/lib/tmpfiles.d/nix-daemon.conf +readonly TMPFILES_DEST=/etc/tmpfiles.d/nix-daemon.conf # Path for the systemd override unit file to contain the proxy settings readonly SERVICE_OVERRIDE=${SERVICE_DEST}.d/override.conf @@ -83,6 +85,13 @@ EOF poly_configure_nix_daemon_service() { if [ -e /run/systemd/system ]; then task "Setting up the nix-daemon systemd service" + + _sudo "to create the nix-daemon tmpfiles config" \ + ln -sfn /nix/var/nix/profiles/default/$TMPFILES_SRC $TMPFILES_DEST + + _sudo "to run systemd-tmpfiles once to pick that path up" \ + sytemd-tmpfiles create --prefix=/nix/var/nix + _sudo "to set up the nix-daemon service" \ systemctl link "/nix/var/nix/profiles/default$SERVICE_SRC"