diff options
author | Rebecca Kelly <bk@ancilla.ca> | 2023-10-09 22:16:35 -0400 |
---|---|---|
committer | Rebecca Kelly <btk@google.com> | 2023-10-10 08:53:48 -0400 |
commit | e648d4646589c380ff3a9fb57824eacef1cee412 (patch) | |
tree | 246ce79fd9c37485743e52508558bec7e212698a /nixos | |
parent | f6a82ccee51f8b3786eaafe2608fd16ea58d2240 (diff) | |
download | nixpkgs-e648d4646589c380ff3a9fb57824eacef1cee412.tar nixpkgs-e648d4646589c380ff3a9fb57824eacef1cee412.tar.gz nixpkgs-e648d4646589c380ff3a9fb57824eacef1cee412.tar.bz2 nixpkgs-e648d4646589c380ff3a9fb57824eacef1cee412.tar.lz nixpkgs-e648d4646589c380ff3a9fb57824eacef1cee412.tar.xz nixpkgs-e648d4646589c380ff3a9fb57824eacef1cee412.tar.zst nixpkgs-e648d4646589c380ff3a9fb57824eacef1cee412.zip |
nixos/users-groups: add user option to enable lingering
Adapted from https://gist.github.com/graham33/fdbdcc18317a621d9dd54beb36be6683 Fixes #3702 Lingering users can still be managed mutably by root with `loginctl`, but the settings here will take precedence when `nixos-rebuild` is run.
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/config/users-groups.nix | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index f11a1f82fc2..f6e063ccdba 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -330,6 +330,20 @@ let administrator before being able to use the system again. ''; }; + + linger = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Whether to enable lingering for this user. If true, systemd user + units will start at boot, rather than starting at login and stopping + at logout. This is the declarative equivalent of running + `loginctl enable-linger` for this user. + + If false, user units will not be started until the user logs in, and + may be stopped on logout depending on the settings in `logind.conf`. + ''; + }; }; config = mkMerge @@ -663,6 +677,20 @@ in { ''; }; + system.activationScripts.update-lingering = let + lingerDir = "/var/lib/systemd/linger"; + lingeringUsers = map (u: u.name) (attrValues (flip filterAttrs cfg.users (n: u: u.linger))); + lingeringUsersFile = builtins.toFile "lingering-users" + (concatStrings (map (s: "${s}\n") + (sort (a: b: a < b) lingeringUsers))); # this sorting is important for `comm` to work correctly + in stringAfter [ "users" ] '' + if [ -e ${lingerDir} ] ; then + cd ${lingerDir} + ls ${lingerDir} | sort | comm -3 -1 ${lingeringUsersFile} - | xargs -r ${pkgs.systemd}/bin/loginctl disable-linger + ls ${lingerDir} | sort | comm -3 -2 ${lingeringUsersFile} - | xargs -r ${pkgs.systemd}/bin/loginctl enable-linger + fi + ''; + # Warn about user accounts with deprecated password hashing schemes system.activationScripts.hashes = { deps = [ "users" ]; |