Skip to content

Enable users thanks to userborn #266

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
JulienMalka wants to merge 9 commits into
base: main
Choose a base branch
from
+1,802 −38
Draft

Enable users thanks to userborn #266

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
837154f
Update nixpkgs and nix-vm-test input
jfroche Dec 29, 2025
1ad9794
Enable system activation scripts
jfroche Aug 20, 2025
50c7a20
Non functional POC for user/group management
jfroche Aug 26, 2025
fb6672b
Add userborn
JulienMalka Sep 8, 2025
2cef9b6
add test for stateful users preservation
JulienMalka Nov 2, 2025
efa66a4
intro experimental userborn version
JulienMalka Nov 2, 2025
4837ce2
fix passwd --stdin not available on old ubuntu versions
JulienMalka Nov 2, 2025
8dd3413
chore: update compatibility with latest nixpkgs changes
jfroche Nov 14, 2025
6a7b4d8
chore: fix code formatting
jfroche Nov 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

28 changes: 28 additions & 0 deletions crates/system-manager-engine/src/activate.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,8 @@ pub fn activate(store_path: &StorePath, ephemeral: bool) -> Result<()> {

match etc_files::activate(store_path, old_state.file_tree, ephemeral) {
Ok(etc_tree) => {
log::info!("Restarting sysinit-reactivation.target...");
services::restart_sysinit_reactivation_target()?;
log::info!("Activating tmp files...");
let tmp_result = tmp_files::activate(&etc_tree);
if let Err(e) = &tmp_result {
Expand All @@ -106,6 +108,19 @@ pub fn activate(store_path: &StorePath, ephemeral: bool) -> Result<()> {
};
final_state.write_to_file(state_file)?;

log::info!("Running system activation script...");
match run_system_activation_script(store_path) {
Ok(status) if status.success() => {
log::info!("System activation script executed successfully.");
}
Ok(status) => {
log::error!("System activation script failed with status: {status}");
}
Err(e) => {
log::error!("Error running system activation script: {e}");
}
}

if let Err(e) = tmp_result {
return Err(e.into());
}
Expand Down Expand Up @@ -218,6 +233,19 @@ fn run_preactivation_assertions(store_path: &StorePath) -> Result<process::ExitS
Ok(status)
}

fn run_system_activation_script(store_path: &StorePath) -> Result<process::ExitStatus> {
let status = process::Command::new(
store_path
.store_path
.join("bin")
.join("systemActivationScript"),
)
.stderr(process::Stdio::inherit())
.stdout(process::Stdio::inherit())
.status()?;
Ok(status)
}

fn get_state_file() -> Result<PathBuf> {
let state_file = Path::new(SYSTEM_MANAGER_STATE_DIR).join(STATE_FILE_NAME);
DirBuilder::new()
Expand Down
25 changes: 18 additions & 7 deletions crates/system-manager-engine/src/activate/services.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,13 +79,6 @@ pub fn activate(
)
.map_err(|e| ActivationError::with_partial_result(services.clone(), e))?;

// We added all new services and removed old ones, so let's reload the units
// to tell systemd about them.
log::info!("Reloading the systemd daemon...");
service_manager
.daemon_reload()
.map_err(|e| ActivationError::with_partial_result(services.clone(), e))?;

wait_for_jobs(
&service_manager,
&job_monitor,
Expand Down Expand Up @@ -308,3 +301,21 @@ impl From<JobId> for String {
value.id
}
}

pub fn restart_sysinit_reactivation_target() -> anyhow::Result<()> {
let service_manager = systemd::ServiceManager::new_session()?;
let job_monitor = service_manager.monitor_jobs_init()?;
let timeout = Some(Duration::from_secs(30));

log::info!("Reloading the systemd daemon...");
service_manager.daemon_reload()?;

let jobs = for_each_unit(
|unit| service_manager.restart_unit(unit),
["sysinit-reactivation.target"],
"restarting",
);

wait_for_jobs(&service_manager, &job_monitor, jobs, &timeout)?;
Ok(())
}
4 changes: 4 additions & 0 deletions examples/example.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,5 +102,9 @@
mode = "0755";
};
};

system.activationScripts.test = ''
echo "This is a test activation script"
'';
};
}
148 changes: 144 additions & 4 deletions flake.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

12 changes: 9 additions & 3 deletions flake.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,14 @@
};

inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
inputs.userborn.url = "github:JulienMalka/userborn/stateful-users";

outputs =
{ self, nixpkgs }:
{
self,
nixpkgs,
userborn,
}:
let
systems = [
"aarch64-linux"
Expand All @@ -26,8 +31,8 @@
);
nix-vm-test-lib =
let
rev = "e34870b8dd2c2d203c05b4f931b8c33eaaf43b81";
sha256 = "sha256:1qp1fq96kv9i1nj20m25057pfcs1b1c9bj4502xy7gnw8caqr30d";
rev = "991369a72fe577c2bcdad0b26bf8c63a6f94f84b";
sha256 = "sha256:1ygn0acvzzrg0jbnbpwfl4n4k2ka6ay0x34sj61g11c1pvckl3m9";
in
"${
builtins.fetchTarball {
Expand Down Expand Up @@ -82,6 +87,7 @@
(import ./test/nix/modules {
inherit system;
inherit (nixpkgs) lib;
userborn = userborn.packages.${system}.default;
nix-vm-test = import nix-vm-test-lib {
inherit nixpkgs;
inherit system;
Expand Down
49 changes: 26 additions & 23 deletions nix/modules/default.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,23 +81,23 @@

# Statically assigned UIDs and GIDs.
# Ideally we use DynamicUser as much as possible to avoid the need for these.
ids = {
uids = lib.mkOption {
internal = true;
description = lib.mdDoc ''
The user IDs used by system-manager.
'';
type = types.attrsOf types.int;
};

gids = lib.mkOption {
internal = true;
description = lib.mdDoc ''
The group IDs used by system-manager.
'';
type = types.attrsOf types.int;
};
};
# ids = {
# uids = lib.mkOption {
# internal = true;
# description = lib.mdDoc ''
# The user IDs used by system-manager.
# '';
# type = types.attrsOf types.int;
# };
#
# gids = lib.mkOption {
# internal = true;
# description = lib.mdDoc ''
# The group IDs used by system-manager.
# '';
# type = types.attrsOf types.int;
# };
# };

# No-op option for now.
# TODO: should we include the settings in /etc/logrotate.d ?
Expand All @@ -108,12 +108,12 @@
};

# No-op option for now.
users = lib.mkOption {
internal = true;
default = { };
type = types.attrs;
};

# users = lib.mkOption {
# internal = true;
# default = { };
# type = types.attrs;
# };
#
networking = {
enableIPv6 = lib.mkEnableOption "IPv6" // {
default = true;
Expand Down Expand Up @@ -232,6 +232,8 @@
${system-manager}/bin/system-manager-engine deactivate "$@"
'';

systemActivationScript = pkgs.writeShellScript "systemActivationScript" config.system.activationScripts.script;

preActivationAssertionScript =
let
mkAssertion =
Expand Down Expand Up @@ -275,6 +277,7 @@
exit 0
fi
'';

};

# TODO: handle globbing
Expand Down
Loading