Skip to content

nixos: systemd-homed support#205121

Merged
flokli merged 2 commits intoNixOS:stagingfrom
alaviss:homed
Dec 23, 2022
Merged

nixos: systemd-homed support#205121
flokli merged 2 commits intoNixOS:stagingfrom
alaviss:homed

Conversation

@alaviss
Copy link
Contributor

@alaviss alaviss commented Dec 8, 2022
edited
Loading

Description of changes

Fixes #91243 #79263

This change involves two new modules, one for userdbd and another for homed.

I've been daily driving this for awhile, and I can verify that it works with fprintd as well.

Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 23.05 Release Notes (or backporting 22.11 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
    • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
  • Fits CONTRIBUTING.md.

@alaviss alaviss requested a review from a team as a code owner December 8, 2022 08:59
@github-actions github-actions bot added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 6.topic: systemd Software suite that provides an array of system components for Linux operating systems. 8.has: module (update) This PR changes an existing module in `nixos/` labels Dec 8, 2022
@ofborg ofborg bot requested review from Mic92, flokli and kloenk December 8, 2022 09:10
@ofborg ofborg bot added 10.rebuild-darwin: 101-500 This PR causes between 101 and 500 packages to rebuild on Darwin. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. labels Dec 8, 2022
@flokli
Copy link
Member

flokli commented Dec 8, 2022

Thanks for the PR! However, this needs to target staging due to the amount of rebuilds. Can this be rebased on staging? (Please check the contribution guideline on how to rebase this on staging without causing a mass ping)

@mweinelt mweinelt marked this pull request as draft December 8, 2022 11:19
@alaviss
nixos/systemd/userdbd: add method to enable service
0cc87ab 
This is recommended to enable in conjunction with systemd-homed.
@alaviss alaviss changed the base branch from master to staging December 8, 2022 16:29
@alaviss alaviss marked this pull request as ready for review December 8, 2022 16:30
@alaviss
nixos: add systemd-homed support
05420f3 
As a start, it's not very configurable, but works pretty well.
flokli
flokli reviewed Dec 11, 2022
View reviewed changes
nixos/tests/systemd-userdbd.nix
"service": "io.systemd.Multiplexer",
"userName": name
})
return json.loads(machine.succeed(f"varlink call {Interface}.GetUserRecord {quote(payload)}"))
Copy link
Member

@flokli flokli Dec 11, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you add some tests usinggetent here, to make sure the NSS side of things also works?

Or could this potentially be folded into nixos/tests/nscd.nix, having one machine config with and one without userdbd enabled?

Copy link
Contributor Author

@alaviss alaviss Dec 12, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can add a getent test but I'm not sure if it will do a lot.

nss-systemd have a fallback system so if it can't query the varlink interface it will just use the internal implementation instead.

Copy link
Member

@flokli flokli Dec 12, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmmh, we could hide /etc/userdb/test-user-dropin.user for the getent process with libredirect, like we hide /etc/hosts (so these lookups can only succeed if they go via ns(n)cd).

But it's a bit ugly indeed, and the current whoami check is probably fine to ensure it gets the user id somehow?! WDYT?

Copy link
Contributor Author

@alaviss alaviss Dec 21, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmmh, we could hide /etc/userdb/test-user-dropin.user for the getent process with libredirect, like we hide /etc/hosts (so these lookups can only succeed if they go via ns(n)cd).

Yea but all lookup using nss-systemd has to go through nscd which can see all files anyway :p

I think for userdbd this simple check is enough.

@flokli flokli requested a review from arianvp December 12, 2022 11:02
@flokli
Copy link
Member

flokli commented Dec 23, 2022

Alright, let's cook this in staging :-) Thanks for the PR! :-)

@flokli flokli merged commit 6b1a896 into NixOS:staging Dec 23, 2022
@alaviss alaviss deleted the homed branch December 23, 2022 13:14
This was referenced May 24, 2023
Closed
Closed
@Janik-Haag Janik-Haag added the 12.first-time contribution This PR is the author's first one; please be gentle! label Jun 12, 2023
@ShalokShalom ShalokShalom mentioned this pull request Apr 3, 2024
Open
2 tasks
@jtojnar jtojnar mentioned this pull request Nov 3, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@flokli flokli flokli left review comments

@kloenk kloenk Awaiting requested review from kloenk

@Mic92 Mic92 Awaiting requested review from Mic92

@arianvp arianvp Awaiting requested review from arianvp

Assignees

No one assigned

Labels

6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 6.topic: systemd Software suite that provides an array of system components for Linux operating systems. 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 101-500 This PR causes between 101 and 500 packages to rebuild on Darwin. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. 12.first-time contribution This PR is the author's first one; please be gentle!

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

systemd-homed support

3 participants

@alaviss @flokli @Janik-Haag