[Nix-dev] How to move /nix into /usr?

Mathnerd314 mathnerd314.gph at gmail.com
Wed Nov 11 05:33:24 CET 2015


On Tue, Nov 10, 2015 at 12:57 PM, Tobias Hunger <tobias.hunger at gmail.com>
wrote:

> I am wondering how I can implement a stateless system with NixOS. On
> arch Linux I rely on systemd to get me most of the way, but that is
> not an option in NixOS. Systemd is unfortunately completely outdated
> in NixOS:-/
>
It's updated to v227 in staging (
https://github.com/NixOS/nixpkgs/issues/6671#issuecomment-153747149), and
staging will be merged "soon": https://github.com/NixOS/nixpkgs/issues/10925

Even if I updated systemd: It will not work with NixOS, since systemd
> assumes all the binaries to be in /usr. So it only offers kernel-flags
> to mount root and usr... which is not really helpful for NixOS.

Right, NixOS uses a shell script for the initrd:
https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/system/boot/stage-1-init.sh.


There is also the "ProtectSystem" for service units: That also protects
> /usr, not /nix.
>
The init scripts already mount /nix read-only; I guess ProtectSystem could
too but it would be redundant.

So how can I move /nix into /usr to make systemd happy? Or should
> NixOS ship with a patched systemd that treats /nix special instead of
> /usr? That would require a lot of documentation updates and would be a
> major derivation from all other systemd distributions.
>
NixOS already uses a patched systemd; the changes so far are pretty small:
https://github.com/systemd/systemd/compare/master...NixOS:nixos-v227
There are still many references to /usr left, e.g. in ProtectSystem as you
mentioned.

On Tue, Nov 10, 2015 at 2:06 PM, Tobias Hunger <tobias.hunger at gmail.com>
wrote:

> NixOS does actually go surprisingly far here, but my first test of
> just doing rm -rf /etc did break e.g. root login.

There is some discussion in https://github.com/NixOS/nixpkgs/issues/3192 of
what is needed for /etc. For root login and /etc/passwd in particular you
can set users.mutableUsers=false and security.initialRootPassword.

-- Mathnerd314
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20151110/ff871612/attachment.html 


More information about the nix-dev mailing list