Nixos-rebuild switch is failing when systemd linger is enabled

elmer · August 19, 2023, 4:28pm

Hi everybody,

Recently I created some system users that will run systemd user services and I enabled systemd linger.

I didn’t use loginctl enable-linger USER since this is NixOS and therefore I have:

config.systemd.tmpfiles.rules =
	[
		"f /var/lib/systemd/linger/USER"
		...
	];

Everything worked fine after nixos-rebuild boot --flake ... && reboot - linger was enabled.

But later today I run nixos-rebuild switch --flake ... and I got:

building the system configuration...
updating GRUB 2 menu...
activating the configuration...
setting up /etc...
reloading user units for root...
reloading user units for myspecial1...
Job for nixos-activation.service failed because the control process exited with error code.
See "systemctl --user status nixos-activation.service" and "journalctl --user -xeu nixos-activation.service" for details.
reloading user units for myspecial2...
Job for nixos-activation.service failed because the control process exited with error code.
See "systemctl --user status nixos-activation.service" and "journalctl --user -xeu nixos-activation.service" for details.
reloading user units for myspecial3...
Job for nixos-activation.service failed because the control process exited with error code.
See "systemctl --user status nixos-activation.service" and "journalctl --user -xeu nixos-activation.service" for details.
reloading user units for myspecial4...
Job for nixos-activation.service failed because the control process exited with error code.
See "systemctl --user status nixos-activation.service" and "journalctl --user -xeu nixos-activation.service" for details.
setting up tmpfiles

So I decided to check what is going on…

sudo -su myspecial1

And I run (XDG_RUNTIME_DIR was empty):

XDG_RUNTIME_DIR="/run/user/$(id -u)" systemctl --user status nixos-activation.service

and got:

× nixos-activation.service - Run user-specific NixOS activation
     Loaded: loaded (/etc/systemd/user/nixos-activation.service; enabled; preset: enabled)
     Active: failed (Result: exit-code) since Sat 2023-08-19 08:26:27 UTC; 3min 5s ago
    Process: 7179 ExecStart=/nix/store/094l2c5dc61fx5v35wnjkykp2n01ikm3-unit-script-nixos-activation-start/bin/nixos-activation-start (code=exited, status=255/EXCEPTION)
   Main PID: 7179 (code=exited, status=255/EXCEPTION)
        CPU: 19ms

Aug 19 08:26:27 myhost systemd[5807]: Starting Run user-specific NixOS activation...
Aug 19 08:26:27 myhost nixos-activation-start[7183]: kbuildsycoca5 running...
Aug 19 08:26:27 myhost nixos-activation-start[7183]: kf.service.sycoca: Couldn't create "/var/empty/.cache"
Aug 19 08:26:27 myhost systemd[5807]: nixos-activation.service: Main process exited, code=exited, status=255/EXCEPTION
Aug 19 08:26:27 myhost systemd[5807]: nixos-activation.service: Failed with result 'exit-code'.
Aug 19 08:26:27 myhost systemd[5807]: Failed to start Run user-specific NixOS activation.

Could you please advise?

I don’t want to get flood of errors each time I nixos-rebuild switch…

Do I even need nixos-activation.service for these special users? I didn’t create the service in config so NixOS did that for some reason…

Thank you.

danf · August 22, 2023, 6:45am

I have the same problem - in my case I just used loginctl enable-linger to enable linger for a user that runs Podman containers.

I don’t understand why nixos-rebuild switch is trying to restart those user systemd services that probably don’t even exist for users that don’t have home directory since user systemd services are defined in ~/.config/systemd/user that doesn’t exist for special users.

rudolf · August 23, 2023, 7:22am

You don’t.

You can try to override nixos-activation.service and add one or multiple: ConditionUser=!<user>.

elmer · August 24, 2023, 8:02am

I’m sorry, I can’t figure out the way to do it.

rudolf · August 24, 2023, 8:09am

You’ll need to modify attr ConditionUser in config.systemd.user.services.nixos-activation.unitConfig that already exists (on my system) so you will need to mkForce-it. The "!@system" is the existing default value that means the service doesn’t apply to users within system uid range.

config.systemd.user.services.nixos-activation.unitConfig.ConditionUser =
  mkForce
    [
      "!@system"
      "!1234"
      "!orJustName"
    ];

After switch, you should be able to:

systemctl --user cat nixos-activation.service

And see multiple ConditionUser= entries.

elmer · August 24, 2023, 8:33am

Thank you very much - it worked!