search

nix-community / impermanence

Modules to help you handle persistent state on systems with ephemeral root storage [maintainer=@talyz]
MIT License
1.14k stars 85 forks source link

Permission denied on NixOS switch #116

Closed cyntheticfox closed 1 year ago

cyntheticfox commented 1 year ago

It's not super problematic, as the errors don't seem to cause any effective changes to the configuration, but I get the following when using the impermanence home-manager module on NixOS:

stopping the following units: systemd-udevd-control.socket, systemd-udevd-kernel.socket, systemd-udevd.service, tlp.service
NOT restarting the following changed units: systemd-fsck@dev-disk-by\x2dlabel-boot.service
activating the configuration...
setting up /etc...
Can't cd to /home/user/repos/nixfiles: Permission denied
Activation script snippet 'etc' failed (13)
find: Failed to restore initial working directory: /home/user/repos/nixfiles: Permission denied
Activation script snippet 'var' failed (1)
reloading user units for user...
setting up tmpfiles
reloading the following units: dbus.service
restarting the following units: home-manager-user.service, polkit.service
starting the following units: systemd-udevd-control.socket, systemd-udevd-kernel.socket, tlp.service
the following new units were started: libvirtd.service
warning: error(s) occurred while switching to the new configuration
[1]    181250 exit 1     nixos-rebuild switch --use-remote-sudo --flake .

Basically, it seems that NixOS, in restarting, attempts to restore your working directory (aren't working directories per-process anyways???) even with --use-remote-sudo, and tries to reload into a exclusive bind-mounted directory (as my ~/repos dir is on a persistent volume) and can't, due to the exclusive property mentioned beforehand.

Is there a way to suppress this error or something? I suppose it could be problematic to do so, since that does assume no dynamics in the exclusivity of the working directory, but I'm not sure if that's something you can even check given what most people assume and build around root on Linux...

talyz commented 1 year ago

This should be solved by setting allowOther = true. See the example and option description here: https://github.com/nix-community/impermanence#home-manager.

cyntheticfox commented 1 year ago

That opens up the bind mount to other users though. I guess I'll just look at setting my own rebuild hook...