Closed thom-cameron closed 2 weeks ago
No idea what the issue could be. Have you tried to run sudo /tmp/nh-os-iVxsvr/result/bin/switch-to-configuration test
on your regular terminal?
Just tried that but nh doesn't appear to have written the "nh-os-iVxsvr" folder it says it has. I just get a "command not found" as a result.
It also seems to be able to create "nh-home-*" folders, just not os ones.
For any os
command, it doesn't create any /tmp/nh-os-*
folder?
EDIT: Also, what is your nix version?
Nope. Here's an example:
thom@nix-lat:~
> ls /tmp/ | rg ^nh
nh-home-eDPDz5
thom@nix-lat:~
> nh os build
> Building NixOS configuration
warning: Git tree '/home/thom/.config/nixos' is dirty
Finished at 12:03:32 after 9s
> Comparing changes
<<< /run/current-system
>>> /tmp/nh-os-QYAV08/result
No version or selection state changes.
Closure size: 1806 -> 1806 (0 paths added, 0 paths removed, delta +0, disk usage +0B).
thom@nix-lat:~
> ls /tmp/ | rg ^nh
nh-home-eDPDz5
I'm on nixos/home-manager version 24.05 and nix version 2.18.2.
And if you run the nix build command manually?
mkdir -p /tmp/nh-os-iVxsvr
nix build '/home/thom/.config/nixos#nixosConfigurations."nix-lat".config.system.build.toplevel' --out-link /tmp/nh-os-iVxsvr/result
After creating the directory with doas mkdir, here's what I get:
nix build '/home/thom/.config/nixos#nixosConfigurations."nix-lat".config.system.build.toplevel' --out-link /tmp/nh-os-iVxsvr/result
warning: Git tree '/home/thom/.config/nixos' is dirty
error: creating symlink from '/tmp/nh-os-iVxsvr/result.tmp-244084-1335243724' to '/nix/store/1jhdl46wy34q866lb3vhr207pbwh7lbi-nixos-system-nix-lat-24.05.20240524.d12251e': Permission denied
The directory must be created by your user, and you should be able to do so from the permissions of /tmp
:
$ stat --format="%a" /tmp
1777
Ah apologies, yeah, that works ok actually:
thom@nix-lat:~
> mkdir -p /tmp/nh-os-iVxsvr
nix build '/home/thom/.config/nixos#nixosConfigurations."nix-lat".config.system.build.toplevel' --out-link /tmp/nh-os-iVxsvr/result
warning: Git tree '/home/thom/.config/nixos' is dirty
thom@nix-lat:~
> ls /tmp/nh-os-iVxsvr/result/
activate dry-activate init kernel-modules sw
append-initrd-secrets etc init-interface-version kernel-params system
bin extra-dependencies initrd nixos-version systemd
boot.json firmware kernel specialisation
Then I have no idea why nix doesn't create the symlink if ran within nh
I have the same problem as OP, and nearly the same output and setup. The only difference is, that the name of my /tmp/nh-
directory is different and that i'm on nixos-unstable and not on 24.05.
I could solve the problem by enabling sudo
. Thereafter, nh
was able to activate the configuration. If i disable sudo
again, it fails again.
Could you please try to reproduce it yourself by disabling sudo
and enabling doas
? I have the impression, that nh
disregards the symlink of sudo to doas and always tries to execute sudo
directly.
My relevant settings in configuration.nix
should be the following:
security = {
sudo = {
enable = false;
execWheelOnly = true;
extraConfig = ''
Defaults passwd_timeout=0
Defaults timestamp_timeout=10'';
};
doas = {
enable = true;
wheelNeedsPassword = true;
extraRules = [
{
groups = ["wheel"];
persist = true;
keepEnv = true;
}
];
};
};
environment.systemPackages = with pkgs; [
(pkgs.writeScriptBin "sudo" ''exec doas "$@"'')
];
Ah right, I just remember I use the crate tempfile
for the outlink, which is cleared after nh exits, with errors or not.
I have the impression, that nh disregards the symlink of sudo to doas and always tries to execute sudo directly.
That's handled by the crate subprocess, which I should probably replace with std::process
You closed this as completed and nh just updated to 3.5.25 on nixos-unstable. However, it still fails with
Error:
0: No such file or directory (os error 2)
1: No such file or directory (os error 2)
Location:
src/commands.rs:59
when i set security.sudo.enable = false;
and it tries to activate the new derivation.
Is it meant to work already or will this come in a future version?
Could you run with --verbose and paste the output?
nh os switch --verbose ERR 58m 15s 18:24
TRACE nh::logging:86: Logging OK
DEBUG nh:22: args=NHParser { verbose: true, command: Os(OsArgs { action: Switch(OsRebuildArgs { common: CommonRebuildArgs { dry: false, ask: false, flakeref: FlakeRef("/home/sperber/Dokumente/Install/Linux/Nixos/flake"), update: false, no_nom: false, diff_provider: "nvd diff", out_link: None }, hostname: None, specialisation: None, no_specialisation: false, extra_args: [], bypass_root_check: false }) }) }
DEBUG nh::nixos:58: out_path=("/tmp/nh-osK24sF9/result", TempDir { path: "/tmp/nh-osK24sF9" })
> Building NixOS configuration
DEBUG nh::commands:136: cmd=Pipeline { nix build '/home/sperber/Dokumente/Install/Linux/Nixos/flake#nixosConfigurations.""desktop"".config.system.build.toplevel' --log-format internal-json --verbose --out-link /tmp/nh-osK24sF9/result | nom --json }
warning: Git tree '/home/sperber/Dokumente/Install/Linux/Nixos/flake' is dirty
these 11 derivations will be built:
/nix/store/z41952fincyw8qpk2zwmga1hzvxwv2xl-system-path.drv
/nix/store/1adhad7b7cjs5hhj62wry83nyzywf6cg-X-Restart-Triggers-polkit.drv
/nix/store/8m8zxcsmq5wpi0namh3c3svk1mz3al8z-dbus-1.drv
/nix/store/47pzzwp78cf7w64v3fjkr4m4n3n8jsv7-X-Restart-Triggers-dbus.drv
/nix/store/i5mmfwdgm4c6sihs6kji9qiahd5d9hnw-unit-polkit.service.drv
/nix/store/qn4hjdnljjah02pm2hkql7i40fr9y2iq-unit-dbus.service.drv
/nix/store/s8557jmvhj376jmshhl06xz56cn6bqay-system-units.drv
/nix/store/i7g26sdy8lwp3k76a0db7j9nriw12r4k-unit-dbus.service.drv
/nix/store/zgi1cl79p2nhv1b1k33ix5fkq9vzjm27-user-units.drv
/nix/store/gxlml9q8vinjnhs6m1mvvdms8yy8rk80-etc.drv
/nix/store/a5gacvax04472l4xmzlv1wh4ly23m42r-nixos-system-desktop-24.11.20240906.574d1ea.drv
system-path> building '/nix/store/z41952fincyw8qpk2zwmga1hzvxwv2xl-system-path.drv'
system-path> created 8359 symlinks in user environment
X-Restart-Triggers-polkit> building '/nix/store/1adhad7b7cjs5hhj62wry83nyzywf6cg-X-Restart-Triggers-polkit.drv'
dbus> building '/nix/store/8m8zxcsmq5wpi0namh3c3svk1mz3al8z-dbus-1.drv'
unit-polkit.service> building '/nix/store/i5mmfwdgm4c6sihs6kji9qiahd5d9hnw-unit-polkit.service.drv'
X-Restart-Triggers-dbus> building '/nix/store/47pzzwp78cf7w64v3fjkr4m4n3n8jsv7-X-Restart-Triggers-dbus.drv'
unit-dbus.service> building '/nix/store/i7g26sdy8lwp3k76a0db7j9nriw12r4k-unit-dbus.service.drv'
unit-dbus.service> building '/nix/store/qn4hjdnljjah02pm2hkql7i40fr9y2iq-unit-dbus.service.drv'
user-units> building '/nix/store/zgi1cl79p2nhv1b1k33ix5fkq9vzjm27-user-units.drv'
system-units> building '/nix/store/s8557jmvhj376jmshhl06xz56cn6bqay-system-units.drv'
etc> building '/nix/store/gxlml9q8vinjnhs6m1mvvdms8yy8rk80-etc.drv'
nixos-system-desktop-24.11.20240906.574d1ea> building '/nix/store/a5gacvax04472l4xmzlv1wh4ly23m42r-nixos-system-desktop-24.11.20240906.574d1ea.drv'
┏━ Dependency Graph:
┃ ┌─ ✔ unit-dbus.service
┃ ┌─ ✔ user-units
┃ │ ┌─ ✔ X-Restart-Triggers-polkit
┃ │ ┌─ ✔ unit-polkit.service
┃ │ │ ┌─ ✔ system-path ⏱ 1s
┃ │ │ ┌─ ✔ dbus-1
┃ │ │ ┌─ ✔ X-Restart-Triggers-dbus
┃ │ ├─ ✔ unit-dbus.service
┃ ├─ ✔ system-units
┃ ┌─ ✔ etc
┃ ✔ nixos-system-desktop-24.11.20240906.574d1ea
┣━━━ Builds
┗━ ∑ ⏵ 0 │ ✔ 11 │ ⏸ 0 │ Finished at 18:24:34 after 11s
DEBUG nh::nixos:112: target_specialisation: None
> Comparing changes
DEBUG nh::commands:53: cmd=Exec { nvd diff /run/current-system /tmp/nh-osK24sF9/result }
<<< /run/current-system
>>> /tmp/nh-osK24sF9/result
Version changes:
[C*] #1 sudo <none>, 1.9.15p5 -> <none>
Removed packages:
[R.] #1 apparmor-closure-rules-security.wrappers.sudo <none>
[R.] #2 apparmor-closure-rules-security.wrappers.sudoedit <none>
[R.] #3 nixos-security.wrappers-sudo <none>
[R.] #4 nixos-security.wrappers-sudoedit <none>
[R.] #5 security-wrapper-sudo-x86_64-unknown-linux-musl <none>
[R.] #6 security-wrapper-sudoedit-x86_64-unknown-linux-musl <none>
[R.] #7 sudo.pam <none>
[R.] #8 sudoers <none>
Closure size: 1558 -> 1549 (19 paths added, 28 paths removed, delta -9, disk usage -6.1MiB).
> Activating configuration
DEBUG nh::commands:53: cmd=Exec { sudo /tmp/nh-osK24sF9/result/bin/switch-to-configuration test }
activating the configuration...
setting up /etc...
removing obsolete symlink ‘/etc/pam.d/sudo’...
removing obsolete file ‘/etc/sudoers’...
reloading user units for sperber...
restarting sysinit-reactivation.target
reloading the following units: apparmor.service, dbus.service
restarting the following units: polkit.service
DEBUG nh::commands:53: cmd=Exec { sudo nix-env --profile /nix/var/nix/profiles/system --set /tmp/nh-osK24sF9/result }
Error:
0: No such file or directory (os error 2)
1: No such file or directory (os error 2)
Location:
src/commands.rs:59
This seems to be the problem: DEBUG nh::commands:53: cmd=Exec { sudo nix-env --profile /nix/var/nix/profiles/system --set /tmp/nh-osK24sF9/result }
And you have sudo?
removing obsolete file ‘/etc/sudoers’...
Please use <whatever> nh os rebuild -R
if you plan to remove sudo.
Please use
<whatever> nh os rebuild -R
if you plan to remove sudo.
That worked but if i use nh afterwards (the "normal" way) it still fails of course:
$ nh os switch --verbose
...
DEBUG nh::commands:53: cmd=Exec { sudo /tmp/nh-osHREyJb/result/bin/switch-to-configuration test }
Error:
0: Activating configuration
1: No such file or directory (os error 2)
2: No such file or directory (os error 2)
Location:
src/commands.rs:57
I want to use nh with doas just like with sudo.
I have the impression, that nh disregards the symlink of sudo to doas and always tries to execute sudo directly.
That's handled by the crate subprocess, which I should probably replace with std::process
Can you please make nh follow symlinks for sudo instead of hardcoding it? I've symlinked sudo to doas and everything works fine except nh.
I want to use nh with doas just like with sudo.
You will have to wait for #107 then
Hi there. I just updated to nixos 24.05 and therefore have access to nh. It's cool, thanks for making it.
When trying to switch to a new system configuration using nh, I get an error though:
I think everything is configured fine on my end as
nh home switch
is working fine for me.I wonder if it's an issue with permissions as I have replaced sudo with doas (with a symlink). This would be a bit strange though as
nh clean all
prompts me for my password and cleans up successfully.