In principle this could work, but the current remount logic in nix fails
to remount mountpoints that are root in their own filesystem (as would
be the case with bind-mounting a mountpoint over itself). nixos/nix#98
is aimed at fixing this.
Signed-off-by: Shea Levy <shea@shealevy.com>
man logind.conf clearly states that the header is [Login] (no 'd').
Without this fix services.logind.extraConfig does not take effect
because logind ignores the invalidly named section.
So that we can customize systemd-logind in configuration.nix.
Example:
services.logind.extraConfig = "HandleLidSwitch=ignore";
See man logind.conf for available options.
EC2 instances don't have a console, so it's pointless to start
emergency mode if a mount fails. (This happened to me with an
encrypted filesystem where the key wasn't sent on time using "charon
send-keys".) Better to cross fingers and continue booting.
Starting an authenticated root shell is a security hole, so don't do
it by default. The kernel command line parameter
‘initrd.shell_on_fail’ restores the original. (Of course, this only
improves security if you have a password on GRUB to prevent the kernel
command line from being edited by unauthorized users.)
The 'memtest86' package didn't work on any of my machines. 'memtest86plus', on
the other hand, seems to work just fine. Does anyone know why we keep the
seemingly older version around still?
The "S|s|single" option is handled by systemd (starting
rescue.target). And the rescue target basically removes the need for
a special debug shell. (Also, there is "systemd.crash_shell=1" for
starting a shell if systemd crashes.)
Also, symlink kbrequest.target to rescue.target as suggested by the
systemd.special manpage. This way, you can start a sulogin rescue
shell by pressing Alt+Up.
During a configuration switch, changed units are stopped in the old
configuration, then started in the new configuration (i.e. after
running the activation script and running "systemctl daemon-reload").
This ensures that services are stopped using the ExecStop/ExecStopPost
commands from the old configuration.
However, for some services it's undesirable to stop them; in
particular dhcpcd, which deconfigures its network interfaces when it
stops. This is dangerous when doing remote upgrades - usually things
go right (especially because the switch script ignores SIGHUP), but
not always (see 9aa69885f0). Likewise,
sshd should be kept running for as long as possible to prevent a
lock-out if the switch fails.
So the new option ‘stopIfChanged = false’ causes "systemctl restart"
to be used instead of "systemctl stop" followed by "systemctl start".
This is only proper for services that don't have stop commands. (And
it might not handle dependencies properly in some cases, but I'm not
sure.)
