make /etc/nixos writable

[aikooo7]

What is the objective of this PR

• make /etc/nixos writable

Note

I based myself in the welcome script and tested it before committing

Closes #384

[aikooo7]

I had my email wrong so that is the reason the commit was unverified and that is also why I did a force-push

[SuperSandro2000]

I had my email wrong so that is the reason the commit was unverified and that is also why I did a force-push

I don't think anyone cares here. Feel free to force push the review comments, too.

[aikooo7]

Testing again my implementation I found out that I almost every time in boot I get the error: sudo: /run/current-system/sw/bin/sudo must be owned by uid 0 and have the setuid bit set, but the thing is I am able to run root and nixos-wsl-permissions-fix after the shell loaded, so my assumption is that somehow in the first boot the sudo permissions are not correct at the time I run the script.

I'm really out of ideas so any idea would be appreciated

[nzbr]

Instead of using shell init, you could let this run as an activation script. That way, you don't need sudo. Otherwise, you need to use sudo from /run/wrappers/bin. Files in the nix store can not have the suid bit set, therefore NixOS creates wrappers for them through an activation script

[nzbr]

Only saw your comment on the issue now, sorry. The activation script could be handled the same way the shell hook currently is - so that it's gone after the first rebuild. Another option would be to create a file in the tarball builder, that gets removed by the script, so that the chmod only runs once

[aikooo7]

activation script

Using /run/wrappers/bin/sudo gives me: /run/current-system/sw/bin/nixos-wsl-permissions-fix: line 3: /run/wrappers/bin/sudo: No such file or directory

Using a activation script will always change permissions, and that may not be what the users want, but if you want me to do it I can for sure

[aikooo7]

Only saw your comment on the issue now, sorry.

Dont' worry about that, it happens with everyone

Another option would be to create a file in the tarball builder, that gets removed by the script, so that the chmod only runs once

I tried doing nixos-enter --root "$root" --command 'se^Cacl -R -m u:nixos:rwx /etc/nixos' and I got chmod: changing permissions of '/dev': Operation not permitted chmod: changing permissions of '/sys': Operation not permitted

The thing is, even if doing a command like pwd I get the same think

[aikooo7]

activation script

Using /run/wrappers/bin/sudo gives me: /run/current-system/sw/bin/nixos-wsl-permissions-fix: line 3: /run/wrappers/bin/sudo: No such file or directory

Using a activation script will always change permissions, and that may not be what the users want, but if you want me to do it I can for sure

Do you want me to use a activation script? @nzbr

[nzbr]

Either that or a systemd service. Having it as a part of the shell init is suboptimal imho. Make the tarball builder touch a file like /etc/nixos/.chmod or something and check if it exists. If it does, rm the file and run the chmod. That way we can even put it in the regular config so that it still works for people who build their own tarballs

[aikooo7]

Either that or a systemd service. Having it as a part of the shell init is suboptimal imho. Make the tarball builder touch a file like /etc/nixos/.chmod or something and check if it exists. If it does, rm the file and run the chmod. That way we can even put it in the regular config so that it still works for people who build their own tarballs

I also had idea of the builder touching a file but I thought it was bad practice. Since it is okay I will implement it.

[aikooo7]

I will be closing this since it was already fixed