From f7637100655127dffbe14011b45be6a71f0e203d Mon Sep 17 00:00:00 2001 From: ajs124 Date: Thu, 11 Aug 2022 02:35:29 +0200 Subject: [PATCH 1/2] nixos/udisks2: don't enable by default This was enabled by default in 18a7ce76fcf80389bc8db2dd3e961a74637b5162 with the reason that it would be "useful regardless of the desktop environment.", which I'm not arguing against. The reason why this should not be enabled by default is that there are a lot of systems that NixOS runs on that are not desktop systems. Users on such systems most likely do not want or need this feature and could even consider this an antifeature. Furthermore, it is surprising to them to find out that they have this enabled on their systems. They might be even more surprised to find that they have polkit enabled by default, which was a default that was flipped in a813be071ceed15b9238373bd751ee99e2470357. For some discussion as to why see https://github.com/NixOS/nixpkgs/pull/156858. Evidently, this default is not only surprising to users, but also module developers, as most if not all modules for desktop environments already explicity set services.udisks2.enable = true; which they don't need to right now. --- .../manual/from_md/release-notes/rl-2211.section.xml | 12 ++++++++++++ nixos/doc/manual/release-notes/rl-2211.section.md | 3 +++ nixos/modules/services/hardware/udisks2.nix | 9 +-------- nixos/modules/virtualisation/container-config.nix | 1 - 4 files changed, 16 insertions(+), 9 deletions(-) diff --git a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml index 5d09d3a93aa..aaa85138dfa 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml @@ -392,6 +392,18 @@ as coreboot’s fork is no longer available. + + + The udisks2 service, available at + services.udisks2.enable, is now disabled by + default. It will automatically be enabled through services and + desktop environments as needed. This also means that polkit + will now actually be disabled by default. The default for + security.polkit.enable was already flipped + in the previous release, but udisks2 being enabled by default + re-enabled it. + + Add udev rules for the Teensy family of microcontrollers. diff --git a/nixos/doc/manual/release-notes/rl-2211.section.md b/nixos/doc/manual/release-notes/rl-2211.section.md index f37d7d827bd..e1253d46190 100644 --- a/nixos/doc/manual/release-notes/rl-2211.section.md +++ b/nixos/doc/manual/release-notes/rl-2211.section.md @@ -145,6 +145,9 @@ Use `configure.packages` instead. - memtest86+ was updated from 5.00-coreboot-002 to 6.00-beta2. It is now the upstream version from https://www.memtest.org/, as coreboot's fork is no longer available. +- The udisks2 service, available at `services.udisks2.enable`, is now disabled by default. It will automatically be enabled through services and desktop environments as needed. + This also means that polkit will now actually be disabled by default. The default for `security.polkit.enable` was already flipped in the previous release, but udisks2 being enabled by default re-enabled it. + - Add udev rules for the Teensy family of microcontrollers. - The `pass-secret-service` package now includes systemd units from upstream, so adding it to the NixOS `services.dbus.packages` option will make it start automatically as a systemd user service when an application tries to talk to the libsecret D-Bus API. diff --git a/nixos/modules/services/hardware/udisks2.nix b/nixos/modules/services/hardware/udisks2.nix index f9b5afceac3..988e975d7e6 100644 --- a/nixos/modules/services/hardware/udisks2.nix +++ b/nixos/modules/services/hardware/udisks2.nix @@ -19,14 +19,7 @@ in services.udisks2 = { - enable = mkOption { - type = types.bool; - default = true; - description = lib.mdDoc '' - Whether to enable Udisks, a DBus service that allows - applications to query and manipulate storage devices. - ''; - }; + enable = mkEnableOption "udisks2, a DBus service that allows applications to query and manipulate storage devices."; settings = mkOption rec { type = types.attrsOf settingsFormat.type; diff --git a/nixos/modules/virtualisation/container-config.nix b/nixos/modules/virtualisation/container-config.nix index 0966ef84827..94f28ea80d0 100644 --- a/nixos/modules/virtualisation/container-config.nix +++ b/nixos/modules/virtualisation/container-config.nix @@ -8,7 +8,6 @@ with lib; # Disable some features that are not useful in a container. nix.optimise.automatic = mkDefault false; # the store is host managed - services.udisks2.enable = mkDefault false; powerManagement.enable = mkDefault false; documentation.nixos.enable = mkDefault false; From 90d88829da22d5b90048ce6c82bb164b660ddab8 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Thu, 11 Aug 2022 13:28:31 +0200 Subject: [PATCH 2/2] nixos/gvfs: enable udisks2 can be used by gvfs and is disabled by default after f7637100655127dffbe14011b45be6a71f0e203d --- nixos/modules/services/desktops/gvfs.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/modules/services/desktops/gvfs.nix b/nixos/modules/services/desktops/gvfs.nix index 4aa6412aaa5..84cd2963872 100644 --- a/nixos/modules/services/desktops/gvfs.nix +++ b/nixos/modules/services/desktops/gvfs.nix @@ -56,6 +56,8 @@ in services.udev.packages = [ pkgs.libmtp.out ]; + services.udisks2.enable = true; + # Needed for unwrapped applications environment.sessionVariables.GIO_EXTRA_MODULES = [ "${cfg.package}/lib/gio/modules" ];