nixos/systemd: add presets to ignore all other presets

One of the main premises of NixOS is being able to declaratively specify
the services enabled/running on a machine. Since systemd presets allow
to bypass this this declarative nature, add a single preset with the
highest priority (prefixed with "00") that makes systemd ignore all
other presets.

nixos/modules/system/boot/systemd.nix

@@ -566,6 +566,15 @@ in
       "systemd/user-generators" = { source = hooks "user-generators" cfg.user.generators; };
       "systemd/system-generators" = { source = hooks "system-generators" cfg.generators; };
       "systemd/system-shutdown" = { source = hooks "system-shutdown" cfg.shutdown; };
+
+      # Ignore all other preset files so systemd doesn't try to enable/disable
+      # units during runtime.
+      "systemd/system-preset/00-nixos.preset".text = ''
+        ignore *
+      '';
+      "systemd/user-preset/00-nixos.preset".text = ''
+        ignore *
+      '';
     });
 
     services.dbus.enable = true;

nixos/tests/systemd.nix

@@ -75,9 +75,13 @@ import ./make-test-python.nix ({ pkgs, ... }: {
       rebootTime = "10min";
       kexecTime = "5min";
     };
+
+    environment.etc."systemd/system-preset/10-testservice.preset".text = ''
+      disable ${config.systemd.services.testservice1.name}
+    '';
   };
 
-  testScript = ''
+  testScript = { nodes, ... }: ''
     import re
     import subprocess
 
@@ -213,5 +217,9 @@ import ./make-test-python.nix ({ pkgs, ... }: {
     with subtest("systemd environment is properly set"):
         machine.systemctl("daemon-reexec")  # Rewrites /proc/1/environ
         machine.succeed("grep -q TZDIR=/etc/zoneinfo /proc/1/environ")
+
+    with subtest("systemd presets are ignored"):
+        machine.succeed("systemctl preset ${nodes.machine.systemd.services.testservice1.name}")
+        machine.succeed("test -e /etc/systemd/system/${nodes.machine.systemd.services.testservice1.name}")
   '';
 })