From 9e720a58817b13746b079597b4ff8e9bd0f5ce31 Mon Sep 17 00:00:00 2001
From: nikstur <nikstur@outlook.com>
Date: Wed, 7 Aug 2024 16:09:52 +0200
Subject: [PATCH] nixos/systemd-tmpfiles: create /etc/mtab via environmemt.etc
 instead of tmpfiles

This enables an immutable /etc via `system.etc.overlay.mutable = false`.
---
 nixos/modules/system/boot/systemd/tmpfiles.nix   | 6 ++++--
 nixos/tests/activation/etc-overlay-immutable.nix | 3 +++
 nixos/tests/misc.nix                             | 3 +++
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/nixos/modules/system/boot/systemd/tmpfiles.nix b/nixos/modules/system/boot/systemd/tmpfiles.nix
index ded13728017d..af37fb07d29b 100644
--- a/nixos/modules/system/boot/systemd/tmpfiles.nix
+++ b/nixos/modules/system/boot/systemd/tmpfiles.nix
@@ -200,6 +200,10 @@ in
           rm -f $out/${removePrefix "tmpfiles.d/" name}
         '') config.system.build.etc.passthru.targets;
       }) + "/*";
+      "mtab" = {
+        mode = "direct-symlink";
+        source = "/proc/mounts";
+      };
     };
 
     systemd.tmpfiles.packages = [
@@ -244,13 +248,11 @@ in
       "L+ /nix/var/nix/gcroots/booted-system 0755 root root - /run/booted-system"
       "d  /run/lock                          0755 root root - -"
       "d  /var/db                            0755 root root - -"
-      "L  /etc/mtab                          -    -    -    - ../proc/mounts"
       "L  /var/lock                          -    -    -    - ../run/lock"
       # Boot-time cleanup
       "R! /etc/group.lock                    -    -    -    - -"
       "R! /etc/passwd.lock                   -    -    -    - -"
       "R! /etc/shadow.lock                   -    -    -    - -"
-      "R! /etc/mtab*                         -    -    -    - -"
       "R! /nix/var/nix/gcroots/tmp           -    -    -    - -"
       "R! /nix/var/nix/temproots             -    -    -    - -"
     ];
diff --git a/nixos/tests/activation/etc-overlay-immutable.nix b/nixos/tests/activation/etc-overlay-immutable.nix
index dbb7337b5dc1..6d56db43f0b2 100644
--- a/nixos/tests/activation/etc-overlay-immutable.nix
+++ b/nixos/tests/activation/etc-overlay-immutable.nix
@@ -32,6 +32,9 @@
     with subtest("direct symlinks point to the target without indirection"):
       assert machine.succeed("readlink -n /etc/localtime") == "/etc/zoneinfo/Utc"
 
+    with subtest("/etc/mtab points to the right file"):
+      assert "/proc/mounts" == machine.succeed("readlink --no-newline /etc/mtab")
+
     with subtest("Correct mode on the source password files"):
       assert machine.succeed("stat -c '%a' /var/lib/nixos/etc/passwd") == "644\n"
       assert machine.succeed("stat -c '%a' /var/lib/nixos/etc/group") == "644\n"
diff --git a/nixos/tests/misc.nix b/nixos/tests/misc.nix
index 33b3ca2c11c2..1d296accf121 100644
--- a/nixos/tests/misc.nix
+++ b/nixos/tests/misc.nix
@@ -99,6 +99,9 @@ in {
       with subtest("whether systemd-tmpfiles settings works"):
           machine.succeed("[ -e /tmp/somefile ]")
 
+      with subtest("/etc/mtab"):
+          assert "/proc/mounts" == machine.succeed("readlink --no-newline /etc/mtab")
+
       with subtest("whether automounting works"):
           machine.fail("grep '/tmp2 tmpfs' /proc/mounts")
           machine.succeed("touch /tmp2/x")