nixos copySystemConfiguration: enable by default

[ryantrinkle]

Motivation for this change

system.copySystemConfiguration copies /etc/nixos/configuration.nix into the system derivation at build time. This can be very useful for debugging, but is much more useful if it was enabled before problems were encountered; however, users are not likely to realize they need this feature until it is too late.

Previously, this feature was not enabled by default because it did not work with chroots (see #7974). That issue was fixed in e1901a1.

[mention-bot]

@ryantrinkle, thanks for your PR! By analyzing the annotation information on this pull request, we identified @edolstra, @lethalman and @shlevy to be potential reviewers

[bjornfor]

Your PR message contains useful information about why we should have this. IMHO, that belongs in the commit message as well. (Btw, if the commit started out with that message, github would automatically copy it to the PR message when you open the PR.)

How does it work for users with modularized configuration.nix? Does only the configuration.nix file itself get copied, or also all referenced files?

[edolstra]

Indeed we cannot enable this option by default because <nixos-config> is not always used, e.g. in NixOps deployments.

[joachifm]

Looks to me like this could be closed?

[vcunat]

How does it work for users with modularized configuration.nix? Does only the configuration.nix file itself get copied, or also all referenced files?

As noted in the option's description, it's simple and only copies that single file, so the general usability seems rather limited to me.

[ryantrinkle]

Hi everyone, and thanks for the input. With your explanations, it certainly makes sense why it's not enabled by default. However, I still wonder if there is a way we can help beginners with this, since they're they ones most likely to need it and least likely to know about it. Just today, there was a post on the mailing list where someone didn't know about this option until it was too late.

@edolstra Perhaps it would make sense to change nixos-generate-config to set this option to true, while keeping the default as false. That way, people following the instructions for their first install would get it, while NixOps and such would not be impacted. I'm happy to figure it out and send a PR if this is a good solution.

[techhazard]

I was the one that accidentally deleted my /etc/nixops/configuration.nix and asked on the mailing list if there was a way to restore it. Sadly, there wasn't but I was able to more-or-less restore it by snippets (1 and 2) and most of the remaining by memory. 😃

While I do see why it is set to false by default (because it would give a false sense of security[1]), I do agree with @ryantrinkle that it would be a good idea to have it set to true in newly generated configs. Perhaps with a comment that unambiguously states that only /etc/nixos/configuration.nix is backed-up.

[1]: which can probably be solved with #709 on Nix: deterministic evaluation of expressions/derivations which will make it possible to determine what files configuration.nix includes and to back those up as well.

[vcunat]

[1] would be like using a sledgehammer to crack a nut.

[techhazard]

@vcunat fair enough, but it's probably useful for other situations as well.
Regardless, lets see if we can find a proper nutcracker for this one. 😄