From a9e3ec1d6e6a819d5b57a53bb952a403238b9068 Mon Sep 17 00:00:00 2001
From: Maximilian Bosch <maximilian@mbosch.me>
Date: Sat, 4 Apr 2020 21:11:21 +0200
Subject: [PATCH] nixos/systemd-nspawn: disallow multiple packages with
 `.nspawn`-units

In contrast to `.service`-units, it's not possible to declare an
`overrides.conf`, however this is done by `generateUnits` for `.nspawn`
units as well. This change breaks the build if you have two derivations
configuring one nspawn unit.

This will happen in a case like this:

``` nix
{ pkgs, ... }: {
  systemd.packages = [
    (pkgs.writeTextDir "etc/systemd/nspawn/container0.nspawn" ''
      [Files]
      Bind=/tmp
    '')
  ];
  systemd.nspawn.container0 = {
    /* ... */
  };
}
```
---
 nixos/modules/system/boot/systemd-lib.nix    | 13 ++++++++++---
 nixos/modules/system/boot/systemd-nspawn.nix |  2 +-
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/nixos/modules/system/boot/systemd-lib.nix b/nixos/modules/system/boot/systemd-lib.nix
index a33602915867..fa109394fedb 100644
--- a/nixos/modules/system/boot/systemd-lib.nix
+++ b/nixos/modules/system/boot/systemd-lib.nix
@@ -114,7 +114,9 @@ in rec {
         (if isList value then value else [value]))
         as));
 
-  generateUnits = type: units: upstreamUnits: upstreamWants:
+  generateUnits = generateUnits' true;
+
+  generateUnits' = allowCollisions: type: units: upstreamUnits: upstreamWants:
     pkgs.runCommand "${type}-units"
       { preferLocalBuild = true;
         allowSubstitutes = false;
@@ -182,8 +184,13 @@ in rec {
           if [ "$(readlink -f $i/$fn)" = /dev/null ]; then
             ln -sfn /dev/null $out/$fn
           else
-            mkdir -p $out/$fn.d
-            ln -s $i/$fn $out/$fn.d/overrides.conf
+            ${if allowCollisions then ''
+              mkdir -p $out/$fn.d
+              ln -s $i/$fn $out/$fn.d/overrides.conf
+            '' else ''
+              echo "Found multiple derivations configuring $fn!"
+              exit 1
+            ''}
           fi
        else
           ln -fs $i/$fn $out/
diff --git a/nixos/modules/system/boot/systemd-nspawn.nix b/nixos/modules/system/boot/systemd-nspawn.nix
index 1e2435e36f0c..06ea5ee49f72 100644
--- a/nixos/modules/system/boot/systemd-nspawn.nix
+++ b/nixos/modules/system/boot/systemd-nspawn.nix
@@ -116,7 +116,7 @@ in {
     in 
       mkMerge [
         (mkIf (cfg != {}) { 
-          environment.etc."systemd/nspawn".source = mkIf (cfg != {}) (generateUnits "nspawn" units [] []);
+          environment.etc."systemd/nspawn".source = mkIf (cfg != {}) (generateUnits' false "nspawn" units [] []);
         })
         {
           systemd.targets.multi-user.wants = [ "machines.target" ];