Unable to switch to the latest generation on unstable

[iopq]

Describe the bug

When I updated my flake and tried to switch to the new generation, it failed with

[iopq@desktop:~]$ sudo nixos-rebuild switch
[sudo] password for iopq: 
warning: Git tree '/etc/nixos' is dirty
building the system configuration...
warning: Git tree '/etc/nixos' is dirty
evaluation warning: qt6Packages.stdenv is deprecated. Use stdenv instead.
terminate called after throwing an instance of 'nix::Error'
  what():  error: cannot determine user's home directory
Traceback (most recent call last):
  File "/nix/store/sk24hzhak6cy37g7yq9yyb6c93csjv7s-systemd-boot/bin/systemd-boot", line 431, in <module>
    main()
  File "/nix/store/sk24hzhak6cy37g7yq9yyb6c93csjv7s-systemd-boot/bin/systemd-boot", line 414, in main
    install_bootloader(args)
  File "/nix/store/sk24hzhak6cy37g7yq9yyb6c93csjv7s-systemd-boot/bin/systemd-boot", line 357, in install_bootloader
    gens = get_generations()
           ^^^^^^^^^^^^^^^^^
  File "/nix/store/sk24hzhak6cy37g7yq9yyb6c93csjv7s-systemd-boot/bin/systemd-boot", line 213, in get_generations
    gen_list = run(
               ^^^^
  File "/nix/store/sk24hzhak6cy37g7yq9yyb6c93csjv7s-systemd-boot/bin/systemd-boot", line 58, in run
    return subprocess.run(cmd, check=True, text=True, stdout=stdout)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/nix/store/c9m6yd8fg1flz2j5r4bif1ib5j20a0cy-python3-3.12.8/lib/python3.12/subprocess.py", line 571, in run
    raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['/nix/store/w6wybyfakrgnp1rb0mrj66xlj8118z8c-nix-2.24.11/bin/nix-env', '--list-generations', '-p', '/nix/var/nix/profiles/system']' died with <Signals.SIGABRT: 6>.
Failed to install bootloader

Steps To Reproduce

sudo nixos-rebuild switch

Expected behavior

switch should succeed

Metadata

nix-env (Nix) 2.24.11

sudo /nix/store/w6wybyfakrgnp1rb0mrj66xlj8118z8c-nix-2.24.11/bin/nix-env --list-generations -p /nix/var/nix/profiles/system

returns a list of generations

• checked latest Nix manual (source)
• checked open bug issues and pull requests for possible duplicates

---

Add 👍 to issues you find important.

[iopq]

the command that fails is

sudo systemd-run -E LOCALE_ARCHIVE -E NIXOS_INSTALL_BOOTLOADER= --collect --no-ask-password --pipe --quiet --service-type=exec --unit=nixos-rebuild-switch-to-configuration --wait /nix/store/y93s787hifig9pf2z4w8h1x4a5cwmqwp-nixos-system-desktop-25.05.20250104.8f3e1f8/bin/switch-to-configuration switch

I manually ran

sudo /nix/store/y93s787hifig9pf2z4w8h1x4a5cwmqwp-nixos-system-desktop-25.05.20250104.8f3e1f8/bin/switch-to-configuration switch

then everything worked again for a bit, and then failed again when I changed the configuration

nix-profile also has some errors

[iopq]

nix shell gives this error

[iopq@desktop:~]$ nix-shell -p nvtop
error:
       … while calling the 'import' builtin
         at «string»:1:18:
            1| {...}@args: with import <nixpkgs> args; (pkgs.runCommandCC or pkgs.runCommand) "shell" { buildInputs = [ (nvtop) ]; } ""
             |                  ^

       … while realising the context of a path

       … while calling the 'findFile' builtin
         at «string»:1:25:
            1| {...}@args: with import <nixpkgs> args; (pkgs.runCommandCC or pkgs.runCommand) "shell" { buildInputs = [ (nvtop) ]; } ""
             |                         ^

       error: cannot connect to socket at '/nix/var/nix/daemon-socket/socket': Connection refused

[iopq]

The issue is somehow my entire /nix folder is owned by another user which runs the proxy program which causes
every permission problem possible

after i chowned some folders I got a new error message:

terminate called after throwing an instance of 'nix::Error'
  what():  error: cannot determine user's home directory
/run/current-system/sw/bin/nixos-rebuild: line 216:  8058 Aborted                 (core dumped) "$@"

[iopq]

I reinstalled NixOS, it worked, switching to old config worked.

I turned on my proxy, did a switch successfully once and it started happening again

to turn on my proxy I do this:

#!/bin/sh
ip rule add fwmark 1 table 100
ip route add local 0.0.0.0/0 dev lo table 100


iptables -t mangle -N XRAY

iptables -t mangle -A XRAY -d 192.168.2.211/24 -j RETURN


# 组播地址/E类地址/广播地址直连
iptables -t mangle -A XRAY -d 224.0.0.0/3 -j RETURN
iptables -t mangle -A XRAY -d 0.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY -d 10.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY -d 100.64.0.0/10 -j RETURN
iptables -t mangle -A XRAY -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY -d 169.254.0.0/16 -j RETURN
iptables -t mangle -A XRAY -d 172.16.0.0/12 -j RETURN
iptables -t mangle -A XRAY -d 192.168.0.0/16 -j RETURN
iptables -t mangle -A XRAY -d 198.18.0.0/15 -j RETURN
iptables -t mangle -A XRAY -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY -d 240.0.0.0/4 -j RETURN

iptables -t mangle -A XRAY ! -s 192.168.2.211/24 -j RETURN

iptables -t mangle -A XRAY -p tcp -j TPROXY --on-port 2500 --tproxy-mark 1
iptables -t mangle -A XRAY -p udp -j TPROXY --on-port 2500 --tproxy-mark 1

iptables -t mangle -A PREROUTING -j XRAY

iptables -t mangle -N XRAY_MASK
iptables -t mangle -A XRAY_MASK -m owner --gid-owner 23333 -j RETURN
iptables -t mangle -A XRAY_MASK -d 0.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY_MASK -d 10.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY_MASK -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY_MASK -d 169.254.0.0/16 -j RETURN
iptables -t mangle -A XRAY_MASK -d 172.16.0.0/12 -j RETURN
iptables -t mangle -A XRAY_MASK -d 192.168.0.0/16 -j RETURN
iptables -t mangle -A XRAY_MASK -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY_MASK -d 240.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY_MASK -j MARK --set-mark 1
iptables -t mangle -A OUTPUT -p tcp -j XRAY_MASK
iptables -t mangle -A OUTPUT -p udp -j XRAY_MASK 

and then I run with sudo -u xray_tproxy xray -c reality.json

[iopq]

when I do "ls -al" in /etc/nixos I get this

[iopq@desktop:/etc/nixos]$ ls -al
total 40
drwxr-xr-x  3 xray_tproxy root  4096 Jan 13 15:33 .
drwxr-xr-x 37 xray_tproxy root  4096 Jan 13 15:37 ..
-rw-r--r--  1 xray_tproxy root 13671 Jan 13 15:33 configuration.nix
-rw-r--r--  1 xray_tproxy root  1000 Jan 10 18:43 flake.lock
-rw-r--r--  1 xray_tproxy root  1533 Jan 10 18:43 flake.nix
-rw-r--r--  1 xray_tproxy root  1493 Jan 10 18:13 hardware-configuration.nix
drwxr-xr-x  3 iopq        root  4096 Jan 13 15:52 scripts

in fact the entire / folder is owned by the proxy user

[iopq@desktop:/]$ ls -al
total 76
drwxr-xr-x  20 xray_tproxy root  4096 Jan 12 02:48 .
drwxr-xr-x  20 xray_tproxy root  4096 Jan 12 02:48 ..
drwxr-xr-x   2 xray_tproxy root  4096 Jan 13 15:37 bin
drwx------   4 xray_tproxy root  4096 Jan  1  1970 boot
drwx------   2 xray_tproxy root  4096 Jan 12 02:48 .cache
drwxr-xr-x  19 xray_tproxy root  3740 Jan 13 15:10 dev
drwxr-xr-x  37 xray_tproxy root  4096 Jan 13 15:37 etc
drwxr-xr-x   3 xray_tproxy root  4096 Jan 10 18:33 home
drwxr-xr-x   2 xray_tproxy root  4096 Jan 11 17:42 lib
drwxr-xr-x   2 xray_tproxy root  4096 Jan 11 17:42 lib64
drwx------   2 xray_tproxy root 16384 Jan 10 18:13 lost+found
drwxr-xr-x   4 xray_tproxy root  4096 Jan 10 18:13 nix
dr-xr-xr-x 376 xray_tproxy root     0 Jan 13 15:09 proc
drwx------   4 xray_tproxy root  4096 Jan 13 15:36 root
drwxr-xr-x  25 xray_tproxy root   620 Jan 13 15:37 run
drwxr-xr-x   2 xray_tproxy root  4096 Jan 10 18:33 srv
dr-xr-xr-x  13 xray_tproxy root     0 Jan 13 15:09 sys
drwxrwxrwt  20 xray_tproxy root  4096 Jan 13 16:11 tmp
drwxr-xr-x   3 xray_tproxy root  4096 Jan 10 18:33 usr
drwxr-xr-x   9 xray_tproxy root  4096 Jan 10 18:34 var

[iopq]

if I disable the proxy and then run

[iopq@desktop:/]$ sudo /nix/store/4hbk6ji872lhjwnb71hcjs264n7frfpd-nixos-system-desktop-25.05.20250104.8f3e1f8/bin/switch-to-configuration switch
activating the configuration...
setting up /etc...
reloading user units for iopq...
restarting sysinit-reactivation.target
the following new units were started: NetworkManager-dispatcher.service

[iopq@desktop:/]$ sudo systemd-run -E LOCALE_ARCHIVE -E NIXOS_INSTALL_BOOTLOADER= --collect --no-ask-password --pipe --quiet --service-type=exec --unit=nixos-rebuild-switch-to-configuration --wait /nix/store/4hbk6ji872lhjwnb71hcjs264n7frfpd-nixos-system-desktop-25.05.20250104.8f3e1f8/bin/switch-to-configuration switch
activating the configuration...
setting up /etc...
reloading user units for iopq...
restarting sysinit-reactivation.target

now the last command works and I can successfully switch

now the / folder is owned by root again

[iopq@desktop:/]$ ls -al
total 76
drwxr-xr-x  20 root root  4096 Jan 12 02:48 .
drwxr-xr-x  20 root root  4096 Jan 12 02:48 ..
drwxr-xr-x   2 root root  4096 Jan 13 16:16 bin
drwx------   4 root root  4096 Jan  1  1970 boot
drwx------   2 root root  4096 Jan 12 02:48 .cache
drwxr-xr-x  19 root root  3740 Jan 13 15:10 dev
drwxr-xr-x  37 root root  4096 Jan 13 16:16 etc
drwxr-xr-x   3 root root  4096 Jan 10 18:33 home
drwxr-xr-x   2 root root  4096 Jan 11 17:42 lib
drwxr-xr-x   2 root root  4096 Jan 11 17:42 lib64
drwx------   2 root root 16384 Jan 10 18:13 lost+found
drwxr-xr-x   4 root root  4096 Jan 10 18:13 nix
dr-xr-xr-x 373 root root     0 Jan 13 15:09 proc
drwx------   4 root root  4096 Jan 13 15:36 root
drwxr-xr-x  25 root root   620 Jan 13 16:16 run
drwxr-xr-x   2 root root  4096 Jan 10 18:33 srv
dr-xr-xr-x  13 root root     0 Jan 13 16:12 sys
drwxrwxrwt  20 root root  4096 Jan 13 16:16 tmp
drwxr-xr-x   3 root root  4096 Jan 10 18:33 usr
drwxr-xr-x   9 root root  4096 Jan 10 18:34 var