I assume /dev/kvm will be then owned by the kvm group. Is it still possible after this change to use kvm without root?

@Mic92: On my system /dev/kvm is read- and writable for all with permissions crw-rw-rw- so it probably doesn't matter, which group owns /dev/kvm.

Otherwise I would be glad to install my nixos from a release-18.03 with this commit cherry picked. I just don't know, how to do it. Is the only way to provide a custom channel? (url with nixexprs.tgz and binary-cache-url files?)

You can set the NIX_PATH environment variable to your nixpkgs fork: NIX_PATH=nixpkgs=/path/to/git/checkout
then just checkout the 18.03 release branch and cherry-pick your changes.

I did export NIX_PATH=nixpkgs=/path/to/git/checkout as root and did run nixos-rebuild switch but I got the following error:

error: file 'nixos-config' was not found in the Nix search path (add it using $NIX_PATH or -I), at /home/typetetris/repos/nixpkgs/nixos/default.nix:1:60
(use '--show-trace' to show detailed location information)

nixos-rebuild switch -I nixpkgs=/path/to/nixpkgs -I nixos-config=/etc/nixos/configuration.nix did work, but it isn't finished yet. (Bad internetconnection here.)

NixOS comes with a udev rule to set 0666 for /dev/kvm:

KERNEL=="kvm",                  MODE="0666"

so the group of the device node isn't relevant.

BTW they do have a sysusers.d file which could be used to check which users are necessary: https://github.com/systemd/systemd/blob/e97b7b5a9c6d76964e3b9d8947ab6ccb30104e0e/sysusers.d/basic.conf.in

Hmm, it build a new system derivation, but in /etc/groups the groups render or kvm aren't present. Does the misc module only apply for a fresh reinstall?

@dezgeg Why not just trust the README?

@dezgeg render and kvm groups are mentioned in the file you specify.

Ah, I need to alter nixos/modules/config/users-groups.nix too.

After a rebuild and a reboot:

$ ls -l /dev/kvm
crw-rw-rw- 1 root kvm 10, 232 Aug 17 05:29 /dev/kvm

That should be ok?

journalctl | grep kvm shows the error message 'Specified group 'kvm' unknown' is gone.

Because the sysusers.d file is machine-parseable thus could be used in a nixos test for instance. (I mean, ideally we'd just use the file directly to avoid this kind of problems, but it probably sounds kind of hard to fit into our passwd/shadow generator).

I could try to write a test case for nixos/tests/systemd.nix but that will probably take a while. Should this pull request be stalled, until such a test arrives?

I don't think there is need for test right now. Issue isn't show-stopper.

Yeah I agree, there's no real pressure for writing the test. Just something handy to have when we update systemd the next time, but that's likely not going to happen in months.

Is there something I still need to do, to get this merged? If it is unwanted change, please tell me, so I can close the pull request.

Sorry this fell through the cracks. Applied now.