nixos/udev: Always fail if rules contain FHS paths

Partially reverts the following commits:

  9f2a61c59c
  9c13fe6604

As @edolstra pointed out, it would make more sense to do this by default
instead of having that allowImpurePaths option. This of course might
break systems which add extra packages to udev, but on the upside it's
hard to miss one of these paths now because it won't get buried in the
ocean of build output lines.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>

nixos/modules/services/hardware/udev.nix

@@ -116,7 +116,7 @@ let
           )"
           echo "$localFile ($remoteFile) contains references to $refs."
         done
-        ${optionalString (!cfg.allowImpurePaths) "exit 1"}
+        exit 1
       fi
 
       ${optionalString config.networking.usePredictableInterfaceNames ''
@@ -232,20 +232,6 @@ in
         '';
       };
 
-      allowImpurePaths = mkOption {
-        default = true;
-        example = false;
-        type = types.bool;
-        description = ''
-          If this is disabled, the build will fail whenever one of the
-          <command>udev</command> rules contains a reference to
-          <filename>/usr/bin</filename>, <filename>/usr/sbin</filename>,
-          <filename>/bin</filename> or <filename>/sbin</filename>.
-
-          By default only a warning is printed during build.
-        '';
-      };
-
     };
 
     hardware.firmware = mkOption {

nixos/tests/installer.nix

@@ -30,8 +30,6 @@ let
 
         hardware.enableAllFirmware = lib.mkForce false;
 
-        services.udev.allowImpurePaths = false;
-
         ${replaceChars ["\n"] ["\n  "] extraConfig}
       }
     '';
@@ -187,8 +185,6 @@ let
 
             hardware.enableAllFirmware = mkForce false;
 
-            services.udev.allowImpurePaths = false;
-
             # The test cannot access the network, so any packages we
             # need must be included in the VM.
             system.extraDependencies =