After I reconfigured to a broken, unbootable generation and then rebooted to an old working generation, I found my user account password was locked. This was my /etc/shadow:
root::18045:::::: florian:!:18045:::::: nobody:!:18045:::::: guixbuilder01:!:18045:::::: guixbuilder02:!:18045:::::: guixbuilder03:!:18045:::::: guixbuilder04:!:18045:::::: guixbuilder05:!:18045:::::: guixbuilder06:!:18045:::::: guixbuilder07:!:18045:::::: guixbuilder08:!:18045:::::: guixbuilder09:!:18045:::::: guixbuilder10:!:18045:::::: ntpd:!:18045:::::: messagebus:!:18045:::::: polkitd:!:18045:::::: geoclue:!:18045:::::: colord:!:18045:::::: avahi:!:18045:::::: gdm:!:18045:::::: httpd:!:18045:::::: Logging in as root (root had an empty password before as well) and running `passwd florian` fixed it, and I *cannot* reproduce the bug anymore by booting the broken generation again, i.e. my password remains set now. I presume it is not possible to lock a password by typing the wrong password too often on the virtual console? If you think this is not enough material to work on, feel free to close this bug, but there seems to be some misbehavior somewhere in Guix’ password management. (The reason for the new generation’s brokenness seems unrelated; it could not boot after I tried adding syslogd to the requirements of udev-shepherd-service.) Regards, Florian