52 lines
2.1 KiB
Nix
52 lines
2.1 KiB
Nix
|
{ pkgs, lib, config, ... }:
|
||
|
let
|
||
|
ensureNixPath = "${config.xdg.configHome}/dotfiles/ensure_nix.sh";
|
||
|
in
|
||
|
{
|
||
|
config = lib.mkIf config.frogeye.userNix {
|
||
|
home.activation = {
|
||
|
# When Nix is installed in the user directory via a proot, systemd --user
|
||
|
# is started outside of it, so it cannot access /nix. So we need to:
|
||
|
# - Ensure files systemd access aren't via /nix.
|
||
|
# Sometimes there's multiple layers of redirection, so easiest way is
|
||
|
# to copy the file outside the repository, but if using regular files
|
||
|
# directly home-manager will complain that it will overwrite
|
||
|
# something it didn't write.
|
||
|
# - Wrap services entrypoints into a proot wrapper
|
||
|
prootSystemd = lib.hm.dag.entryAfter [ "linkGeneration" ] [ "reloadSystemd" ] ''
|
||
|
cd ${config.xdg.configHome}/systemd/user
|
||
|
${pkgs.findutils}/bin/find . -type l | while read path
|
||
|
do
|
||
|
${pkgs.gnused}/bin/sed 's|^Exec\S\+=|\0${ensureNixPath} |' "$path" > "''${path}-proot"
|
||
|
rm "$path"
|
||
|
ln -s "''${path}-proot" "$path"
|
||
|
done
|
||
|
'';
|
||
|
# I wonder if it's possible to do this in a slightly more Nix way, without causing infinite recursion
|
||
|
|
||
|
# Create a graphical entrypoint by overriding one of the OS programs
|
||
|
graphicalEntrypoints =
|
||
|
let
|
||
|
graphicalEntrypoint = pkgs.writeTextFile {
|
||
|
name = "graphical-entrypoint";
|
||
|
text = ''
|
||
|
#!/usr/bin/env sh
|
||
|
exec ${ensureNixPath} ${config.xsession.scriptPath}
|
||
|
'';
|
||
|
executable = true;
|
||
|
};
|
||
|
in
|
||
|
lib.mkIf config.frogeye.desktop.xorg
|
||
|
lib.hm.dag.entryAfter [ "writeBoundary" ] ''
|
||
|
cp -f ${graphicalEntrypoint} ${config.home.homeDirectory}/.local/bin/cinnamon-session-cinnamon
|
||
|
'';
|
||
|
};
|
||
|
|
||
|
# Some systemd options don't work if you're running a proot inside, so they need to be relaxed
|
||
|
# TODO Following is what's necessary to remove for Syncthing to work. Might be applicable on all services.
|
||
|
# PrivateUsers=true
|
||
|
# RestrictNamespaces=true
|
||
|
# SystemCallFilter=@system-service
|
||
|
};
|
||
|
}
|