usernix: Added

2023-12-22 23:29:14 +01:00 · 2023-12-22 23:29:14 +01:00 · 5b85606831
parent 82caafaceb
commit 5b85606831
3 changed files with 53 additions and 0 deletions
--- a/hm/default.nix
+++ b/hm/default.nix
@ -9,6 +9,7 @@
    ./gaming
    ./ssh.nix
    ./style.nix
+    ./usernix
    ./vim.nix
  ];
 }
--- a/hm/usernix/default.nix
+++ b/hm/usernix/default.nix
@ -0,0 +1,51 @@
+{ pkgs, lib, config, ... }:
+let
+  ensureNixPath = "${config.xdg.configHome}/dotfiles/ensure_nix.sh";
+in
+{
+  config = lib.mkIf config.frogeye.userNix {
+    home.activation = {
+      # When Nix is installed in the user directory via a proot, systemd --user
+      # is started outside of it, so it cannot access /nix. So we need to:
+      # - Ensure files systemd access aren't via /nix.
+      #     Sometimes there's multiple layers of redirection, so easiest way is
+      #     to copy the file outside the repository, but if using regular files
+      #     directly home-manager will complain that it will overwrite
+      #     something it didn't write.
+      # - Wrap services entrypoints into a proot wrapper
+      prootSystemd = lib.hm.dag.entryAfter [ "linkGeneration" ] [ "reloadSystemd" ] ''
+        cd ${config.xdg.configHome}/systemd/user
+        ${pkgs.findutils}/bin/find . -type l | while read path
+        do
+          ${pkgs.gnused}/bin/sed 's|^Exec\S\+=|\0${ensureNixPath} |' "$path" > "''${path}-proot"
+          rm "$path"
+          ln -s "''${path}-proot" "$path"
+        done
+      '';
+      # I wonder if it's possible to do this in a slightly more Nix way, without causing infinite recursion
+
+      # Create a graphical entrypoint by overriding one of the OS programs
+      graphicalEntrypoints =
+        let
+          graphicalEntrypoint = pkgs.writeTextFile {
+            name = "graphical-entrypoint";
+            text = ''
+              #!/usr/bin/env sh
+              exec ${ensureNixPath} ${config.xsession.scriptPath}
+            '';
+            executable = true;
+          };
+        in
+        lib.mkIf config.frogeye.desktop.xorg
+          lib.hm.dag.entryAfter [ "writeBoundary" ] ''
+          cp -f ${graphicalEntrypoint} ${config.home.homeDirectory}/.local/bin/cinnamon-session-cinnamon
+        '';
+    };
+
+    # Some systemd options don't work if you're running a proot inside, so they need to be relaxed
+    # TODO Following is what's necessary to remove for Syncthing to work. Might be applicable on all services.
+    # PrivateUsers=true
+    # RestrictNamespaces=true
+    # SystemCallFilter=@system-service
+  };
+}
--- a/options.nix
+++ b/options.nix
@ -3,6 +3,7 @@
  options.frogeye = {
    extra = lib.mkEnableOption "Big software";
    gaming = lib.mkEnableOption "Games";
+    userNix = lib.mkEnableOption "Nix is \"installed\" in ~/.nix";
    polarity = lib.mkOption {
      default = "dynamic";
      description = "Whether to use light theme or dark theme.";