From 5b85606831e26f29bf98a1ca9b12da53d45cbada Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Geoffrey=20=E2=80=9CFrogeye=E2=80=9D=20Preud=27homme?=
 <geoffrey@frogeye.fr>
Date: Fri, 22 Dec 2023 23:29:14 +0100
Subject: [PATCH] usernix: Added

---
 hm/default.nix         |  1 +
 hm/usernix/default.nix | 51 ++++++++++++++++++++++++++++++++++++++++++
 options.nix            |  1 +
 3 files changed, 53 insertions(+)
 create mode 100644 hm/usernix/default.nix

diff --git a/hm/default.nix b/hm/default.nix
index 13087c4..f53ecb5 100644
--- a/hm/default.nix
+++ b/hm/default.nix
@@ -9,6 +9,7 @@
     ./gaming
     ./ssh.nix
     ./style.nix
+    ./usernix
     ./vim.nix
   ];
 }
diff --git a/hm/usernix/default.nix b/hm/usernix/default.nix
new file mode 100644
index 0000000..1040e2a
--- /dev/null
+++ b/hm/usernix/default.nix
@@ -0,0 +1,51 @@
+{ pkgs, lib, config, ... }:
+let
+  ensureNixPath = "${config.xdg.configHome}/dotfiles/ensure_nix.sh";
+in
+{
+  config = lib.mkIf config.frogeye.userNix {
+    home.activation = {
+      # When Nix is installed in the user directory via a proot, systemd --user
+      # is started outside of it, so it cannot access /nix. So we need to:
+      # - Ensure files systemd access aren't via /nix.
+      #     Sometimes there's multiple layers of redirection, so easiest way is
+      #     to copy the file outside the repository, but if using regular files
+      #     directly home-manager will complain that it will overwrite
+      #     something it didn't write.
+      # - Wrap services entrypoints into a proot wrapper
+      prootSystemd = lib.hm.dag.entryAfter [ "linkGeneration" ] [ "reloadSystemd" ] ''
+        cd ${config.xdg.configHome}/systemd/user
+        ${pkgs.findutils}/bin/find . -type l | while read path
+        do
+          ${pkgs.gnused}/bin/sed 's|^Exec\S\+=|\0${ensureNixPath} |' "$path" > "''${path}-proot"
+          rm "$path"
+          ln -s "''${path}-proot" "$path"
+        done
+      '';
+      # I wonder if it's possible to do this in a slightly more Nix way, without causing infinite recursion
+
+      # Create a graphical entrypoint by overriding one of the OS programs
+      graphicalEntrypoints =
+        let
+          graphicalEntrypoint = pkgs.writeTextFile {
+            name = "graphical-entrypoint";
+            text = ''
+              #!/usr/bin/env sh
+              exec ${ensureNixPath} ${config.xsession.scriptPath}
+            '';
+            executable = true;
+          };
+        in
+        lib.mkIf config.frogeye.desktop.xorg
+          lib.hm.dag.entryAfter [ "writeBoundary" ] ''
+          cp -f ${graphicalEntrypoint} ${config.home.homeDirectory}/.local/bin/cinnamon-session-cinnamon
+        '';
+    };
+
+    # Some systemd options don't work if you're running a proot inside, so they need to be relaxed
+    # TODO Following is what's necessary to remove for Syncthing to work. Might be applicable on all services.
+    # PrivateUsers=true
+    # RestrictNamespaces=true
+    # SystemCallFilter=@system-service
+  };
+}
diff --git a/options.nix b/options.nix
index 0321786..0c240d7 100644
--- a/options.nix
+++ b/options.nix
@@ -3,6 +3,7 @@
   options.frogeye = {
     extra = lib.mkEnableOption "Big software";
     gaming = lib.mkEnableOption "Games";
+    userNix = lib.mkEnableOption "Nix is \"installed\" in ~/.nix";
     polarity = lib.mkOption {
       default = "dynamic";
       description = "Whether to use light theme or dark theme.";