usernix: Fixes following testing

ensure_nix.sh

@@ -48,8 +48,12 @@ then
     "$nix_installer" --no-daemon --yes --no-channel-add --no-modify-profile
 fi
 
+# TODO This installs nix in nix-env, which conflicts with home-manager activation.
+# Workaround is temporarily set /nix/store-xxx-nix/bin in PATH
+
 . "$nix_profile_path"
 
-"${SCRIPT_DIR}/add_channels.sh"
+# TODO Useful the first time, but it becomes a bit long after a while
+# "${SCRIPT_DIR}/add_channels.sh"
 
 exec "$@"

hm/desktop.nix

@@ -129,7 +129,7 @@ in
                   "${mod}+Shift+d" = "${rofi} -modi drun -show drun";
                   # Start Applications
                   "${mod}+Return" = "exec ${
-            pkgs.writeShellScript "terminal" "${config.programs.alacritty.package}/bin/alacritty msg create-window || exec ${config.programs.alacritty.package}/bin/alacritty -e zsh"
+            pkgs.writeShellScript "terminal" "${config.programs.alacritty.package}/bin/alacritty msg create-window -e zsh || exec ${config.programs.alacritty.package}/bin/alacritty -e zsh"
             # -e zsh is for systems where I can't configure my user's shell
             # TODO Is a shell script even required?
           }";

hm/usernix/default.nix

@@ -1,6 +1,7 @@
 { pkgs, lib, config, ... }:
 let
   ensureNixPath = "${config.xdg.configHome}/dotfiles/ensure_nix.sh";
+  # TODO Can we maybe use a lighter version of this?
 in
 {
   config = lib.mkIf config.frogeye.userNix {
@@ -9,43 +10,79 @@ in
       # is started outside of it, so it cannot access /nix. So we need to:
       # - Ensure files systemd access aren't via /nix.
       #     Sometimes there's multiple layers of redirection, so easiest way is
-      #     to copy the file outside the repository, but if using regular files
-      #     directly home-manager will complain that it will overwrite
-      #     something it didn't write.
+      #     to copy the file outside the store.
       # - Wrap services entrypoints into a proot wrapper
-      prootSystemd = lib.hm.dag.entryAfter [ "linkGeneration" ] [ "reloadSystemd" ] ''
+      prootSystemd = lib.hm.dag.entryBetween [ "reloadSystemd" ] [ "linkGeneration" ] ''
         cd ${config.xdg.configHome}/systemd/user
-        ${pkgs.findutils}/bin/find . -type l | while read path
+        ${pkgs.findutils}/bin/find . -maxdepth 1 -type l | while read path
         do
-          ${pkgs.gnused}/bin/sed 's|^Exec\S\+=|\0${ensureNixPath} |' "$path" > "''${path}-proot"
-          rm "$path"
-          ln -s "''${path}-proot" "$path"
+          temp="$(mktemp -p "$PWD")"
+          ${pkgs.gnused}/bin/sed 's|^Exec\S\+=|\0${ensureNixPath} |' "$path" > "$temp"
+          $DRY_RUN_CMD mv $VERBOSE_ARG "$temp" "$path"
+          rm -f "$temp"
         done
+        # Targets (need to be symlinks to original)
+        ${pkgs.findutils}/bin/find . -mindepth 2 -maxdepth 2 -type l | while read path
+        do
+          $DRY_RUN_CMD rm $VERBOSE_ARG "$path"
+          $DRY_RUN_CMD ln $VERBOSE_ARG -s "../$(basename "$path")" "$path"
+        done
+      '';
+      # Unless files were created by HM, it will complain that something is in the way, so we delete them.
+      # This is very ugly, as you're not supposed to write things before writeBoundary, but hey
+      prootSystemdClean = lib.hm.dag.entryBefore [ "checkLinkTargets" ] ''
+        $DRY_RUN_CMD rm $VERBOSE_ARG -rf ${config.xdg.configHome}/systemd/user
       '';
       # I wonder if it's possible to do this in a slightly more Nix way, without causing infinite recursion
 
       # Create a graphical entrypoint by overriding one of the OS programs
       graphicalEntrypoints =
         let
+          graphicalBin = "${config.home.homeDirectory}/.local/bin";
+          graphicalProfile = pkgs.writeTextFile {
+            name = "graphical-profile";
+            text = ''
+              export PATH="${graphicalBin}:$PATH"
+            '';
+          };
           graphicalEntrypoint = pkgs.writeTextFile {
             name = "graphical-entrypoint";
             text = ''
-              #!/usr/bin/env sh
+              #!/bin/sh
               exec ${ensureNixPath} ${config.xsession.scriptPath}
             '';
             executable = true;
           };
         in
-        lib.mkIf config.frogeye.desktop.xorg
-          lib.hm.dag.entryAfter [ "writeBoundary" ] ''
-          cp -f ${graphicalEntrypoint} ${config.home.homeDirectory}/.local/bin/cinnamon-session-cinnamon
+        # lib.mkIf config.frogeye.desktop.xorg # TODO Removed because wrong ordering or something?
+        lib.hm.dag.entryAfter [ "writeBoundary" ] ''
+          $DRY_RUN_CMD cp $VERBOSE_ARG -L -f ${graphicalProfile} ${config.home.homeDirectory}/.xprofile
+          $DRY_RUN_CMD cp $VERBOSE_ARG -L -f ${graphicalEntrypoint} ${graphicalBin}/cinnamon-session-cinnamon
         '';
     };
 
+    # Ubuntu gives you this for some reason, but it just makes warnings
+    xsession.initExtra = ''
+      unset LD_PRELOAD
+    '';
+
     # Some systemd options don't work if you're running a proot inside, so they need to be relaxed
-    # TODO Following is what's necessary to remove for Syncthing to work. Might be applicable on all services.
-    # PrivateUsers=true
-    # RestrictNamespaces=true
-    # SystemCallFilter=@system-service
+    systemd.user = {
+      services = {
+        mpd.Service = {
+          # This tries to override PATH for some reason, which makes ensure_nix not work
+          Environment = lib.mkForce [ ];
+          # Since we're wrapping in ensure_nix, notifications for Type=notify
+          # will come from a process lower
+          NotifyAccess = "all";
+        };
+        # Below might be applicable on all services that use those options, but none is to test right now
+        syncthing.Service = {
+          PrivateUsers = lib.mkForce [ ];
+          RestrictNamespaces = lib.mkForce [ ];
+          SystemCallFilter = lib.mkForce [ ];
+        };
+      };
+    };
   };
 }