diff --git a/ensure_nix.sh b/ensure_nix.sh index 2e7d206..5ce45ac 100755 --- a/ensure_nix.sh +++ b/ensure_nix.sh @@ -48,8 +48,12 @@ then "$nix_installer" --no-daemon --yes --no-channel-add --no-modify-profile fi +# TODO This installs nix in nix-env, which conflicts with home-manager activation. +# Workaround is temporarily set /nix/store-xxx-nix/bin in PATH + . "$nix_profile_path" -"${SCRIPT_DIR}/add_channels.sh" +# TODO Useful the first time, but it becomes a bit long after a while +# "${SCRIPT_DIR}/add_channels.sh" exec "$@" diff --git a/hm/desktop.nix b/hm/desktop.nix index 2aaed43..5a0672d 100644 --- a/hm/desktop.nix +++ b/hm/desktop.nix @@ -129,7 +129,7 @@ in "${mod}+Shift+d" = "${rofi} -modi drun -show drun"; # Start Applications "${mod}+Return" = "exec ${ - pkgs.writeShellScript "terminal" "${config.programs.alacritty.package}/bin/alacritty msg create-window || exec ${config.programs.alacritty.package}/bin/alacritty -e zsh" + pkgs.writeShellScript "terminal" "${config.programs.alacritty.package}/bin/alacritty msg create-window -e zsh || exec ${config.programs.alacritty.package}/bin/alacritty -e zsh" # -e zsh is for systems where I can't configure my user's shell # TODO Is a shell script even required? }"; diff --git a/hm/usernix/default.nix b/hm/usernix/default.nix index 1040e2a..84243cc 100644 --- a/hm/usernix/default.nix +++ b/hm/usernix/default.nix @@ -1,6 +1,7 @@ { pkgs, lib, config, ... }: let ensureNixPath = "${config.xdg.configHome}/dotfiles/ensure_nix.sh"; + # TODO Can we maybe use a lighter version of this? in { config = lib.mkIf config.frogeye.userNix { @@ -9,43 +10,79 @@ in # is started outside of it, so it cannot access /nix. So we need to: # - Ensure files systemd access aren't via /nix. # Sometimes there's multiple layers of redirection, so easiest way is - # to copy the file outside the repository, but if using regular files - # directly home-manager will complain that it will overwrite - # something it didn't write. + # to copy the file outside the store. # - Wrap services entrypoints into a proot wrapper - prootSystemd = lib.hm.dag.entryAfter [ "linkGeneration" ] [ "reloadSystemd" ] '' + prootSystemd = lib.hm.dag.entryBetween [ "reloadSystemd" ] [ "linkGeneration" ] '' cd ${config.xdg.configHome}/systemd/user - ${pkgs.findutils}/bin/find . -type l | while read path + ${pkgs.findutils}/bin/find . -maxdepth 1 -type l | while read path do - ${pkgs.gnused}/bin/sed 's|^Exec\S\+=|\0${ensureNixPath} |' "$path" > "''${path}-proot" - rm "$path" - ln -s "''${path}-proot" "$path" + temp="$(mktemp -p "$PWD")" + ${pkgs.gnused}/bin/sed 's|^Exec\S\+=|\0${ensureNixPath} |' "$path" > "$temp" + $DRY_RUN_CMD mv $VERBOSE_ARG "$temp" "$path" + rm -f "$temp" done + # Targets (need to be symlinks to original) + ${pkgs.findutils}/bin/find . -mindepth 2 -maxdepth 2 -type l | while read path + do + $DRY_RUN_CMD rm $VERBOSE_ARG "$path" + $DRY_RUN_CMD ln $VERBOSE_ARG -s "../$(basename "$path")" "$path" + done + ''; + # Unless files were created by HM, it will complain that something is in the way, so we delete them. + # This is very ugly, as you're not supposed to write things before writeBoundary, but hey + prootSystemdClean = lib.hm.dag.entryBefore [ "checkLinkTargets" ] '' + $DRY_RUN_CMD rm $VERBOSE_ARG -rf ${config.xdg.configHome}/systemd/user ''; # I wonder if it's possible to do this in a slightly more Nix way, without causing infinite recursion # Create a graphical entrypoint by overriding one of the OS programs graphicalEntrypoints = let + graphicalBin = "${config.home.homeDirectory}/.local/bin"; + graphicalProfile = pkgs.writeTextFile { + name = "graphical-profile"; + text = '' + export PATH="${graphicalBin}:$PATH" + ''; + }; graphicalEntrypoint = pkgs.writeTextFile { name = "graphical-entrypoint"; text = '' - #!/usr/bin/env sh + #!/bin/sh exec ${ensureNixPath} ${config.xsession.scriptPath} ''; executable = true; }; in - lib.mkIf config.frogeye.desktop.xorg - lib.hm.dag.entryAfter [ "writeBoundary" ] '' - cp -f ${graphicalEntrypoint} ${config.home.homeDirectory}/.local/bin/cinnamon-session-cinnamon + # lib.mkIf config.frogeye.desktop.xorg # TODO Removed because wrong ordering or something? + lib.hm.dag.entryAfter [ "writeBoundary" ] '' + $DRY_RUN_CMD cp $VERBOSE_ARG -L -f ${graphicalProfile} ${config.home.homeDirectory}/.xprofile + $DRY_RUN_CMD cp $VERBOSE_ARG -L -f ${graphicalEntrypoint} ${graphicalBin}/cinnamon-session-cinnamon ''; }; + # Ubuntu gives you this for some reason, but it just makes warnings + xsession.initExtra = '' + unset LD_PRELOAD + ''; + # Some systemd options don't work if you're running a proot inside, so they need to be relaxed - # TODO Following is what's necessary to remove for Syncthing to work. Might be applicable on all services. - # PrivateUsers=true - # RestrictNamespaces=true - # SystemCallFilter=@system-service + systemd.user = { + services = { + mpd.Service = { + # This tries to override PATH for some reason, which makes ensure_nix not work + Environment = lib.mkForce [ ]; + # Since we're wrapping in ensure_nix, notifications for Type=notify + # will come from a process lower + NotifyAccess = "all"; + }; + # Below might be applicable on all services that use those options, but none is to test right now + syncthing.Service = { + PrivateUsers = lib.mkForce [ ]; + RestrictNamespaces = lib.mkForce [ ]; + SystemCallFilter = lib.mkForce [ ]; + }; + }; + }; }; }