{ pkgs, lib, config, ... }: let ensureNixPath = "${config.xdg.configHome}/dotfiles/ensure_nix.sh"; in { config = lib.mkIf config.frogeye.userNix { home.activation = { # When Nix is installed in the user directory via a proot, systemd --user # is started outside of it, so it cannot access /nix. So we need to: # - Ensure files systemd access aren't via /nix. # Sometimes there's multiple layers of redirection, so easiest way is # to copy the file outside the repository, but if using regular files # directly home-manager will complain that it will overwrite # something it didn't write. # - Wrap services entrypoints into a proot wrapper prootSystemd = lib.hm.dag.entryAfter [ "linkGeneration" ] [ "reloadSystemd" ] '' cd ${config.xdg.configHome}/systemd/user ${pkgs.findutils}/bin/find . -type l | while read path do ${pkgs.gnused}/bin/sed 's|^Exec\S\+=|\0${ensureNixPath} |' "$path" > "''${path}-proot" rm "$path" ln -s "''${path}-proot" "$path" done ''; # I wonder if it's possible to do this in a slightly more Nix way, without causing infinite recursion # Create a graphical entrypoint by overriding one of the OS programs graphicalEntrypoints = let graphicalEntrypoint = pkgs.writeTextFile { name = "graphical-entrypoint"; text = '' #!/usr/bin/env sh exec ${ensureNixPath} ${config.xsession.scriptPath} ''; executable = true; }; in lib.mkIf config.frogeye.desktop.xorg lib.hm.dag.entryAfter [ "writeBoundary" ] '' cp -f ${graphicalEntrypoint} ${config.home.homeDirectory}/.local/bin/cinnamon-session-cinnamon ''; }; # Some systemd options don't work if you're running a proot inside, so they need to be relaxed # TODO Following is what's necessary to remove for Syncthing to work. Might be applicable on all services. # PrivateUsers=true # RestrictNamespaces=true # SystemCallFilter=@system-service }; }