Manage files by creating a systemd oneshot service for each file. The
service links or bind mounts the file as appropriate on start and
removes the link or unmounts it when stopped. Whether a symlink or
bind mount is used is determined by if the target exists - if it does,
it's bind mounted, otherwise symlinked. To make sure files are
available early enough, also run the start portion in the activation
script.
This lifts the restriction on files being placed in `/etc` and should
finally close#1.
Since the release of Nix 2.4, the ci pipeline is broken, as the syntax
and behavior of nix run changed. The command is also considered
experimental. Switch to using nix-shell instead.
NixOS defaults to not letting fuse mounts be allowed to let other
users read their contents. `bindfs` wants to give other users access
and is therefore normally run with `--no-allow-other` to not throw an
error.
Giving other users, mainly `root`, access to the bind mounts is,
however, useful and works fine when
programs.fuse.userAllowOther = true;
is declared in `configuration.nix`. This adds an option to choose
whether to give other users access or not. It also prompts the user to
set the `allowOther` attribute with a link to the documentation.
Due to what is likely a bug in bindfs or fuse, the target path is
sometimes missing from the mount entry. This causes false positives
for the target directory having changed, leading to unnecessary
remounts. Luckily, it seems that when this happens, the line instead
contains the string `bindfs`, which it doesn't normally, so we can at
least circumvent this issue to some degree.
Find the correct name of the activation script entry responsible for
reloading systemd user services. The name was initially
`reloadSystemD` but has been changed to `reloadSystemd`, causing
failures due to the unmounts being done after the systemd services are
reloaded.
If there were multiple levels of directories which hadn't yet been
created in persistent storage, the `create-directories.bash` script
would error out when running `realpath` on the path. To allow this,
`realpath` has to be run with `-m`.
When user writes a long list of directories, the original code
generates a very long activation script, which can cause an "Argument
list too long" error.
This try to fix the issue by writing the directories creation script
into nix store as an executable instead of repeating it multiple
times.
Use bindfs to create bind mounts for directories instead of symlinking
them. This should be less problematic for many applications, since
bind mounts are much more transparent.
This sets up the bind mounts in the activation script, before any
writes are done by home-manager, then tears them down again
afterwards. The bind mounts are then handled by individual systemd
services, since they're long-running fuse processes and need to be
managed as such. This also means we leverage home-manager's mechanism
for deciding which user services should be active after a switch to a
new generation, and don't have to bother with cleaning up old leftover
fuse processes.
NOTE: All unmounts done in the activation script are put into a
function which is run either on error, or right before home-manager
starts / reloads systemd units. This will conflict with other attempts
to add traps on ERR, but this isn't currently done upstream.
