NixOS defaults to not letting fuse mounts be allowed to let other
users read their contents. `bindfs` wants to give other users access
and is therefore normally run with `--no-allow-other` to not throw an
error.
Giving other users, mainly `root`, access to the bind mounts is,
however, useful and works fine when
programs.fuse.userAllowOther = true;
is declared in `configuration.nix`. This adds an option to choose
whether to give other users access or not. It also prompts the user to
set the `allowOther` attribute with a link to the documentation.
Due to what is likely a bug in bindfs or fuse, the target path is
sometimes missing from the mount entry. This causes false positives
for the target directory having changed, leading to unnecessary
remounts. Luckily, it seems that when this happens, the line instead
contains the string `bindfs`, which it doesn't normally, so we can at
least circumvent this issue to some degree.
Find the correct name of the activation script entry responsible for
reloading systemd user services. The name was initially
`reloadSystemD` but has been changed to `reloadSystemd`, causing
failures due to the unmounts being done after the systemd services are
reloaded.
Use bindfs to create bind mounts for directories instead of symlinking
them. This should be less problematic for many applications, since
bind mounts are much more transparent.
This sets up the bind mounts in the activation script, before any
writes are done by home-manager, then tears them down again
afterwards. The bind mounts are then handled by individual systemd
services, since they're long-running fuse processes and need to be
managed as such. This also means we leverage home-manager's mechanism
for deciding which user services should be active after a switch to a
new generation, and don't have to bother with cleaning up old leftover
fuse processes.
NOTE: All unmounts done in the activation script are put into a
function which is run either on error, or right before home-manager
starts / reloads systemd units. This will conflict with other attempts
to add traps on ERR, but this isn't currently done upstream.