New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos system-activation: support activation scripts run in a user context #47898
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same as the other PR; though verified and it works as expected with a custom activation script snippet.
(mapAttrsToList (name: value: "${pkgs.su}/bin/su ${name} -c ${pkgs.libsForQt5.kservice}/bin/kbuildsycoca5") | ||
(filterAttrs (n: v: v.isNormalUser) config.users.users))); | ||
# Update the start menu for each user that is currently logged in | ||
system.userActivationScripts.plasmaSetup = "${pkgs.libsForQt5.kservice}/bin/kbuildsycoca5"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why use a user-activation script instead of just creating a user systemd unit?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You missed that system.userActivationScripts
is implemented via a systemd unit?
No, I wonder why have an “activation script” not part of the “activate” script, instead of just having these modules create their own use case specific systemd unit.
… On Oct 6, 2018, at 8:41 AM, Vladimír Čunát ***@***.***> wrote:
@vcunat commented on this pull request.
In nixos/modules/services/x11/desktop-managers/plasma5.nix:
> @@ -225,11 +225,8 @@ in
security.pam.services.sddm.enableKwallet = true;
security.pam.services.slim.enableKwallet = true;
- # Update the start menu for each user that has `isNormalUser` set.
- system.activationScripts.plasmaSetup = stringAfter [ "users" "groups" ]
- (concatStringsSep "\n"
- (mapAttrsToList (name: value: "${pkgs.su}/bin/su ${name} -c ${pkgs.libsForQt5.kservice}/bin/kbuildsycoca5")
- (filterAttrs (n: v: v.isNormalUser) config.users.users)));
+ # Update the start menu for each user that is currently logged in
+ system.userActivationScripts.plasmaSetup = "${pkgs.libsForQt5.kservice}/bin/kbuildsycoca5";
You missed that system.userActivationScripts is implemented via a systemd unit?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.
|
The system activation script is ran once and with system privileges. This is to be ran for each (active) user with their privileges. |
Right. Based on the definition it seems it will run on every login. I’m just not sure why we need the concept of a user activation script when a one shot user unit works just the same.
This is in contrast to system activation scripts which aren’t typically implementable as systemd units.
… On Oct 6, 2018, at 10:29 AM, Vladimír Čunát ***@***.***> wrote:
The system activation script is ran once and with system privileges. This is to be ran for each (active) user with their privileges.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.
|
That's not entirely true. The system level activation scripts do run on every boot, but the user context scripts are only triggered for users logged in (we get a list of active sessions from logind).
That's how it's implemented - as a oneshot unit. We still need a way to trigger it though so that is what the system level activation script handles.
Well, it's actually moving that way - @jameysharp has done some nice work in #47563. |
Nice. I understand now. Thank you!
… On Oct 7, 2018, at 8:07 AM, Peter Hoeg ***@***.***> wrote:
Right. Based on the definition it seems it will run on every login.
That's not entirely true. The system level activation scripts do run on every boot, but the user context scripts are only triggered for users logged in (we get a list of active sessions from logind).
I’m just not sure why we need the concept of a user activation script when a one shot user unit works just the same.
That's how it's implemented - as a oneshot unit. We still need a way to trigger it though so that is what the system level activation script handles.
This is in contrast to system activation scripts which aren’t typically implementable as systemd units.
Well, it's actually moving that way - @jameysharp has done some nice work in #47563.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.
|
Ooh, I like it. Although I think I'd like it even better if |
A target definitely makes more sense than a service.
And thinking a little more about this, how about this:
That will allow us to do granular activation. |
I feel like putting a lot of disclaimers on this response: I don't speak for anyone else; my feelings won't be hurt if you ignore my suggestions; etc. That said, if I were responsible for this decision, I know what I would do here, and since I got invited into this thread I guess I might as well share? My major preference here is around having fewer ways to do the same things, and choosing the more general option, when that doesn't significantly impact usability. Requiring people to use On the other hand, it's more flexible because they can use It also doesn't require introducing new NixOS-specific concepts. Instead of saying "we have this notion of a user activation script, here's what that means," you can just say "every logged in user will have this target started in their session when the system configuration changes, do whatever you want with that, here's a link to the relevant systemd documentation if you aren't familiar with it." This feels conceptually simpler to me. I'd argue that the worst option would be to do both. Saying "here's One more thought: So... do whatever you like with this, but that's my personal feeling on the best direction to go here. |
@jameysharp - I'm not ignoring you. I know how disheartening it can be when putting in a lot of thought into something, writing it up and then to be met with silence, but time's been a little tight on this side. I want us to work on getting something solid out of this and will get back to you shortly. |
No worries! 😄 I've been busy myself. If you want further opinions from me, let me know; otherwise I'm happy to leave this alone at the moment. |
Motivation for this change
#47842 for 18.09
Cc: @samueldr @vcunat
Things done
sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)nix path-info -S
before and after)