On 2022-07-21 19:25, Maxime Devos wrote: > On 21-07-2022 19:13, Andrew Tropin wrote: > >> The source code is here: >> https://git.sr.ht/~abcdw/rde/commit/c5b4097ab99309ace23e40d957e9fa1f938f97e9 > > What's the 'guix-home-gc-roots' for? I would expect the reference > #$(file-append he "/activate") to be sufficient to keep things from > being gc'ed. It was needed while I was testing manual activation without shepherd service, not needed anymore, already removed it locally. > >> + >> >> (start #~(make-forkexec-constructor + >> >> '(#$(file-append he "/activate")) + >> >> #:user #$user + >> >> #:environment-variables + >> >> (list (string-append "HOME=" (passwd:dir (getpw #$user)))) + >> >> #:group (group:name (getgrgid (passwd:gid (getpw #$user)))))) > I'm wondering if GUIX_LOCPATH is needed as well. Anyway, if not done > already internally by /activate, you could consider doing it in a > container to reduce potential irreproducibility, or insecurity on > multi-user systems (I'd assume the #:user + #:group to be sufficient for > security, especially if it appears sufficient for other system services, > but I'm not some expert on what things need to be set). > It's not set by /activate. >> + >> >> (provision (list (symbol-append 'guix-home- (string->symbol user)))) + >> >> (one-shot? #t) + >> >> (auto-start? #f) > Wouldn't it then be possible for the user to login via the login manager > before initialisation has completed, as gdm etc don't wait for > guix-home-... currently? You are right, the same as the first one, needed for more manual approach, changed to #t, thank you. Three patches for this service to work is on the way on guix-patches. In the meantime, will try to build livecd with the home environment inside. P.S. Probably this system service is far from final version of this feature, I still think about making home-environment a part of user-account. Will evaluate pros and cons, after I get livecd built successfully. -- Best regards, Andrew Tropin