On 21-07-2022 19:13, Andrew Tropin wrote: > The source code is here: > https://git.sr.ht/~abcdw/rde/commit/c5b4097ab99309ace23e40d957e9fa1f938f97e9 What's the 'guix-home-gc-roots' for? I would expect the reference #$(file-append he "/activate") to be sufficient to keep things from being gc'ed. > + > > (start #~(make-forkexec-constructor + > > '(#$(file-append he "/activate")) + > > #:user #$user + > > #:environment-variables + > > (list (string-append "HOME=" (passwd:dir (getpw #$user)))) + > > #:group (group:name (getgrgid (passwd:gid (getpw #$user)))))) I'm wondering if GUIX_LOCPATH is needed as well. Anyway, if not done already internally by /activate, you could consider doing it in a container to reduce potential irreproducibility, or insecurity on multi-user systems (I'd assume the #:user + #:group to be sufficient for security, especially if it appears sufficient for other system services, but I'm not some expert on what things need to be set). > + > > (provision (list (symbol-append 'guix-home- (string->symbol user)))) + > > (one-shot? #t) + > > (auto-start? #f) Wouldn't it then be possible for the user to login via the login manager before initialisation has completed, as gdm etc don't wait for guix-home-... currently? Greetings, Maxime.