On 12/20/23 16:42, Ben Weinstein-Raun wrote: > My guess is that this is at least possible, by defining a system-level > service that starts a shepherd for each user. Would that work? After struggling with this for a week, I've managed to get a user-level `shepherd` starting! It fails to actually run, probably due to errors in my init.scm, but I'm happy with the progress! I still have some fairly important-feeling questions though: * When I tried to use `sudo` via the actual package, I get an error about it needing to be setuid-root. My workaround is to jut directly add /run/setuid-programs to the PATH, but this is a pretty bad-feeling hack, as it leaves an unspecified dependency. What's the right way to depend on sudo? Force the user to pass it in as an argument, maybe? * I still don't know how to "properly" ensure that the XDG_RUNTIME_DIR is set, like it should be for a "proper" login shell. Right now, the shell script just brute-creates the directory where I expec t it on my system (and exports that path to the environment). So, if anybody knows: what's the right way to do this? * Several times throughout this process, when I had errors in the shell script that caused it to exit early, my system shepherd became unresponsive and I had to roll-back, and then reboot using /proc/sysrq-trigger. This was a little terrifying, since I'm currently traveling and won't physically see my server again until February. It was also surprising, since the script is running inside a shepherd fork-exec constructor, and I'd have thought that this would deal gracefully with failed starts. Is this a bug in shepherd, or am I misusing it? > Anyone have tips on how to go about building this, if so? Especially: > What's the easiest way to ensure that a guix service knows the list of > users-with-login-shells on the system? I sidestepped this issue by forcing the user to specify usernames when instantiating the service. This seems nicer anyway, as m aybe you don't want to start a shepherd for every user. > And, of course, is there a simpler way? This question still stands! My code is on github if you're curious: * service definition is here: https://github.com/benwr/benwr_guix/blob/main/benwr/services/userherd.scm * package definition is here: https://github.com/benwr/benwr_guix/blob/main/benwr/packages/userherd.scm * shell script is here: https://github.com/benwr/userherd (This is probably obvious, but just in case: I'd strongly caution against directly relying on my channel, as I break it constantly) Thanks in advance for any help!