From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2.migadu.com ([2001:41d0:700:3204::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id 8IFoJS03k2VgzgAAkFu2QA (envelope-from ) for ; Mon, 01 Jan 2024 23:05:33 +0100 Received: from aspmx1.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2.migadu.com with LMTPS id 2GpGIS03k2VzgAEAe85BDQ (envelope-from ) for ; Mon, 01 Jan 2024 23:05:33 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=benwr.net header.s=protonmail header.b=ZseYvCpH; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1704146733; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=svupJNjGObvN17nJhXHrQM7f9KqhXjTf8hPC3tu7kQY=; b=X3IRJT11vrM6aiZ9ltw2qjwyp09k0f/dxRqkmoiq9EzNRu2XSk7cNd0o4SwdlY8N5dqNZ4 QtAAY+3ohRoNkHBeuuhDT01bFpdiydmKQCzAtreCROAepH5j/nzpvB2/cVjOZYGaACbTbp exGiya5jmanRhsSxFsweXbXjsJm7usY0TPYl+9yv8g7JFZ4CP7PSSR158FUaWm4trTTzQa EfT5jyfU8YzP30rfG7KpmR/gOpHNBJ9TSDGEQIaRmw3rhN6snqrmsqipeeS0q8EY2jnCYJ yUh+tSg0Mu+YWnkErcuvWcg+wwUfqvM6eLAk8+iW3kgArEBLTDfFWpYYOuFgqw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=benwr.net header.s=protonmail header.b=ZseYvCpH; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Seal: i=1; s=key1; d=yhetil.org; t=1704146733; a=rsa-sha256; cv=none; b=ISTIvFOG66H5m9U/GZ1z5b82WjFNxEn5+d3/uWCbHgK/yfmI9Jh9X5aEUC2SuBCa9/X/n1 enwsnu3dzLalTLAIbGOlGcZeOuHBNFTNSUN2RZKQDNv+NiaAYxydNPD8CivB3JWAEW6u3y dZ+c4Fa1aTWlFHzMr+oe89QZS7v7KgBUVLhiu4u+QKLZb5pTEIvgW77yEbJoYxmylDoH1u hGuJ8B48QiYRAwZGN12OzJ4Pw7M0uhLRjNj2RUaLB97P7AcC2BhvFkayvdrQRbMET108+M LIpuCmggT4cjYT/IfYXU6jk0XBQEbdVtMsyY0LsiJ0frpBV4stWFNn3aIrREww== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 4D5425A898 for ; Mon, 1 Jan 2024 23:05:33 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rKQP8-0001zW-1u; Mon, 01 Jan 2024 17:05:02 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rKQP7-0001zK-HD for help-guix@gnu.org; Mon, 01 Jan 2024 17:05:01 -0500 Received: from mail-4022.proton.ch ([185.70.40.22]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rKQP5-00005v-3Q for help-guix@gnu.org; Mon, 01 Jan 2024 17:05:00 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=benwr.net; s=protonmail; t=1704146693; x=1704405893; bh=svupJNjGObvN17nJhXHrQM7f9KqhXjTf8hPC3tu7kQY=; h=Date:To:From:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=ZseYvCpH7I6laLeZrxlzi6Yra5OPwDu8a1HX40RYw0iqUCa2RHEXVyX2csOkYHA0D eZ4BmV2mrIRO+3WfPYWnwHhX8wvMoVLJuq3kjjpnhmbchBmNZiSbIGxzJOEGW6O0qe fh2I9LYQh4+3JzcPzHl0rz17JqG/m97YRMKfhvtk= Date: Mon, 01 Jan 2024 22:04:35 +0000 To: help-guix@gnu.org From: Ben Weinstein-Raun Subject: Re: Shepherd user services that run on startup? Message-ID: In-Reply-To: <532f5b62-c5c3-4aa5-867e-ebe2dbecc848@benwr.net> References: <532f5b62-c5c3-4aa5-867e-ebe2dbecc848@benwr.net> Feedback-ID: 7118633:user:proton MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha256; boundary="------28b631ee83021d4c7d315b7db49f59ca5ecf1cb4c7dbd615d63220ce49c47819"; charset=utf-8 Received-SPF: pass client-ip=185.70.40.22; envelope-from=root@benwr.net; helo=mail-4022.proton.ch X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: help-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Migadu-Spam-Score: -10.05 X-Spam-Score: -10.05 X-Migadu-Queue-Id: 4D5425A898 X-Migadu-Scanner: mx10.migadu.com X-TUID: O2fc074yTS1N This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------28b631ee83021d4c7d315b7db49f59ca5ecf1cb4c7dbd615d63220ce49c47819 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Message-ID: Date: Mon, 1 Jan 2024 17:04:32 -0500 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird From: Ben Weinstein-Raun Subject: Re: Shepherd user services that run on startup? Reply-To: root@benwr.net References: <532f5b62-c5c3-4aa5-867e-ebe2dbecc848@benwr.net> Content-Language: en-US To: help-guix@gnu.org In-Reply-To: <532f5b62-c5c3-4aa5-867e-ebe2dbecc848@benwr.net> On 12/20/23 16:42, Ben Weinstein-Raun wrote: > My guess is that this is at least possible, by defining a system-level > service that starts a shepherd for each user. Would that work? After struggling with this for a week, I've managed to get a user-level `shepherd` starting! It fails to actually run, probably due to errors in my init.scm, but I'm happy with the progress! I still have some fairly important-feeling questions though: * When I tried to use `sudo` via the actual package, I get an error about it needing to be setuid-root. My workaround is to jut directly add /run/setuid-programs to the PATH, but this is a pretty bad-feeling hack, as it leaves an unspecified dependency. What's the right way to depend on sudo? Force the user to pass it in as an argument, maybe? * I still don't know how to "properly" ensure that the XDG_RUNTIME_DIR is set, like it should be for a "proper" login shell. Right now, the shell script just brute-creates the directory where I expec t it on my system (and exports that path to the environment). So, if anybody knows: what's the right way to do this? * Several times throughout this process, when I had errors in the shell script that caused it to exit early, my system shepherd became unresponsive and I had to roll-back, and then reboot using /proc/sysrq-trigger. This was a little terrifying, since I'm currently traveling and won't physically see my server again until February. It was also surprising, since the script is running inside a shepherd fork-exec constructor, and I'd have thought that this would deal gracefully with failed starts. Is this a bug in shepherd, or am I misusing it? > Anyone have tips on how to go about building this, if so? Especially: > What's the easiest way to ensure that a guix service knows the list of > users-with-login-shells on the system? I sidestepped this issue by forcing the user to specify usernames when instantiating the service. This seems nicer anyway, as m aybe you don't want to start a shepherd for every user. > And, of course, is there a simpler way? This question still stands! My code is on github if you're curious: * service definition is here: https://github.com/benwr/benwr_guix/blob/main/benwr/services/userherd.scm * package definition is here: https://github.com/benwr/benwr_guix/blob/main/benwr/packages/userherd.scm * shell script is here: https://github.com/benwr/userherd (This is probably obvious, but just in case: I'd strongly caution against directly relying on my channel, as I break it constantly) Thanks in advance for any help! --------28b631ee83021d4c7d315b7db49f59ca5ecf1cb4c7dbd615d63220ce49c47819 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: ProtonMail wnUEARYIACcFAmWTNvMJEB9MBG51G3uoFiEEkw3z4F36dhwIvy/hH0wEbnUb e6gAAJujAP9gmJWqel9QI8zk4npEnUg5jsKedRqP69VBroMU3BnqngEAui83 6wqWjNMxzMxfZEKT+xrlTi4Tx5nur9nZbEZk2AU= =2c2z -----END PGP SIGNATURE----- --------28b631ee83021d4c7d315b7db49f59ca5ecf1cb4c7dbd615d63220ce49c47819--