This commit deprecates profile management from the activation script.
The profile management is instead the responsibility of the driving
software, for example, the `home-manager` tool in the case of
standalone installs.
The legacy behavior is still available for backwards compatibility but
may be removed in the future.
The new behavior resolves (or moves us closer to resolving) a number
of long standing open issues:
- `home-manager switch --rollback`, which performs a rollback to the
previous Home Manager generation before activating. While it was
previously possible to accomplish this by activating an old
generation, it did always create a new profile generation.
This option has been implemented as part of this commit.
- `home-manager switch --test`, which activates the configuration but
does not create a new profile generation.
This option has _not_ been implemented here since it relies on the
current configuration being activated on login, which we do not
currently do.
- When using the "Home Manager as a NixOS module" installation method
we previously created an odd `home-manager` per-user "shadow
profile" for the user. This is no longer necessary.
This has been implemented as part of this commit.
Fixes#3450
In #587, kalbasit introduce the `-i` flag so the sudo invocation would
run in an environment with `HOME` set to the correct value for the
target user. This was necessary to be able to set up multiple users
without interfering with the invoking user's `HOME`.
In #807, I switched to `-s` instead because I managed to get an
invalid shell set for my user by switching `useUserPackages` from
`true` to `false` which changes the location where packages are
installed and `~/.nix-profile/bin/<my-shell>` was no longer valid.
This was based on the assumption that `SHELL` would be set to some
sensible value by Home Manager at this point. This turned out to be
false as reported in #2900.
In 0ced6d6d (this commit's parent at this time), I explicitly set
`SHELL` to `${pkgs.bash}` so it is definitely set to a good shell when
invoking the activation script.
However, #807 broke activation for multiple users, the original
motivation for `-i`, as reported in #2856. I fixed this in #2857 by
additionally passing `--set-home`.
Further discussion with rycee in #3040 made me realize that the
activation script already has a good Nix store bash shebang. So all
the problems have been caused, not by the shell used for the
activation script but by sudo trying to use a different shell at all.
`-i` uses the shell set in the `passwd` file for the target user, but
this can become invalid as happened to me. `-s` uses either `SHELL` if
it's defined or the invoking user's shell as set in the `passwd` file.
By explicitly setting this to a shell provided by Nix we make sure
we're not trying to launch a non-existent shell. However, we're
clearly already running in an existing shell and because of
`--set-home` we can activate other users properly so there's not
actually any need to try to have sudo start a different shell first,
it just adds an extra process that then goes on to run the activation
script with a good bash because of the shebang.
Dropping `-s` altogether and keeping `--set-home` should avoid all of
these issues.
In #807 I changed the flag passed to `sudo` from `-i` to `-s` so
`sudo` wouldn't use a non-existent shell defined in the `passwd` file.
kalbasit also reported in that PR that `-i` didn't work for them
anymore on an M1 Mac, presumably because Apple changed something in
newer versions of macOS.
Some users reported that this broke the behavior for them because
`SHELL` was set to a path that didn't even exist on their system. It's
unclear how this came to be but it shows that my assumption that
`SHELL` would be set to a reasonable shell by Home Manager at this
point in the activation is false.
As a way around this problem we can explicitly set `SHELL` when
running the activation script to a value that we know will be good,
like `${pkgs.bash}`.
One change in behavior this causes is that the activation script will
always be run by bash, not the user's shell. If the script is
generated by Home Manager this is fine since it can be generated
taking into account the supported set of functions and behaviors. If
the intent is for the activation script to possibly be run by non-bash
and even non-POSIX shells, like tcsh, ksh or Xonsh, then this fix will
not suffice. Turns out this is indeed an assumption made by Home
Manager, so this is the proper behavior.
Fixes#2900
* Add flake.lock and clean up flake.nix
Add a lockfile to work around https://github.com/NixOS/nix/issues/6541
(and because it's a good idea anyway).
Also use flake-utils, and restrict ourselves to the five platforms
supported by nixpkgs. Otherwise, the IFD for nmd fails on weird
platforms. This fixes `nix flake check`.
Remove the redundant `apps` output, see https://github.com/nix-community/home-manager/pull/2442#issuecomment-1133670487
* nixos,nix-darwin: factor out into a common module
* nixos,nix-darwin: make `home-managers.users` shallowly visible
Make sure the option is included in the NixOS/nix-darwin manual (but the
HM submodule options aren't).
Also add a static description to the HM submodule type so that we don't need to
evaluate the submodules just to build the option manual. This makes
nixos-search able to index the home-manager flake.
Also clean up some TODOs.
* flake: add nmd and nmt
This avoids having to use `pkgs.fetchFromGitLab` in an IFD, which causes
issues when indexing packages with nixos-search because `pkgs` is
instantiated with every platform.
`modulesPath` is usually used with antiquotation
(`"${modulesPath}/some-module.nix"`). Since antiquoted paths are copied
to the Nix store, one must explicitly do `"${toString
modulesPath}/some-module.nix"` to avoid that. Ideally `modulesPath`
should be a string to avoid this. Note that `modulesPath` is already
defined as a string in <home-manager>/modules/default.nix and
<nixpkgs>/nixos/lib/eval-config.nix.
Changing from `sudo -i` to `sudo -s` messes up activation when multiple
users are managed. `--set-home` should have similar behavior to `-i` in
that the activation script is run from the user's home directory.
Fixes#2856
Currently activation is run with `sudo -i` this defaults to the user's
login shell. This can lead to problems if the user's shell isn't set
properly.
By passing `-s` rather than `-i`, `sudo` runs `activate` in `SHELL`
instead. We assume that at this point in the activation `SHELL`
contains the path to a bash in the nix store. This should always be a
valid shell to run the `activate` script with.
From the `sudo` manual it seems like this cannot be fixed if `SHELL`
isn't set at this point or by passing a command to `-s` because that
command is then passed to the user's shell.
As discussed in this issue:
https://github.com/NixOS/nixpkgs/issues/140879
`types.anything` was never meant to be used for arbitrary modules.
Co-authored-by: Silvan Mosberger <github@infinisil.com>
Having either argument defined based on the OS is a problem when
trying to write generic Nix code.
The current workaround is to use accept both and specify a default
value for each argument:
```
{ config, lib, nixosConfig ? {}, darwinConfig ? {}, ... }:
let
osConfig = nixosConfig // darwinConfig;
in
{
# Do something with `osConfig`
}
```
With this commit, it becomes possible to do the following:
```
{ config, lib, osConfig, ... }:
{
# Do something with `osConfig`
}
```
functionTo tries to evaluate functions too quickly and prevents modules
from accessing pkgs argument. fixes#1878.
Co-authored-by: Pacman99 <pachum99@gmail.com>
This allows users of the nixos and nix-darwin module to set shared modules
for all users and extra specialArgs to be available to home-manager modules.
The latter is named extraSpecialArgs just like the argument to
modules/default.nix.
This could be confusing since the the two are independent in code,
but they do mean the same thing so I think the name fits.
Darwin can now refer to the global system configuration if used as a module
through the special `darwinConfig` argument.
Co-authored-by: Nicolas Berbiche <nicolas@normie.dev>
Before the profile directory value would point directly to the build
output in the Nix store. Unfortunately this would cause an infinite
loop if the user's configuration directly or indirectly refers to the
profile directory value.
Fixes#1188
It is insufficient to install the packages in `home.packages`, it has
to be `home.path`, which includes configured extra package outputs or
profile commands.
This change makes use of the `extend` function inside `lib` to inject
a new `hm` field containing the Home Manager library functions. This
simplifies use of the Home Manager library in the modules and reduces
the risk of accidental infinite recursion.
PR #994
This removes the `nixosSubmodule` option in favor of a new option
`submoduleSupport.enable`. This name better indicates that the
submodule mode applies to both NixOS and nix-darwin.