Can’t use systemctl to control it, I looked at other packages and think I installed the service file correctly, so it is probably due to the commands I use not actually installing the package?
I was having an issue with it not finding bcc or psutil when running it without sudo, since it then re-executes itself here with os.execvp using sudo and I tried using wrapProgram to fix this, but it did not and that line in my nix file doesn’t actually solve anything and can be removed. It was the symbolic links that fixed this, but there is probably a better way to solve this?
Related to (2), I can’t run picosnitch dash for the same reason, I could probably add the symbolic links, but dash has a lot more dependencies and I’m pretty sure there is a better way.
On NixOS, the actual installation of systemd unit files in a way that systemd can see them is done through the module system.
If you want to use a systemd unit file packaged with something in Nix on some other distro, you have to symlink it into the appropriate place (/usr/lib/systemd/system, I think, though there may be preferable dirs under /etc or elsewhere) yourself, then run systemctl daemon-reload. This actually works pretty well so long as you symlink it in from the appropriate Nix profile (I would install the package as root and then symlink it in from /nix/var/nix/profiles/default/... and not directly from the Nix store.
Installing a Nix package with nix-env or nix profile install doesn’t muck about with the init system present on the base system. (I think Home Manager supports systemd user services, for things that aren’t systemwide and can run on a per-user basis.)
How does picosnitch figure out what Python interpreter to use in re-exec’ing itself?
I’m not sure if it’s Nixpkgs-worthy, but one thing I’ve done with some Python programs in other contexts is use writeScriptBin to manually write a simple wrapper that invokes a Python scripts using a python executable that comes from a python3.withPackages result.
I’d like to experiment with what you’ve got so far to give some real suggestions for improvements, but I’m exhausted tonight. I’ll see if I can figure something out that works better when I get the chance, though!
The daemon is the only part that needs root, and it has some logic to guess the UID if run as a service and not by the user, and the environment variable wasn’t set. The only things it needs the UID for is desktop notifications on dbus, and for getting the executable hash of AppImages without allow_other or allow_root.
Thanks! Right now I’m just using the NixOS demo appliance for VirtualBox to test this, but it’s good to know this sort of setup is possible and may consider it for myself at some point.
Thank you! Since the main issue comes from re-executing itself, maybe the simplest solution is just remove support for running it like that on nix and require starting it from systemctl or with sudo? With dash it re-executes itself with nohup and runs a small shell script that opens your web browser to localhost:5100 so I could probably modify it to just not do that with substituteInPlace. Ideally I’d like to get this in good enough shape to submit to Nixpkgs if possible.