I know it is a new feature in 21.05 to reset user home dir facl.
But I want to add a facl like setfacl -m u:user:x ~ and make it existing after rebuild nixos.
Is there an options for nixos to do this? users.users.<name>.subUid* is not suitable.
Set users.users.<name>.createHome = false; and I suspect that will fix your problem.
users.users.<name>.createHome is already false which is the default value. So it cannot solve the problem.
Now, I use system.activationScripts to fix this problem.
If createHome is set to false then what specifically is changing the ACLs on your home directory?
I run setfacl -m u:sddm:x ~/ after nixos-rebuild switch and getfacl ~/ outs user:sddm:--x.
Reboot system and now I run getfacl ~/, it prints user:sddm:--x #effective:--- and acl for user of qemu-libvirtd is same.
I have had a similar issue on /var/log/httpd for a while now.
I set ACLs using systemd.tmpfiles.rules (in an attempt to override the tmpfiles rules that NixOS provides) but they always end up like you have described and I need to manually run setfacl.
I’d love to know what I’m doing wrong here…