Is it possible to run systemd units as root via home-manager?

dob · April 26, 2024, 4:36pm

I am trying to run a systemd service from home-manager, as root. That results in the error:
Changing group credentials failed: Operation not permitted

It seems to be possible to run non home-manager systemd services as root (an example here). Does anyone know how one can achieve this via home-manager?

This is what I am trying to do:

    systemd.user.services.auto-mount = {
        Unit = {
            Description = "systemd service for automatic mounting";
            after = [ "network.target.service" ];
        };
        Install = {
            WantedBy = [ "default.target" ];
        };
        Service = {
            Type = "simple";
            User = "root";
            Group = "root";
            PermissionsStartOnly = true;
            ExecStart = "${pkgs.writeShellScript "auto-mount" ''
                /run/wrappers/bin/mount -o bind --source /home/dob/nextcloud/syncDir --target /home/dob/syncDir
            ''}";
        };
    };

This is the output from systemctl --user status auto-mount:

Apr 26 07:02:42 t470p systemd[1455]: Started systemd service that mounts automatically.
Apr 26 07:02:42 t470p (to-mount)[17213]: auto-mount.service: Changing group credentials failed: Operation not permitted
Apr 26 07:02:42 t470p (to-mount)[17213]: auto-mount.service: Failed at step GROUP spawning /nix/store/050v2xw2rl3xkikqyrcd8fh8xd6hq7mn-auto-mount: Operation not permitted
Apr 26 07:02:42 t470p systemd[1455]: auto-mount.service: Main process exited, code=exited, status=216/GROUP
Apr 26 07:02:42 t470p systemd[1455]: auto-mount.service: Failed with result 'exit-code'.
~

Janik · May 4, 2024, 6:45pm

I guess you could use home-manager for the root user but that’s not really what you are asking. And home-manager only support user-units so no. Why not just use the unit via the NixOS module?

If you are asking this question because you aren’t on NixOS maybe GitHub - numtide/system-manager: Manage system config using nix on any distro is what you are looking for.

dob · May 4, 2024, 10:55pm

Thanks for getting back to me.

What I initially tried to achieve was using host specific mounts through home-manager. Something that I never managed to do. More about this here. Maybe I could achieve the same, using systemd.mounts (not going through home-manager).

I was using NixOS. However, after the debacle around NixOS and the involvement with the Military Industrial Complex (MIC), I decided to end my own NixOS endeavour in support of the open letter. So, I uninstalled NixOS and went back to using my previous Linux distribution.