Here is my take on it from slightly different angle:
- Running arbitrary command at rebuild or bootup could be done with
system.activationScripts. I’m using it toset arbitrary file permissions:
system.activationScripts.foo_home_read = pkgs.lib.stringAfter [ "users" ]
''
# allow all users peek at the configs
chmod g+rx /home/foo
'';
- Exporting
pipewirefor other users could be done by creating extra socket with more accessible path. I’m using the following:
services.pipewire.pulse.enable = true;
# allow other user use sound by absolute address:
services.pipewire.config.pipewire-pulse = {
"pulse.properties" = {
"server.address" = [
# default:
"unix:native"
# extension:
"unix:/tmp/pulse-for-all"
];
};
};
hardware.pulseaudio.extraClientConf = ''
default-server=unix:/tmp/pulse-for-all
'';
# cat ~/.config/systemd/user/pipewire-pulse.socket.d/override.conf
[Socket]
ListenStream=/tmp/pulse-for-all