Run multiple service instances as multiple users

I’m trying to create a home-cloud for me and my family members. I’m evaluating NextCloud and Syncthing. Syncthing for now seems more promising, as I don’t like how NextCloud tries to take ownership of my data (which means I should not modify them directly, which I would like to be able to do, for example by mounting that directory on clients directly).

Syncthing, in the NixOS variant, by default has the same issue: It’s run as it’s own user and all files are created by that user. So my gf couldn’t access them.

But, I can run Syncthing as a specific user, for example as myself. That solves the problem for me, as I can now sync to my own home directory. But she can’t.

What I would need to do is run that thing twice: Once as me, once as her, to avoid such issues. Is that possible? How would I do this?

You can run Syncthing within the context of a user when using home-manager:
https://home-manager-options.extranix.com/?query=syncthing&release=release-24.05

For your specific use case, you could also consider creating a new user group and adding the synthing user as well as any other users that need access to the sync’d dir to this group. (Or skip the extra group and use xattrs to manage access.)

Yes, I’ve seen that option. But I was somewhat deterred by it due to it’s lack of configuration options when compared to the NixOS module. Anyway, I would consider it, if I could figure out if/how I can start this at boot, so that multiple user can sync their files without having to login. Do you happen to know that?

For now, I’m attempting to solve it using systemd.users.services.syncthing.enable = true. This does start the service for my user. For the other user on my system, systemctl --user status syncthing yields syncthing.service: Service has no ExecStart=, ExecStop=, or SuccessAction=. Refusing. I expected trouble because this service hosts its UI under a specific port, which is bound to collide for multiple users, but this error doesn’t seem to be concerned with that.

When I try to systemctl --user start syncthing as that user, I get Failed to start syncthing.service: Unit syncthing.service has a bad unit file setting. See user logs and 'systemctl --user status syncthing.service' for details.

That error makes sense, since the directory in which the systemd unit file is located for my user (/home/myuser/.config/systemd/user/default.target.wants) does not exist for the other user (everything from systemd/ is missing). Any ideas why?

Edit: It seems this systemd unit file was a leftover from a previous home-manager install. The NixOS user service installation does not seem to create unit files for any users. That seems pretty broken, no?

I managed to make it work by basically copying the content of the home-manager unit file like

  systemd.user.services = {
    syncthing = {
      enable = true;
      wantedBy = ["default.target"];
      serviceConfig = {
        ExecStart = "'${pkgs.syncthing}/bin/syncthing' '-no-browser' '-no-restart' '-logflags=0'";
        LockPersonality = "true";
        MemoryDenyWriteExecute = "true";
        NoNewPrivileges = "true";
        PrivateUsers = "true";
        Restart = "on-failure";
        RestartForceExitStatus = "3";
        RestrictNamespaces = "true";
        SuccessExitStatus = "4";
        SystemCallRchitectures = "native";
        SystemCallFilter = "@system-service";
      };
      unitConfig = {
        After = "network.target";
        Description = "Syncthing - Open Source Continouos File Synchronization";
        Documentation = "man:syncthing(1)";
      };
    };
  };

I don’t consider this particularly pretty, but it does work and it auto-resolves the anticipated port collision