darwin -> darwin doesn't invoke user activation script

[hraban]

nix-darwin has two activation scripts: regular activation (meant to run as root) and user activation. User activation is meant to run as a user with sudo permissions, for tools like brew which don't like being run as root but want to control their own privilege escalation.

When doing nix run github:serokell/deploy-rs -- --ssh-user user -s on a deployment similar to the darwin example, it runs the activation script, but not user activation.

Any idea how to get that invoked? Am I doing something wrong in calling the deploy script?

[rvem]

Hmm, I don't think that it's currently possible for a single profile to run activation scripts under multiple users.

Do you have an example of such a configuration that needs to be activated under both root and user?

As a workaround, I think it might be possible to split your configuration into two profiles: one under root and the other under your regular user

[hraban]

It's the standard MO of nix-darwin afaik. The "result" of a nix-darwin build creates two separate activation scripts, and nix-darwin switch calls them both separately. There's an entrypoint in the nix-darwin codebase which calls both those scripts. You can't just call them directly from the resulting derivation's output dir, afaik.

https://github.com/LnL7/nix-darwin/blob/0e6857fa1d632637488666c08e7b02c08e3178f8/pkgs/nix-tools/darwin-rebuild.sh#L222-L230 seems to be where it happens.