From 95559181518533741c516826ae377a51814569c3 Mon Sep 17 00:00:00 2001
From: toonn <toonn@toonn.io>
Date: Mon, 20 Jun 2022 10:59:26 +0200
Subject: [PATCH] nix-darwin: simplify activation script invocation

In #587, kalbasit introduce the `-i` flag so the sudo invocation would
run in an environment with `HOME` set to the correct value for the
target user. This was necessary to be able to set up multiple users
without interfering with the invoking user's `HOME`.

In #807, I switched to `-s` instead because I managed to get an
invalid shell set for my user by switching `useUserPackages` from
`true` to `false` which changes the location where packages are
installed and `~/.nix-profile/bin/<my-shell>` was no longer valid.
This was based on the assumption that `SHELL` would be set to some
sensible value by Home Manager at this point. This turned out to be
false as reported in #2900.

In 0ced6d6d (this commit's parent at this time), I explicitly set
`SHELL` to `${pkgs.bash}` so it is definitely set to a good shell when
invoking the activation script.

However, #807 broke activation for multiple users, the original
motivation for `-i`, as reported in #2856. I fixed this in #2857 by
additionally passing `--set-home`.

Further discussion with rycee in #3040 made me realize that the
activation script already has a good Nix store bash shebang. So all
the problems have been caused, not by the shell used for the
activation script but by sudo trying to use a different shell at all.
`-i` uses the shell set in the `passwd` file for the target user, but
this can become invalid as happened to me. `-s` uses either `SHELL` if
it's defined or the invoking user's shell as set in the `passwd` file.
By explicitly setting this to a shell provided by Nix we make sure
we're not trying to launch a non-existent shell. However, we're
clearly already running in an existing shell and because of
`--set-home` we can activate other users properly so there's not
actually any need to try to have sudo start a different shell first,
it just adds an extra process that then goes on to run the activation
script with a good bash because of the shebang.

Dropping `-s` altogether and keeping `--set-home` should avoid all of
these issues.
---
 nix-darwin/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nix-darwin/default.nix b/nix-darwin/default.nix
index 2d0f77221..018e9bab6 100644
--- a/nix-darwin/default.nix
+++ b/nix-darwin/default.nix
@@ -15,7 +15,7 @@ in {
       system.activationScripts.postActivation.text = concatStringsSep "\n"
         (mapAttrsToList (username: usercfg: ''
           echo Activating home-manager configuration for ${username}
-          SHELL=${pkgs.bash} sudo -u ${username} -s --set-home ${
+          sudo -u ${username} --set-home ${
             pkgs.writeShellScript "activation-${username}" ''
               ${lib.optionalString (cfg.backupFileExtension != null)
               "export HOME_MANAGER_BACKUP_EXT=${