Plan for removal of user activation.

[Isolaryn]

Might be a little early however I have started using the following branch which eliminates user activation.
LnL7/nix-darwin#1341

However this breaks nix-homebrew (Currently because of extraUserActivation here
https://github.com/zhaofengli/nix-homebrew/blob/a6d99cc7436fc18c097b3536d9c45c0548c694c8/modules/default.nix#L495C7-L495C26 )

https://github.com/emilazy/nix-darwin/blob/push-vuqkuqtwsoox/CHANGELOG

Accordingly, darwin-rebuild must now be run as root, the
system.activationScripts.{extraUserActivation,preUserActivation, postUserActivation} settings have been removed, and all activation
scripts are now executed as root – be careful if you override any
of them.

Making the issue to get some discussion going if/when this becomes part of nix-darwin.

[emilazy]

Since the activation script just runs a generated script with sudo, it should be pretty easy to port. Adding a lib.mkBefore to the homebrew activation script might be the best bet, although as always monkey‐patching activation scripts like that won’t necessarily be reliable. Portability between versions might be trickier; you can check for the existence of options.system.primaryUser, at least.

[Isolaryn]

Essentially what I did and it works fine.
203f092

There doesn't seem to be a nicer way to hook into each step as this has to run before homebrew but after stuff like users
https://github.com/emilazy/nix-darwin/blob/a387b4ba6b76286a263de57921ed1a629202a4cd/modules/system/activation-scripts.nix#L136

[emilazy]

Right. You could drop the sudo conditional on the existence of the primary user option, but I guess it’s harmless.

Though, if it has to run after users, note that it’s not currently doing so. User activation runs before system activation at present.

[Isolaryn]

Yeah, not dropping the sudo was just to keep changes to a minimal.
I would agree we need some conditional logic to support both old and new nix-darwin variations. We need to both modify extraUserActivation to homebrew and setup-homebrew to conditionally drop the sudo then.
I only considered adding it after users in case someone wanted homebrew to be owned from a nix managed user.

[emilazy]

You can use homebrew even on current nix-darwin; it will just run in user activation instead. So you can make do with no conditionals at all, probably, and just drop the sudo when 24.11 goes out of support. (Of course this is assuming the Plan lands as‐is.)

In an ideal world the monkey‐patching could be avoided entirely though… but for something like this it seems like the best option. Would be nice to have Homebrew installation management upstream, but there are a lot of trade‐offs…

[zhaofengli]

I opened #64 to support this. There is a bit of monkey-patching to detect the presence of options.system.primaryUser to avoid the extraneous sudo, but as mentioned we won't need to keep carrying it after 24.11 goes out of support.