RFC draft HMT

2025-11-09 03:56:11 +01:00 · 2024-09-11 20:56:49 -03:00 · 2024-09-11 20:56:49 -03:00 · eb52164c4b
commit eb52164c4b
parent 7628248efc
1 changed files with 306 additions and 0 deletions
--- a/rfcs/9999-user-management.md
+++ b/rfcs/9999-user-management.md
@ -0,0 +1,306 @@
 ---
 feature: I'm Gonna Build My Own Manager With Blackjack and Modules!
 start-date: (fill me in with today's date, YYYY-MM-DD)
 author: Anderson Torres
 co-authors: (find a buddy later to help out with the RFC)
 shepherd-team: (names, to be nominated and accepted by RFC steering committee)
 shepherd-leader: (name to be appointed by RFC steering committee)
 related-issues: (will contain links to implementation PRs)
 ---
 # Summary
 [summary]: #summary
 Enhance Nixpkgs monorepo with a declarative management system for basic users.
 # Terminology
 [terminology]: #terminology
 Henceforth,
 - The typical unprivileged user of a system will be called _basic user_;
 - The typical privileged user of a system will be called _superuser_;
 # Motivation
 [motivation]: #motivation
 [Nixpkgs](https://github.com/NixOS/nixpkgs) is by a far margin the largest
 packageset in this existence, according to
 [Repology](https://repology.org/repository/nix_unstable).
 In principle, currently the Nix interpreter and evaluator already leverage
 Nixpkgs for basic users. However, this raw usage is not very ergonomical,
 especially when compared to the structured model provided by NixOS.
 In this panorama, the average user has two extreme options here:
 - system-wide configuration via NixOS, requiring superuser privileges;
 - ad-hoc management via raw Nix commands, especially the not-recommended
  `nix-env`.
 This RFC proposes to fill this gap: a structured model of system management for
 basic users that does not require superuser privileges to be deployed.
 # Detailed Design
 [design]: #detailed-design
 In a dedicated directory inside the Nixpkgs monorepo a well-crafted set of core
 modules, plus some companion modules, will be created and maintained.
 Further, a companion toolset (henceforth called `hometool`) to manipulate and
 deploy the home environment will be provided.
 This toolset plus module set should provide the following properties:
 - Declarativeness
  Users can specify the configuration of their systems in Nix language, by a set
  of detailed descriptions.
 - Immutability
  As a consequence of declarativeness, the resulting descriptions are immutable.
  It allows comparing them by knowing precisely what changed between
  configurations.
 - Customizability
  Users can derive specialized module configurations from current module set.
 - Extensibility
  Users can extend the module set by writing their own, leveraged by overlay and
  other Nix language constructs.
 - Scalability
  `hometool` should be scalable from the simplest to the more complex user
  environment definitions.
 - Documentation
  Both the `hometool` and the moduleset should be well documented.
 - Human Friendliness
  This `hometool` should be approachable with clear and understandable logging
  messages, plus the aforementioned documentation.
 # Examples and Interactions
 [examples-and-interactions]: #examples-and-interactions
 Let's call `hometool` the tool used by the basic users to deploy and deal with
 their configurations.
 ```shell
 $> ### help message, possibly pointing to further detailed and/or specialized help, like `--all`, `--modules`
 $> hometool help
 $> ### generate a sample config; can be enhanced with a wizard
 $> hometool sample-config > user-configuration.nix
 $> ### because we like to tweak things a bit
 $> emacs user-configuration.nix
 $> ### build it first without deploying it yet
 $> hometool build
 $> ### a container to test it before deploying - for us paranoids!
 $> hometool container
 $> ### now install it!
 $> hometool install
 $> ### list the generations
 $> hometool generations list
 $> ### list differences between generations
 $> hometool generations diff 9 10
 $> ### select a specific generation
 $> hometool generations select 10
 $> ### remove older generations, marking them to be garbage-collected
 $> hometool generations remove 1-8
 ```
 # Drawbacks
 [drawbacks]: #drawbacks
 - Why not to keep this tool outside Nixpkgs monorepo?
  It can be argued that overlays and other facilities provided by Nix language
  allow to keep entire projects outside the Nixpkgs monorepo.
  However, any of those projects suffer of an unpleasant phenomenon: the second
  class citizen repo.
  Basically, a repository outside the monorepo will not receive the same level
  of care and attention of a project inside the monorepo. It happens because,
  among other things,
  - it is harder to pay attention in multiple repositories at the same time slot
    than only one;
  - it is harder to deal with pieces of code contained in distinct repositories;
  - it is harder to synchronize multiple repositories;
  Because of those hurdles, it becomes easier to ignore the repos outside the
  main monorepo.
  As a consequence, breaking changes in the monorepo are prone to be decided
  without taking the satellite repos into consideration. This situation leads
  the satellite repos to deal with the extra work of synchronizing with the
  recent changes.
  By living inside the main monorepo, the problems exposed above diminishes
  drastically.
  Further, having this home management toolset inside the monorepo brings many
  advantages:
  - No longer dealing with synchronization among projects
  - Better strategies for code deduplication, sharing and refactoring
  - Direct access to the most recent enhancements available
    Indeed this is precisely what happens in NixOS already: when a program is
    added, a NixOS module and test suite can be plugged in the same pull
    request, with few to no bureaucracy.
  - Reputation
    A home management toolset kept in the monorepo has the social add-on of
    being better regarded by the Nixpkgs community as a whole, since there will
    be no barriers for contribution from this same community.
 - The monorepo will increase in size.
  The increase in size is expected to be small.
  Since we are building a set of modules to deal with the Nixpkgs packageset, a
  good heuristic approximation of the worst case would be the current size of
  `nixos` directory - after all, we want NixOS without superuser privileges.
  A quick `du` returns something like this.
  ```shell
  $> du -sh nixos/ pkgs/
  024572 nixos/
  379536 pkgs/
  ```
  By the numbers above, obtained locally at 2024-09-13, `nixos` occupies less
  than 7% of the sum of both `nixos + pkgs`. A quick and dirty calculation would
  bring a similar 7% increase in size.
  This is certainly a crude calculation, however we are ignoring many factors
  that will bring these numbers down. Namely:
  - Refactorings
    Similar code can be factored and abstracted.
  - Code sharing
    Code that was initially projected for basic user management can be found
    useful for superuser management too.
 - Code duplications.
  Code duplications can be refactored as they appear.
  Indeed it is way easier to deal with code duplication in a monorepo: since the
  barrier of communication between multiple repositories disappears, a
  duplicated code can be factored more easily, requiring just one pull request
  instead of one per repo.
 - Evaluation times of monorepo will increase.
  The increase in evaluation time is a bit harder to measure. However,
  - "increase in evaluation time" was not an argument strong enough for undoing
    the NixOS assimilation;
  - arguably, the increase in evaluation time will be felt by those effectively
    using the hometool; the remaining users will not be signficatively affected.
  - a similar argument for the increase in size can be crafted here.
  The perceived advantages of having this module system surpasses these small
  disadvantages
 # Alternatives
 [alternatives]: #alternatives
 - The trivial "do nothing".
 - Promote an alternative toolset.
  The most viable alternative in this field is home-manager. However it is not
  so easy to assimilate a consolidated project within another consolidated
  project, not only in terms of source code, but also in terms of community and
  decision-making.
  A better approach would be promote some form of a healthy competition, in
  which home-manager and hometool are different projects competing for the same
  niche, each with their own teams, communities, design projects etc.; further,
  both teams are free to share code between them, provided they follow their
  corresponding licenses in doing so.
 - Promote `guix home`
  What? Lisp is cool!
 # Prior art
 [prior-art]: #prior-art
 ## Guix Home
 As an example of prior art, there is our Scheme-based cousin, Guix Software
 Distribution. Since at least 2022 AD they bring a similar tool, conveniently
 called Guix Home.
 The nicest thing about this tool is that it is tightly integrated with Guix, to
 the point of `home` being a mere subcommand of `guix`.
 ## Home Manager
 Home Manager is a well-established toolset that leverages the Nixpkgs module
 system to allow basic users to manage their user-specific environment in a
 declarative way.
 ## Wrapper Manager
 Wrapper-manager is a Nix library that allows the user to configure your favorite
 applications without adding files into `~/.config`. This is done by creating
 wrapper scripts that set the appropriate environment set - variables, flags,
 configuration files etc. - to the wrapped program.
 # Unresolved questions
 [unresolved]: #unresolved-questions
 Given that this tool will live inside Nixpkgs monorepo, it is expected that
 future packages will interact with this new tool. How those interactions should
 be dealt?
 # Future work
 [future]: #future-work
 - Update an extend the CI
 - Set expectations on portability among present and future platforms Nixpkgs
  supports
  - Especially outside NixOS
  - Especially outside Linux
 # References
 [references]: #references
 - [Home Manager](https://nix-community.github.io/home-manager/)
 - [Keeping One's Home
  Tidy](https://guix.gnu.org/en/blog/2022/keeping-ones-home-tidy/), by Ludovic
  Courtès
 - [Guix Home
  Configuration](https://guix.gnu.org/manual/devel/en/html_node/Home-Configuration.html)
 - [Wrapper Manager](https://github.com/viperML/wrapper-manager)
 - [Stop Using nix-env](https://stop-using-nix-env.privatevoid.net/)
 - [Overlay for User Packages](https://gist.github.com/LnL7/570349866bb69467d0caf5cb175faa74) by LnL7
 - [BuilEnv-based Declarative User
  Environment](https://gist.github.com/lheckemann/402e61e8e53f136f239ecd8c17ab1deb)
  by lheckellman
 - [Nix Home](https://github.com/museoa/nix-home/)
  - Forked and archived from [Nix Home](https://github.com/sheenobu/nix-home/)
  - with patches saved from other forks
 - [nix-config from akavel](https://github.com/akavel/nix-config/tree/master/.nixpkgs)
  - https://github.com/sheenobu/nix-home/issues/16
  - https://github.com/akavel/nix-config/blob/510f36861cc4a641bd976ad25dd339949b47339d/.nixpkgs/nix-home.nix
  - https://github.com/akavel/nix-config/blob/510f36861cc4a641bd976ad25dd339949b47339d/.nixpkgs/nix-home.sh
  - https://github.com/akavel/nix-config/blob/510f36861cc4a641bd976ad25dd339949b47339d/.nixpkgs/config.nix#L57
 - [GNU Stow](https://www.gnu.org/software/stow/)