primary-user: init

modules/module-list.nix

@@ -10,6 +10,7 @@
   ./security/sudo.nix
   ./system
   ./system/base.nix
+  ./system/primary-user.nix
   ./system/checks.nix
   ./system/activation-scripts.nix
   ./system/applications.nix

modules/system/checks.nix

@@ -31,6 +31,18 @@ let
     fi
   '';
 
+  primaryUser = ''
+    primaryUser=${escapeShellArg config.system.primaryUser}
+    if ! id -- "$primaryUser" >/dev/null 2>&1; then
+      printf >&2 '\e[1;31merror: primary user `%s` does not exist, aborting activation\e[0m\n' \
+        "$primaryUser"
+      printf >&2 'Please ensure that `system.primaryUser` is set to the name of an\n'
+      printf >&2 'existing user. Usually this should be the user you have been using to\n'
+      printf >&2 'run `darwin-rebuild`.\n'
+      exit 2
+    fi
+  '';
+
   determinate = ''
     if [[ -e /usr/local/bin/determinate-nixd ]]; then
       printf >&2 '\e[1;31merror: Determinate detected, aborting activation\e[0m\n'
@@ -275,6 +287,7 @@ in
 
     system.checks.text = mkMerge [
       (mkIf cfg.verifyMacOSVersion macOSVersion)
+      (mkIf (config.system.primaryUser != null) primaryUser)
       (mkIf config.nix.enable determinate)
       (mkIf cfg.verifyBuildUsers preSequoiaBuildUsers)
       (mkIf cfg.verifyBuildUsers buildGroupID)

modules/system/primary-user.nix

@@ -0,0 +1,60 @@
+{
+  lib,
+  options,
+  config,
+  ...
+}:
+
+{
+  options = {
+    system.primaryUser = lib.mkOption {
+      type = lib.types.nullOr lib.types.str;
+      default = null;
+      description = ''
+        The user used for options that previously applied to the user
+        running `darwin-rebuild`.
+
+        This is a transition mechanism as nix-darwin reorganizes its
+        options and will eventually be unnecessary and removed.
+      '';
+    };
+
+    system.requiresPrimaryUser = lib.mkOption {
+      internal = true;
+      type = lib.types.listOf lib.types.str;
+      default = [ ];
+    };
+  };
+
+  config = {
+    assertions = [
+      {
+        assertion = config.system.primaryUser == null -> config.system.requiresPrimaryUser == [ ];
+        message = ''
+          Previously, some nix-darwin options applied to the user running
+          `darwin-rebuild`. As part of a long‐term migration to make
+          nix-darwin focus on system‐wide activation and support first‐class
+          multi‐user setups, all system activation now runs as `root`, and
+          these options instead apply to the `system.primaryUser` user.
+
+          You currently have the following primary‐user‐requiring options set:
+
+          ${lib.concatMapStringsSep "\n" (name: "* `${name}`") (
+            lib.sort (name1: name2: name1 < name2) config.system.requiresPrimaryUser
+          )}
+
+          To continue using these options, set `system.primaryUser` to the name
+          of the user you have been using to run `darwin-rebuild`. In the long
+          run, this setting will be deprecated and removed after all the
+          functionality it is relevant for has been adjusted to allow
+          specifying the relevant user separately, moved under the
+          `users.users.*` namespace, or migrated to Home Manager.
+
+          If you run into any unexpected issues with the migration, please
+          open an issue at <https://github.com/LnL7/nix-darwin/issues/new>
+          and include as much information as possible.
+        '';
+      }
+    ];
+  };
+}