Merge branch 'main' into vendoring-dependencies-flox-build-tutorial

Author: barstoolbluz

.github/actions/common-setup/action.yml

@@ -30,7 +30,8 @@ runs:
   using: "composite"
   steps:
     - name: "Setup Tailscale"
-      uses: "tailscale/github-action@v4"
+      uses: tailscale/github-action@306e68a486fd2350f2bfc3b19fcd143891a4a2d8 # v4
+
       if: ${{ inputs.TAILSCALE_AUTH_KEY }}
       with:
         oauth-secret: "${{ inputs.TAILSCALE_AUTH_KEY }}"
@@ -39,10 +40,12 @@ runs:
         use-cache: true
 
     - name: "Install newer Nix"
-      uses: "cachix/install-nix-action@v24"
+      uses: cachix/install-nix-action@7ac1ec25491415c381d9b62f0657c7a028df52a7 # v24
+
 
     - name: "Configure Nix"
-      uses: "flox/configure-nix-action@main"
+      uses: flox/configure-nix-action@1ee58d63463cb1870ab73d9df0acfd9d8ba671f8 # main
+
       with:
         github-access-token:    "${{ inputs.GITHUB_ACCESS_TOKEN }}"
         substituter:            "${{ inputs.SUBSTITUTER }}"

.github/dependabot.yml

@@ -26,3 +26,9 @@ updates:
     all:
       patterns:
         - "*"
+
+
+- package-ecosystem: "github-actions"
+  directory: "/.github/actions/common-setup"
+  schedule:
+    interval: "weekly"

.github/workflows/auto-label.yml

@@ -14,7 +14,8 @@ jobs:
       issues: write
     steps:
     - name: Add label automatically to new issues and PRs
-      uses: actions-ecosystem/action-add-labels@v1
+      uses: actions-ecosystem/action-add-labels@18f1af5e3544586314bbe15c0273249c770b2daf # v1
+
       with:
         github_token: "${{ secrets.GITHUB_TOKEN }}"
         labels: "documentation"

.github/workflows/ci.yml

@@ -32,15 +32,18 @@ jobs:
 
     steps:
       - name: "Checkout"
-        uses: "actions/checkout@v6"
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+
         with:
           fetch-depth: 0
 
       - name: "Install Flox"
-        uses: "flox/install-flox-action@main"
+        uses: flox/install-flox-action@c94e7e1ab56ae14fe98bae4fd84384fd135f0c2a # main
+
 
       - name: "Build"
-        uses: "flox/activate-action@main"
+        uses: flox/activate-action@d2c0d305d166520ed1cc2485bf10cd83cd859674 # main
+
         with:
           command: |
             mkdocs build
@@ -50,19 +53,22 @@ jobs:
             cp netlify.toml ./public/
 
       - name: "Check markdown lint"
-        uses: "flox/activate-action@main"
+        uses: flox/activate-action@d2c0d305d166520ed1cc2485bf10cd83cd859674 # main
+
         with:
           command: "markdownlint-cli2"
 
       - name: "Check external links"
         if: ${{ github.event_name == 'pull_request' }}
-        uses: "flox/activate-action@main"
+        uses: flox/activate-action@d2c0d305d166520ed1cc2485bf10cd83cd859674 # main
+
         with:
           command: "./check_links.sh"
 
       - name: "Publish to Netlify"
         if: ${{ github.repository_owner == 'flox' }}
-        uses: "nwtgck/actions-netlify@v3.0"
+        uses: nwtgck/actions-netlify@4cbaf4c08f1a7bfa537d6113472ef4424e4eb654 # v3.0
+
         env:
           NETLIFY_AUTH_TOKEN: "${{ secrets.MANAGED_NETLIFY_TOKEN }}"
           NETLIFY_SITE_ID:    "${{    vars.MANAGED_NETLIFY_FLOXDOCS_ID }}"

.github/workflows/update.yml

@@ -17,16 +17,19 @@ jobs:
 
     steps:
       - name: "Checkout"
-        uses: "actions/checkout@v6"
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+
 
       - name: "Install flox"
-        uses: "flox/install-flox-action@main"
+        uses: flox/install-flox-action@c94e7e1ab56ae14fe98bae4fd84384fd135f0c2a # main
+
 
       - name: "Run upgrade"
         run: "flox -vvv upgrade"
 
       - name: "Create Pull Request"
-        uses: "peter-evans/create-pull-request@v8"
+        uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8
+
         with:
           token: "${{ secrets.MANAGED_FLOXBOT_GITHUB_ACCESS_TOKEN_REPO_SCOPE }}"
           add-paths: ".flox"

docs/tutorials/default-environment.md

@@ -18,7 +18,7 @@ in order to install packages system-wide.
 This has a number of drawbacks:
 
 - You often only have a single package version to choose from.
-- You often can't install multiple versions side-by-side.
+- You often can't install multiple versions of a package side-by-side.
 - You can't ensure that multiple machines get the exact same version.
 - You may not be able to back up the list of installed packages.
 
@@ -29,9 +29,10 @@ so let's take a look at how to set it up.
 
 At the most basic level, the `default` environment is simply an environment
 called `default`.
-`default` environments are typically [shared via FloxHub][floxhub-env];
-We refer to the one associated with your account,
-as _your_ `default` environment.
+`default` environments are typically [shared via FloxHub][floxhub-env], but
+you can also manage environments with git.
+We refer to the environment associated with your user account as _your_
+`default` environment.
 
 In some cases Flox will prompt to set up your `default` environment for you.
 To create the `default` environment yourself,
@@ -46,11 +47,9 @@ flox auth status || flox auth login
 flox init -r <youruser>/default
 ```
 
-Once the environment has been created,
-you'll want to configure your shell to activate the environment with every new
-shell.
-This can be done as part of the automatic setup,
-or you can add a single line to your shell's RC file:
+Once the environment has been created, configure your shell to activate the
+environment with every new shell. This can be done as part of the automatic
+setup, or you can add a single line to your shell's RC file:
 
 === "Bash"
 
@@ -95,9 +94,9 @@ or you can add a single line to your shell's RC file:
 Once you've added that line to your shell,
 you'll need to restart your shell (or open a new one) for the changes to
 take effect.
-If you don't want to activate it automatically, the default
-environment can simply be activated using `-d` parameter of the Flox CLI
-like so:
+If you don't want to activate it automatically from your shell
+initialization scripts, you can activate the default environment
+explicitly when needed:
 
 ```{ .bash .copy }
 flox activate -r <your username>/default
@@ -125,8 +124,6 @@ $ flox install hello
 ✅ 'hello' installed to environment 'default'
 ```
 
-It worked (though you shouldn't be surprised; Flox is awesome)!
-
 ## Installing packages to the default environment from another Flox environment
 
 If you're in a project directory with an existing Flox environment,
@@ -138,7 +135,7 @@ environment.
 All you need to do is pass the `-r` argument to the `install` command, like so:
 
 ```{ .bash .copy }
-flox install -r <your username>/default ~ hello
+flox install -r <your username>/default hello
 ```
 
 When you do this, you should see the following output, indicating success:

docs/tutorials/flox-and-systemd.md

@@ -0,0 +1,207 @@
+---
+title: Flox and systemd
+description: Run Flox environment services as persistent systemd units.
+---
+
+# Flox and systemd
+
+Flox environments have a built-in concept of [services][services_concept].
+Flox environment services are managed by invoking the `flox services`
+category of sub-commands such as [`flox services status`][flox_services_status].
+In some scenarios, you may want to register Flox services to be run and managed
+by the operating system's systemd.
+For example, systemd can auto-start services when the host is booting
+or when a service crashes.
+
+This tutorial shows how to create and use systemd services with Flox
+by creating unit files manually.
+You will learn how to run a Flox environment service as both a
+**systemd user unit** and a **systemd system unit**.
+
+## Prerequisites
+
+- A Linux system with systemd support.
+  This tutorial was tested on Ubuntu 24.04 and 26.04.
+- Flox installed in multi-user mode.
+  This tutorial was tested on Flox 1.11.0.
+
+## Constraints
+
+- The systemd service that invokes Flox cannot run as root.
+- The service cannot listen on a port with a value less than 1024.
+- The UID for the user running the systemd service should be >= 1000
+  for logs to function properly.
+  See [flox#2e789b5][uid_fix] for details.
+- Logs may not function properly if the process forks.
+  See [flox#9b1e750][fork_fix] for details.
+
+## Run a Flox environment service as a systemd user unit
+
+In this section you will set up a Redis service from a FloxHub environment
+and run it as a systemd user unit.
+
+### Create the Redis environment locally
+
+Pull the `flox/redis` environment from FloxHub into your home directory:
+
+``` { .bash .copy }
+flox pull flox/redis -d ~/redis
+```
+
+### Test the environment with Flox services
+
+Before creating the systemd unit,
+verify that the environment works:
+
+``` { .bash .copy }
+cd ~/redis
+flox activate -s
+flox services status
+redis-cli -p $REDIS_PORT ping
+exit
+```
+
+### Create the systemd user service
+
+Create the systemd user unit file:
+
+``` { .bash .copy }
+mkdir -p ~/.config/systemd/user/
+cat > ~/.config/systemd/user/redis.service << 'EOF'
+[Unit]
+Description=Redis Server (Flox)
+
+[Service]
+ExecStart=flox activate -d %h/redis -c 'redis-server --bind $REDIS_HOST --port $REDIS_PORT --daemonize no --dir $REDIS_DATA'
+
+[Install]
+WantedBy=default.target
+EOF
+```
+
+By default, systemd user units only run while the user is logged in.
+Enabling **lingering** allows the service to start at boot without a login session.
+If you only need the service to run while you are logged in,
+you can skip this step.
+
+``` { .bash .copy }
+sudo loginctl enable-linger $USER
+```
+
+Load, enable, and start the service:
+
+``` { .bash .copy }
+systemctl --user daemon-reload
+systemctl --user enable redis.service
+systemctl --user start redis.service
+```
+
+Verify the service is running:
+
+``` { .bash .copy }
+systemctl --user status redis.service
+```
+
+Verify Redis is responding:
+
+``` { .bash .copy }
+flox activate -d ~/redis -c 'redis-cli -p "$REDIS_PORT" ping'
+# should respond PONG
+```
+
+### User unit cleanup
+
+To stop and fully remove the systemd user unit:
+
+``` { .bash .copy }
+systemctl --user stop redis.service
+systemctl --user disable redis.service
+rm ~/.config/systemd/user/redis.service
+systemctl --user daemon-reload
+```
+
+## Run a Flox environment service as a systemd system unit
+
+For services that should run under a dedicated system user rather than
+your personal account,
+you can create a system-level systemd unit instead.
+
+### Create a dedicated Redis user and environment
+
+``` { .bash .copy }
+sudo useradd --system --create-home --shell /usr/sbin/nologin redis
+sudo -u redis flox pull flox/redis -d /home/redis/redis
+```
+
+### Create the system unit file
+
+Since the `redis` user has no login session,
+user units will not work.
+Create a system unit instead:
+
+``` { .bash .copy }
+sudo tee /etc/systemd/system/redis.service << 'EOF'
+[Unit]
+Description=Redis Server (Flox)
+
+[Service]
+User=redis
+ExecStart=flox activate -d /home/redis/redis -c 'redis-server --bind $REDIS_HOST --port $REDIS_PORT --daemonize no --dir $REDIS_DATA'
+
+[Install]
+WantedBy=multi-user.target
+EOF
+```
+
+!!! note "Note"
+    Enable lingering is not needed for system units.
+    System units start at boot automatically.
+
+### Load, enable, and start
+
+``` { .bash .copy }
+sudo systemctl daemon-reload
+sudo systemctl enable redis.service
+sudo systemctl start redis.service
+```
+
+### Verify
+
+``` { .bash .copy }
+sudo systemctl status redis.service
+```
+
+``` { .bash .copy }
+flox activate -d ~/redis -c 'redis-cli -p $REDIS_PORT ping'
+# should respond PONG
+```
+
+!!! note "Note"
+    Key differences from the user unit approach:
+    the system unit goes in `/etc/systemd/system/`,
+    uses `multi-user.target`,
+    requires `sudo`,
+    and no lingering is needed.
+
+### System unit cleanup
+
+To stop and fully remove the systemd system unit:
+
+``` { .bash .copy }
+sudo systemctl stop redis.service
+sudo systemctl disable redis.service
+sudo rm /etc/systemd/system/redis.service
+sudo systemctl daemon-reload
+```
+
+## Where to next?
+
+- :simple-readme:{ .flox-purple .flox-heart } [Learn more about services][services_concept]
+
+- :simple-readme:{ .flox-purple .flox-heart } [Sharing environments][sharing_guide]
+
+[services_concept]: ../concepts/services.md
+[flox_services_status]: ../man/flox-services-status.md
+[sharing_guide]: ./sharing-environments.md
+[uid_fix]: https://github.com/flox/flox/commit/2e789b55de153b80a23367b236334ffbe84d6289
+[fork_fix]: https://github.com/flox/flox/commit/9b1e7504fd5dd482d9afeda1e21ecfe8d1f86593