Features:
+* add a new ExecStart= flag that inserts the configured user's shell as first
+ word in the command line. (maybe use character '.'). Usecase: tool such as
+ uid0 can use that to spawn the target user's default shell.
+
+* varlink: figure out how to do docs for our varlink interfaces. Idea: install
+ interface files augmented with docs in /usr/share/ somewhere. And have
+ functionality in varlinkctl to merge interface info extracted from binaries
+ with interface info on disk. And store the doc strings only in the latter.
+
+* introduce mntid_t, and make it 64bit, as apparently the kernel switched to
+ 64bit mount ids
+
+* use udev rule networkd ownership property to take ownership of network
+ interfaces nspawn creates
+
* add a kernel cmdline switch (and cred?) for marking a system to be
"headless", in which case we never open /dev/console for reading, only for
writing. This would then mean: systemd-firstboot would process creds but not
file system paths to enable on start.
• make systemd-fstab-generator look for a system credential encoding root= or
usr=
- • systemd-homed: when initializing, look for a credential
- systemd.homed.register or so with JSON user records to automatically
- register if not registered yet. Use case: deploy a system, and add an
- account one can directly log into.
• in gpt-auto-generator: check partition uuids against such uuids supplied via
sd-stub credentials. That way, we can support parallel OS installations with
pre-built kernels.
- support new FS_IOC_ADD_ENCRYPTION_KEY ioctl for setting up fscrypt
- maybe pre-create ~/.cache as subvol so that it can have separate quota
easily?
- - add a switch to homectl (maybe called --first-boot) where it will check if
- any non-system users exist, and if not prompts interactively for basic user
- info, mimicking systemd-firstboot. Then, place this in a service that runs
- after systemd-homed, but before gdm and friends, as a simple, barebones
- fallback logic to get a regular user created on uninitialized systems.
- store PKCS#11 + FIDO2 token info in LUKS2 header, compatible with
systemd-cryptsetup, so that it can unlock homed volumes
- maybe make all *.home files owned by `systemd-home` user or so, so that we