nixos/users-groups: move home dir creation to systemd tmpfiles

Fixes NixOS#6481

When the home directory is on a separate mount the user home
directories were not created.

Using systemd tmpfiles solves the race condition.

nixos/doc/manual/release-notes/rl-2305.section.md

@@ -362,6 +362,8 @@ In addition to numerous new and upgraded packages, this release has the followin
 
 - `boot.initrd.luks.device.<name>` has a new `tryEmptyPassphrase` option, this is useful for OEM's who need to install an encrypted disk with a future settable passphrase
 
+- `users.users.<name>.home` directories are created with systemd tmpfiles rules instead of activation scripts. This fixes a bug where home directories were not created when home directories were on a separate mount. (See issue [#6481](https://github.com/NixOS/nixpkgs/issues/6481))
+
 ## Detailed migration information {#sec-release-23.05-migration}
 
 ### Pipewire configuration overrides {#sec-release-23.05-migration-pipewire}

nixos/modules/config/update-users-groups.pl

@@ -224,13 +224,6 @@ sub parseUser {
         }
     }
 
-    # Ensure home directory incl. ownership and permissions.
-    if ($u->{createHome} and !$is_dry) {
-        make_path($u->{home}, { mode => oct($u->{homeMode}) }) if ! -e $u->{home};
-        chown $u->{uid}, $u->{gid}, $u->{home};
-        chmod oct($u->{homeMode}), $u->{home};
-    }
-
     if (defined $u->{passwordFile}) {
         if (-e $u->{passwordFile}) {
             $u->{hashedPassword} = read_file($u->{passwordFile});

nixos/modules/config/users-groups.nix

@@ -749,6 +749,12 @@ in {
         else null
       ));
 
+    systemd.tmpfiles.rules = lib.concatLists (lib.mapAttrsToList
+      (_: user:
+        lib.optionals user.createHome [
+          "d ${lib.escapeShellArg user.home} ${user.homeMode} ${user.name} ${user.group}"
+        ])
+      config.users.users);
   };
 
 }