=== modified file 'zsh-functions/confz_containers_init'
--- old/zsh-functions/confz_containers_init	2022-08-11 17:30:42 +0000
+++ new/zsh-functions/confz_containers_init	2022-08-11 13:22:20 +0000
@@ -117,7 +117,7 @@
 		"s6-setuidgid $vars[log_uid]:$vars[log_gid]"
 		"s6-log -b -- t ${(qqq)vars[log_dir]}"
 	)
-
+	
 	require fs_d filename=$vars[svc_dir]/log
 	require fs_m filename=$vars[svc_dir]/log mode=755
 	require fs_contentnl filename=$vars[svc_dir]/log/run \
@@ -199,28 +199,11 @@
 
 confz_container_sysroot_user_check() {
 	checkvars containers_dir image_name
-	unify sysroot_user container-$vars[image_name]
-	unify sysroot_group container-$vars[image_name]
-	require container_group group_name=$vars[sysroot_group] %gid
-	require container_user user_name=$vars[sysroot_user] %uid :gid \
+	require container_group group_name=container-$vars[image_name] %gid
+	require container_user user_name=container-$vars[image_name] %uid :gid \
 		homedir=$vars[containers_dir]/systems/root
 }
 
-confz_container_image_layout_check() {
-	checkvars containers_dir image_name
-
-	unify root $vars[containers_dir]/systems/$vars[image_name]
-
-	require container_sysroot_user :containers_dir :image_name \
-		%uid %gid %sysroot_user %sysroot_group
-}
-confz_container_image_layout_svc_check() {
-	checkvars containers_dir svscan_dir image_name
-	unify sysroot_svc $vars[svscan_dir]/container.$container.sysroot
-	require container_image_layout :containers_dir :image_name \
-		%root %uid %gid %sysroot_user %sysroot_group
-}
-
 confz_container_image_owner_check() {
 	checkvars containers_dir image_name uid gid
 	do_command=(
@@ -240,9 +223,7 @@
 	defvar container_name "$vars[image_name]"
 	container=$vars[container_name]
 
-	require container_image_layout_svc \
-		:containers_dir :svscan_dir :image_name \
-		%uid %gid %sysroot_svc %root %sysroot_user %sysroot_group
+	require container_sysroot_user %uid %gid :containers_dir :image_name
 	require container_image_owner :uid :gid :containers_dir :image_name
 
 	require fs_d filename=$vars[containers_dir]/user/sysroot
@@ -272,14 +253,15 @@
 		"${(f@)vars[fstab_extra]}"
 	)
 
+	svc_dir=$vars[svscan_dir]/container.$container.sysroot
 	require container_service_preset preset=sysroot \
-		svc_dir=$vars[sysroot_svc] control_user=$vars[uid] control_group=$vars[gid] \
+		svc_dir=$svc_dir control_user=$vars[uid] control_group=$vars[gid] \
 		root_link=$container_user_dir/root \
 		fstab=${(F)fstab} \?down \?fstab_post
-	require fs_d filename=$vars[sysroot_svc]/env
-	require fs_contentnl filename=$vars[sysroot_svc]/env/CONTAINER_USER \
+	require fs_d filename=$svc_dir/env
+	require fs_contentnl filename=$svc_dir/env/CONTAINER_USER \
 		content=container-$vars[image_name]
-	require fs_contentnl filename=$vars[sysroot_svc]/env/CONTAINER_NAME \
+	require fs_contentnl filename=$svc_dir/env/CONTAINER_NAME \
 		content=$container
 }
 
@@ -822,11 +804,11 @@
 }
 
 confz_container_alpine_apk_check() {
-	checkvars sysroot_user root arch
+	checkvars user root arch
 	defvar keys_dir /etc/apk/keys
 	defvar apk_executable apk
 	do_command=(
-		s6-setuidgid $vars[sysroot_user]
+		s6-setuidgid $vars[user]
 		$vars[apk_executable]
 		--update-cache
 		--initdb
@@ -848,20 +830,21 @@
 	defvar hostname $vars[image_name]
 	defvar locale C.UTF-8
 
-	require container_image_layout :containers_dir :image_name \
-		 %uid %gid %root %sysroot_user
-	require container_alpine_base_layout :uid :gid :root
-	require container_alpine_base_files :uid :gid :root \
+	local root=$vars[containers_dir]/systems/$vars[image_name]
+
+	require container_sysroot_user %uid %gid :containers_dir :image_name
+	require container_alpine_base_layout :uid :gid root=$root
+	require container_alpine_base_files :uid :gid root=$root \
 		:mirror :release :repositories :hostname :locale
-	require container_alpine_apk :arch :root :sysroot_user
+	require container_alpine_apk :arch \
+		root=$root user=container-$vars[image_name]
 }
 
 confz_container_alpine_packages_installed_check() {
 	checkvars containers_dir image_name packages svscan_dir
 
-	require container_image_layout_svc \
-		:containers_dir :svscan_dir :image_name \
-		%sysroot_svc
+	require container_service_sysroot :containers_dir :svscan_dir \
+		:image_name
 
 	local root=$vars[containers_dir]/systems/$vars[image_name]
 	local -a world=( "${(@f)$(<$root/etc/apk/world)}" )
@@ -873,7 +856,8 @@
 	done
 
 	do_command=(
-		$commands[cd] $vars[sysroot_svc] container_sysroot_run
+		$commands[cd] $vars[svscan_dir]/container.$vars[image_name].sysroot
+		container_sysroot_run
 		/sbin/apk add --no-chown $missing
 	)
 
@@ -900,11 +884,11 @@
 }
 
 confz_container_void_xbps_check() {
-	checkvars sysroot_user root arch mirror repository
+	checkvars user root arch mirror repository
 	defvar xbps_install_executable xbps-install
 	do_command=(
 		env XBPS_ARCH=$vars[arch]
-		s6-setuidgid $vars[sysroot_user]
+		s6-setuidgid $vars[user]
 		$vars[xbps_install_executable]
 		--sync
 		--rootdir $vars[root]
@@ -922,31 +906,32 @@
 	#defvar hostname $vars[image_name]
 	#defvar locale C.UTF-8
 
-	require container_image_layout :containers_dir :image_name \
-		%uid %gid %root %sysroot_user
+	unify root $vars[containers_dir]/systems/$vars[image_name]
+
+	require container_sysroot_user %uid %gid :containers_dir :image_name
 	require container_generic_layout :uid :gid :root
 	require container_void_base_files :uid :gid :root
 	require container_void_xbps :arch :mirror :repository \
-		:root :sysroot_user
+		:root user=container-$vars[image_name]
 }
 
 confz_container_void_packages_installed_check() {
-	checkvars packages containers_dir image_name svscan_dir
-
-	require container_image_layout_svc \
-		:containers_dir :svscan_dir :image_name \
-		%root %sysroot_svc
-
+	checkvars containers_dir image_name packages svscan_dir
+
+	require container_service_sysroot :containers_dir :svscan_dir \
+		:image_name
+
+	local root=$vars[containers_dir]/systems/$vars[image_name]
 	local -a missing
 	local pkg
 
 	for pkg in $=vars[packages]; do
-		[[ -f $vars[root]/var/db/xbps/.${pkg}-files.plist ]] \
-			|| missing+=( $pkg )
+		[[ -f $root/var/db/xbps/.${pkg}-files.plist ]] || missing+=( $pkg )
 	done
 
 	do_command=(
-		$commands[cd] $vars[sysroot_svc] container_sysroot_run
+		$commands[cd] $vars[svscan_dir]/container.$vars[image_name].sysroot
+		container_sysroot_run
 		/usr/sbin/xbps-install --yes --sync -- $missing
 	)
 
@@ -991,7 +976,7 @@
 	require fs_o filename="$vars[root]/etc/profile.d/locale.sh" owner=$vars[uid]:$vars[gid]
 
 	require fs_l filename="$vars[root]/etc/profile.d/nix.sh" \
-		destination="/nix/var/nix/profiles/default/etc/profile.d/nix.sh"
+		destination="/nix/var/nix/profiles/default/etc/profile.d/nix.sh" 
 
 	# TODO: source Nix stuff from profile
 
@@ -1029,7 +1014,7 @@
 }
 
 confz_container_nix_image_from_release_check() {
-	checkvars containers_dir svscan_dir image_name system
+	checkvars containers_dir image_name system
 	defvar release 2.9.1
 	defvar checksum_algo sha256
 	defvar mirror https://releases.nixos.org/nix
@@ -1064,12 +1049,12 @@
 
 	(($+vars[checksum])) || die "No stored checksum for $url"
 
-	require container_nix_image :containers_dir :svscan_dir :image_name :url \
-		:checksum :checksum_algo :alpine_arch \?hostname \?locale
+	require container_nix_image :containers_dir :image_name :url \
+		:checksum :checksum_algo :alpine_arch \?hostname \?locale \?svscan_dir
 }
 
 confz_container_nix_bootstrap_packages_check() {
-	checkvars sysroot_user root arch uid gid
+	checkvars user root arch uid gid
 	defvar keys_dir /etc/apk/keys
 	defvar apk_executable apk
 	defvar mirror http://mirror.fit.cvut.cz/alpine
@@ -1088,7 +1073,7 @@
 	require fs_o filename="$vars[root]/etc/apk/repositories" owner=$vars[uid]:$vars[gid]
 
 	do_command=(
-		s6-setuidgid $vars[sysroot_user]
+		s6-setuidgid $vars[user]
 		$vars[apk_executable]
 		--update-cache
 		--initdb
@@ -1102,14 +1087,14 @@
 }
 
 confz_container_nix_bootstrap_check() {
-	checkvars root sysroot_svc sysroot_user uid gid arch
+	checkvars root svscan_dir image_name
 
-	require container_nix_bootstrap_packages \
-		:root :arch :uid :gid :sysroot_user \
-		\?keys_dir \?apk_executable \?mirror \?release \?repositories
+	require container_nix_bootstrap_packages :root \?arch \?uid \?gid \
+		\?user \?keys_dir \?apk_executable \?mirror \?release \?repositories
 
 	do_command=(
-		$commands[cd] $vars[sysroot_svc] container_sysroot_run
+		$commands[cd] $vars[svscan_dir]/container.$vars[image_name].sysroot
+		container_sysroot_run
 		/bin/busybox --install -s /bin
 	)
 
@@ -1117,7 +1102,7 @@
 }
 
 confz_container_nix_image_installed_check() {
-	checkvars root filename uid gid
+	checkvars containers_dir root user filename uid gid image_name svscan_dir
 
 	require fs_r flags=r filename=$vars[root]/${vars[filename]%.tar.*}
 
@@ -1130,7 +1115,7 @@
 
 confz_container_nix_image_installed_do() {
 	local download_dir=$vars[containers_dir]/download-cache
-	s6-setuidgid $vars[sysroot_user] \
+	s6-setuidgid $vars[user] \
 		tar -xpC "$vars[root]" -f "$download_dir/$vars[filename]" \
 		|| die "Unpacking ${(qqq)vars[filename]} failed"
 
@@ -1151,17 +1136,21 @@
 	defvar locale C.UTF-8
 	# TODO: test if these actually do something
 
-	require container_service_sysroot \
-		:containers_dir :svscan_dir :image_name \
-		%root %uid %gid %sysroot_user %sysroot_svc
+	unify root $vars[containers_dir]/systems/$vars[image_name]
+	unify user container-$vars[image_name]
 
 	require container_download_and_verify :containers_dir \
 		:checksum :checksum_algo %filename :url
 
+	require container_sysroot_user %uid %gid :containers_dir :image_name
 	require container_generic_layout :uid :gid :root
 	require container_nix_base_files :uid :gid :root :hostname :locale
 
-	require container_nix_bootstrap :sysroot_svc :root :uid :gid :sysroot_user
+	require container_service_sysroot :containers_dir :svscan_dir \
+		:image_name
+
+	require container_nix_bootstrap :user :root :uid :gid :svscan_dir \
+		:image_name \
 		\?arch=alpine_arch \
 		\?keys_dir=alpine_keys_dir \
 		\?mirror=alpine_mirrors \
@@ -1169,7 +1158,8 @@
 		\?repositories=alpine_repositories \
 		\?apk_executable
 
-	require container_nix_image_installed :filename :root :uid :gid
+	require container_nix_image_installed :filename :root :image_name \
+		:svscan_dir :uid :gid :containers_dir :user
 
 	require fs_l filename="$vars[root]/nix/var/nix/profiles/default" \
 		destination="per-user/root/profile"
@@ -1180,15 +1170,14 @@
 confz_container_nix_bin_linked_check() {
 	checkvars containers_dir image_name
 
-	require container_image_layout :containers_dir :image_name %root
-
-	local profile_dir=$vars[root]/root/.nix-profile
+	local root=$vars[containers_dir]/systems/$vars[image_name]
+	local profile_dir=$root/root/.nix-profile
 	local -A stat_info
 	zstat -L -H stat_info $profile_dir
 	# while it's a symlink
 	while (( $stat_info[mode] >> 12 == 10 )); do
 		if [[ $stat_info[link] == /* ]]; then
-			profile_dir=$vars[root]$stat_info[link]
+			profile_dir=$root$stat_info[link]
 		else
 			profile_dir=${profile_dir:h}/$stat_info[link]
 		fi
@@ -1199,28 +1188,28 @@
 
 	local b
 	for b in $profile_dir/bin/*; do
-		[[ -e $vars[root]/bin/$b:t ]] || \
-			require fs_l filename="$vars[root]/bin/${b:t}" \
+		[[ -e $root/bin/$b:t ]] || \
+			require fs_l filename="$root/bin/${b:t}" \
 				destination=../root/.nix-profile/bin/$b:t
 	done
 }
 
 confz_container_nix_packages_installed_check() {
-	checkvars packages containers_dir image_name svscan_dir
-
-	require container_image_layout_svc \
-		:containers_dir :svscan_dir :image_name \
-		%root %svscan_dir
-
+	checkvars containers_dir image_name packages svscan_dir
+
+	require container_service_sysroot :containers_dir :svscan_dir \
+		:image_name
+
+	local root=$vars[containers_dir]/systems/$vars[image_name]
 	local -A stat_info
 
-	# local profile_dir=$vars[root]/nix/var/nix/profiles/per-user/root/profile
-	local profile_dir=$vars[root]/root/.nix-profile
+	# local profile_dir=$root/nix/var/nix/profiles/per-user/root/profile
+	local profile_dir=$root/root/.nix-profile
 	zstat -L -H stat_info $profile_dir
 	# while it's a symlink
 	while (( $stat_info[mode] >> 12 == 10 )); do
 		if [[ $stat_info[link] == /* ]]; then
-			profile_dir=$vars[root]$stat_info[link]
+			profile_dir=$root$stat_info[link]
 		else
 			profile_dir=${profile_dir:h}/$stat_info[link]
 		fi
@@ -1234,7 +1223,7 @@
 	# while it's a symlink
 	while (( $stat_info[mode] >> 12 == 10 )); do
 		if [[ $stat_info[link] == /* ]]; then
-			manifest_file=$vars[root]$stat_info[link]
+			manifest_file=$root$stat_info[link]
 		else
 			manifest_file=${manifest_file:h}/$stat_info[link]
 		fi
@@ -1259,7 +1248,8 @@
 	done
 
 	do_command=(
-		$commands[cd] $vars[sysroot_svc] container_sysroot_run
+		$commands[cd] $vars[svscan_dir]/container.$vars[image_name].sysroot
+		container_sysroot_run
 		/root/.nix-profile/bin/nix-env --install $missing
 		# /var/lib/nix/profiles/default/bin/nix-env --install $missing
 	)
@@ -1275,16 +1265,17 @@
 	checkvars containers_dir image_name arch suite
 	defvar mirror http://ftp.cvut.cz/debian/
 
-	require container_image_layout :containers_dir :image_name \
-		%uid %gid %root %sysroot_user
+	unify root $vars[containers_dir]/systems/$vars[image_name]
+
+	require container_sysroot_user %uid %gid :containers_dir :image_name
+	#require container_debian_base_files :uid :gid :root
 	require container_debootstrap :root :arch :mirror :suite \
-		:uid :gid
+		user=container-$vars[image_name] :uid :gid
 	require container_generic_layout :uid :gid :root
-	#require container_debian_base_files :uid :gid :root
 }
 
 confz_container_debootstrap_check() {
-	checkvars root arch mirror suite uid gid
+	checkvars user root arch mirror suite uid gid
 	defvar variant minbase
 	defvar debootstrap_executable debootstrap
 	[[ -f $vars[root]/usr/bin/apt-get && -f $vars[root]/usr/bin/sh ]]
@@ -1304,9 +1295,8 @@
 confz_container_debian_packages_installed_check() {
 	checkvars containers_dir image_name packages svscan_dir
 
-	require container_image_layout_svc \
-		:containers_dir :image_name \
-		%uid %gid %root %sysroot_user $sysroot_svc
+	require container_service_sysroot :containers_dir :svscan_dir \
+		:image_name
 
 	local root=$vars[containers_dir]/systems/$vars[image_name]
 	local -a missing installed
@@ -1321,7 +1311,8 @@
 	done
 
 	do_command=(
-		$commands[cd] $vars[sysroot_svc] container_sysroot_run
+		$commands[cd] $vars[svscan_dir]/container.$vars[image_name].sysroot
+		container_sysroot_run
 		/usr/bin/apt-get install --trivial-only -- $missing
 	)
 
@@ -1330,25 +1321,20 @@
 }
 
 confz_container_puppet_apt_repo_check() {
-	checkvars containers_dir svscan_dir image_name arch suite
+	checkvars user root arch suite
 	defvar puppet_version 7
 
-	require container_image_layout_svc \
-		:containers_dir :image_name \
-		%uid %gid %root %sysroot_user %sysroot_svc
-
 	[[ -f $vars[root]/etc/apt/trusted.gpg.d/puppet$vars[puppet_version]-keyring.gpg \
 		&& -f $vars[root]/etc/apt/sources.list.d/puppet$vars[puppet_version].list ]]
 }
 confz_container_puppet_apt_repo_do() {
 	local deb_file=puppet7-release-$vars[suite].deb
 
-	s6-setuidgid $vars[sysroot_user] \
-		wget --unlink -O $vars[root]/root/$deb_file \
-		https://apt.puppetlabs.com/$deb_file \
-		|| return $?
-	$commands[cd] $vars[sysroot_svc] container_sysroot_run \
-		/usr/bin/dpkg -i /root/$deb_file \
-		|| return $?
+	s6-setuidgid $vars[user] \
+		wget --unlink -O $vars[root]/root/$deb_file https://apt.puppetlabs.com/$deb_file \
+		|| return $?
+	$commands[cd] $vars[svscan_dir]/container.$vars[image_name].sysroot \
+		container_sysroot_run \
+		/usr/bin/dpkg -i /root/$deb_file
 }