Aha! I get it now, thanks for clarifying. I am not against anything here, any presented solution in either the issue or here seems good imo.
Still, I would like to bring one consideration into account in case the finalization cannot be made from other service. Since you mentioned NixOS, I will followup on that: There is a use case in NixOS that isnt so common in guix system at least yet, systemd hardening (guix has least autority wrapper not used much yet). Most nixos services use hardening nowadays. When services are hardened, it can happen it is impossible to let two services communicate. This can be motigated by modifying the other service's systemd options. For example, you can share their /tmp to share a common socket. One (service) module in NixOS can then, on user's behalf, configure the other service to allow this. This is usually enabled by some kind of an option. As a specific example that I know since I tackled it recently: Sourcehut, a service for hosting git repos, tracking issues, mailing lists can, on your behalf, configure postfix so that you are able to receive mail via a socket. You can change it with `services.sourcehut.postfix.enable`, so users can omit this if they dont like it. But the service is able to do that on users behalf. During that, it needs to change the systemd service to include shared tmp with the socket. If finalizations were put to operating system, use case like this might be hard to work and support from the other service configurator will be necessary. (and moreover with current state of least autority wrapper this might still be impossible even with finalizations, but I think that is for another topic) There are probably other use cases, I am thinking of this one since I saw it recently. Rutherther
