system/users-groups.nix is now a configuration file.
Remove user & group references from system/system.nix. svn path=/nixos/branches/fix-style/; revision=13678
This commit is contained in:
parent
8d5553a4d5
commit
145345c307
@ -1,62 +0,0 @@
|
||||
cat "$2" | while true; do
|
||||
read name || break
|
||||
read gid
|
||||
|
||||
if ! curEnt=$(getent group "$name"); then
|
||||
echo "creating group $name..."
|
||||
groupadd --system \
|
||||
"$name" \
|
||||
${gid:+--gid $gid}
|
||||
else
|
||||
#echo "updating group $name..."
|
||||
oldIFS="$IFS"; IFS=:; set -- $curEnt; IFS="$oldIFS"
|
||||
prevGid=$3
|
||||
if test -n "$gid" -a "$prevGid" != "$gid"; then
|
||||
groupmod "$name" --gid $gid
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
|
||||
cat "$1" | while true; do
|
||||
read name || break
|
||||
read description
|
||||
read uid
|
||||
read group
|
||||
read extraGroups
|
||||
read home
|
||||
read shell
|
||||
read createHome
|
||||
|
||||
if ! curEnt=$(getent passwd "$name"); then
|
||||
echo "creating user $name..."
|
||||
useradd --system \
|
||||
"$name" \
|
||||
--comment "$description" \
|
||||
${uid:+--uid $uid} \
|
||||
--gid "$group" \
|
||||
--groups "$extraGroups" \
|
||||
--home "$home" \
|
||||
--shell "$shell" \
|
||||
${createHome:+--create-home}
|
||||
else
|
||||
#echo "updating user $name..."
|
||||
oldIFS="$IFS"; IFS=:; set -- $curEnt; IFS="$oldIFS"
|
||||
prevUid=$3
|
||||
prevHome=$6
|
||||
# Don't change the UID if it's the same, otherwise usermod
|
||||
# will complain.
|
||||
if test "$prevUid" = "$uid"; then unset uid; fi
|
||||
# Don't change the home directory if it's the same to prevent
|
||||
# unnecessary warnings about logged in users.
|
||||
if test "$prevHome" = "$home"; then unset home; fi
|
||||
usermod \
|
||||
"$name" \
|
||||
--comment "$description" \
|
||||
${uid:+--uid $uid} \
|
||||
--gid "$group" \
|
||||
--groups "$extraGroups" \
|
||||
${home:+--home "$home"} \
|
||||
--shell "$shell"
|
||||
fi
|
||||
done
|
@ -3,10 +3,6 @@
|
||||
source @newActivationScript@
|
||||
|
||||
|
||||
# Create system users and groups.
|
||||
@shell@ @createUsersGroups@ @usersList@ @groupsList@
|
||||
|
||||
|
||||
# Set up Nix.
|
||||
mkdir -p /nix/etc/nix
|
||||
ln -sfn /etc/nix.conf /nix/etc/nix/nix.conf
|
||||
|
@ -2663,36 +2663,6 @@ root ALL=(ALL) SETENV: ALL
|
||||
|
||||
users = {
|
||||
|
||||
extraUsers = mkOption {
|
||||
default = [];
|
||||
example = [
|
||||
{ name = "alice";
|
||||
uid = 1234;
|
||||
description = "Alice";
|
||||
home = "/home/alice";
|
||||
createHome = true;
|
||||
group = "users";
|
||||
extraGroups = ["wheel"];
|
||||
shell = "/bin/sh";
|
||||
}
|
||||
];
|
||||
description = "
|
||||
Additional user accounts to be created automatically by the system.
|
||||
";
|
||||
};
|
||||
|
||||
extraGroups = mkOption {
|
||||
default = [];
|
||||
example = [
|
||||
{ name = "students";
|
||||
gid = 1001;
|
||||
}
|
||||
];
|
||||
description = "
|
||||
Additional groups to be created automatically by the system.
|
||||
";
|
||||
};
|
||||
|
||||
ldap = {
|
||||
|
||||
enable = mkOption {
|
||||
@ -2905,6 +2875,9 @@ root ALL=(ALL) SETENV: ALL
|
||||
# environment
|
||||
(import ../etc/default.nix)
|
||||
|
||||
# users
|
||||
(import ../system/users-groups.nix)
|
||||
|
||||
# newtworking
|
||||
(import ../upstart-jobs/dhclient.nix)
|
||||
|
||||
|
@ -182,9 +182,6 @@ rec {
|
||||
systemPath = config.system.path;
|
||||
|
||||
|
||||
usersGroups = import ./users-groups.nix { inherit pkgs config defaultShell; };
|
||||
|
||||
|
||||
defaultShell = config.system.shell;
|
||||
|
||||
|
||||
@ -208,8 +205,6 @@ rec {
|
||||
pkgs.lib.optional (config.services.xserver.sessionType == "kde") "kcheckpass" ++
|
||||
map ( x : x.program ) config.security.setuidOwners;
|
||||
|
||||
inherit (usersGroups) createUsersGroups usersList groupsList;
|
||||
|
||||
bash = pkgs.bashInteractive;
|
||||
|
||||
adjustSetuidOwner = pkgs.lib.concatStrings (map
|
||||
|
@ -1,8 +1,48 @@
|
||||
{pkgs, config, defaultShell}:
|
||||
{pkgs, config, ...}:
|
||||
|
||||
let ids = import ./ids.nix; in
|
||||
###### interface
|
||||
let
|
||||
inherit (pkgs.lib) mkOption;
|
||||
|
||||
rec {
|
||||
options = {
|
||||
users = {
|
||||
extraUsers = mkOption {
|
||||
default = [];
|
||||
example = [
|
||||
{ name = "alice";
|
||||
uid = 1234;
|
||||
description = "Alice";
|
||||
home = "/home/alice";
|
||||
createHome = true;
|
||||
group = "users";
|
||||
extraGroups = ["wheel"];
|
||||
shell = "/bin/sh";
|
||||
}
|
||||
];
|
||||
description = "
|
||||
Additional user accounts to be created automatically by the system.
|
||||
";
|
||||
};
|
||||
|
||||
extraGroups = mkOption {
|
||||
default = [];
|
||||
example = [
|
||||
{ name = "students";
|
||||
gid = 1001;
|
||||
}
|
||||
];
|
||||
description = "
|
||||
Additional groups to be created automatically by the system.
|
||||
";
|
||||
};
|
||||
};
|
||||
};
|
||||
in
|
||||
|
||||
###### implementation
|
||||
let
|
||||
ids = import ./ids.nix;
|
||||
defaultShell = config.system.shell;
|
||||
|
||||
# User accounts to be created/updated by NixOS.
|
||||
users =
|
||||
@ -93,10 +133,106 @@ rec {
|
||||
|
||||
in map addAttrs (defaultGroups ++ config.users.extraGroups);
|
||||
|
||||
inherit (pkgs.lib) concatStringsSep;
|
||||
|
||||
# Awful hackery necessary to pass the users/groups to the activation script.
|
||||
createUsersGroups = ../helpers/create-users-groups.sh;
|
||||
usersList = pkgs.writeText "users" (pkgs.lib.concatStrings (map (u: "${u.name}\n${u.description}\n${toString u.uid}\n${u.group}\n${toString (pkgs.lib.concatStringsSep "," u.extraGroups)}\n${u.home}\n${u.shell}\n${toString u.createHome}\n") users));
|
||||
groupsList = pkgs.writeText "groups" (pkgs.lib.concatStrings (map (g: "${g.name}\n${toString g.gid}\n") groups));
|
||||
|
||||
serializedUser = u: "${u.name}\n${u.description}\n${toString u.uid}\n${u.group}\n${toString (concatStringsSep "," u.extraGroups)}\n${u.home}\n${u.shell}\n${toString u.createHome}";
|
||||
serializedGroup = g: "${g.name}\n${toString g.gid}";
|
||||
in
|
||||
|
||||
let
|
||||
inherit (pkgs.stringsWithDeps) FullDepEntry;
|
||||
|
||||
activateLib = config.system.activationScripts.lib;
|
||||
in
|
||||
|
||||
{
|
||||
require = [
|
||||
options
|
||||
|
||||
# config.system.activationScripts
|
||||
(import ../system/activate-configuration.nix)
|
||||
];
|
||||
|
||||
system = {
|
||||
activationScripts = {
|
||||
|
||||
users = FullDepEntry ''
|
||||
while true; do
|
||||
read name || break
|
||||
read description
|
||||
read uid
|
||||
read group
|
||||
read extraGroups
|
||||
read home
|
||||
read shell
|
||||
read createHome
|
||||
|
||||
if ! curEnt=$(getent passwd "$name"); then
|
||||
echo "creating user $name..."
|
||||
useradd --system \
|
||||
"$name" \
|
||||
--comment "$description" \
|
||||
''${uid:+--uid $uid} \
|
||||
--gid "$group" \
|
||||
--groups "$extraGroups" \
|
||||
--home "$home" \
|
||||
--shell "$shell" \
|
||||
''${createHome:+--create-home}
|
||||
else
|
||||
#echo "updating user $name..."
|
||||
oldIFS="$IFS"; IFS=:; set -- $curEnt; IFS="$oldIFS"
|
||||
prevUid=$3
|
||||
prevHome=$6
|
||||
# Don't change the UID if it's the same, otherwise usermod
|
||||
# will complain.
|
||||
if test "$prevUid" = "$uid"; then unset uid; fi
|
||||
# Don't change the home directory if it's the same to prevent
|
||||
# unnecessary warnings about logged in users.
|
||||
if test "$prevHome" = "$home"; then unset home; fi
|
||||
usermod \
|
||||
"$name" \
|
||||
--comment "$description" \
|
||||
''${uid:+--uid $uid} \
|
||||
--gid "$group" \
|
||||
--groups "$extraGroups" \
|
||||
''${home:+--home "$home"} \
|
||||
--shell "$shell"
|
||||
fi
|
||||
done <<EndOfUserList
|
||||
${concatStringsSep "\n" (map serializedUser users)}
|
||||
EndOfUserList
|
||||
'' [
|
||||
activateLib.groups
|
||||
];
|
||||
|
||||
groups = FullDepEntry ''
|
||||
while true; do
|
||||
read name || break
|
||||
read gid
|
||||
|
||||
if ! curEnt=$(getent group "$name"); then
|
||||
echo "creating group $name..."
|
||||
groupadd --system \
|
||||
"$name" \
|
||||
''${gid:+--gid $gid}
|
||||
else
|
||||
#echo "updating group $name..."
|
||||
oldIFS="$IFS"; IFS=:; set -- $curEnt; IFS="$oldIFS"
|
||||
prevGid=$3
|
||||
if test -n "$gid" -a "$prevGid" != "$gid"; then
|
||||
groupmod "$name" --gid $gid
|
||||
fi
|
||||
fi
|
||||
done <<EndOfGroupList
|
||||
${concatStringsSep "\n" (map serializedGroup groups)}
|
||||
EndOfGroupList
|
||||
'' [
|
||||
activateLib.rootPasswd
|
||||
activateLib.binsh
|
||||
activateLib.etc
|
||||
activateLib.var
|
||||
];
|
||||
|
||||
};
|
||||
};
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user