system/users-groups.nix is now a configuration file.

Remove user & group references from system/system.nix.

svn path=/nixos/branches/fix-style/; revision=13678
This commit is contained in:
Nicolas Pierron 2009-01-02 16:07:01 +00:00
parent 8d5553a4d5
commit 145345c307
5 changed files with 147 additions and 109 deletions

View File

@ -1,62 +0,0 @@
cat "$2" | while true; do
read name || break
read gid
if ! curEnt=$(getent group "$name"); then
echo "creating group $name..."
groupadd --system \
"$name" \
${gid:+--gid $gid}
else
#echo "updating group $name..."
oldIFS="$IFS"; IFS=:; set -- $curEnt; IFS="$oldIFS"
prevGid=$3
if test -n "$gid" -a "$prevGid" != "$gid"; then
groupmod "$name" --gid $gid
fi
fi
done
cat "$1" | while true; do
read name || break
read description
read uid
read group
read extraGroups
read home
read shell
read createHome
if ! curEnt=$(getent passwd "$name"); then
echo "creating user $name..."
useradd --system \
"$name" \
--comment "$description" \
${uid:+--uid $uid} \
--gid "$group" \
--groups "$extraGroups" \
--home "$home" \
--shell "$shell" \
${createHome:+--create-home}
else
#echo "updating user $name..."
oldIFS="$IFS"; IFS=:; set -- $curEnt; IFS="$oldIFS"
prevUid=$3
prevHome=$6
# Don't change the UID if it's the same, otherwise usermod
# will complain.
if test "$prevUid" = "$uid"; then unset uid; fi
# Don't change the home directory if it's the same to prevent
# unnecessary warnings about logged in users.
if test "$prevHome" = "$home"; then unset home; fi
usermod \
"$name" \
--comment "$description" \
${uid:+--uid $uid} \
--gid "$group" \
--groups "$extraGroups" \
${home:+--home "$home"} \
--shell "$shell"
fi
done

View File

@ -3,10 +3,6 @@
source @newActivationScript@
# Create system users and groups.
@shell@ @createUsersGroups@ @usersList@ @groupsList@
# Set up Nix.
mkdir -p /nix/etc/nix
ln -sfn /etc/nix.conf /nix/etc/nix/nix.conf

View File

@ -2663,36 +2663,6 @@ root ALL=(ALL) SETENV: ALL
users = {
extraUsers = mkOption {
default = [];
example = [
{ name = "alice";
uid = 1234;
description = "Alice";
home = "/home/alice";
createHome = true;
group = "users";
extraGroups = ["wheel"];
shell = "/bin/sh";
}
];
description = "
Additional user accounts to be created automatically by the system.
";
};
extraGroups = mkOption {
default = [];
example = [
{ name = "students";
gid = 1001;
}
];
description = "
Additional groups to be created automatically by the system.
";
};
ldap = {
enable = mkOption {
@ -2905,6 +2875,9 @@ root ALL=(ALL) SETENV: ALL
# environment
(import ../etc/default.nix)
# users
(import ../system/users-groups.nix)
# newtworking
(import ../upstart-jobs/dhclient.nix)

View File

@ -182,9 +182,6 @@ rec {
systemPath = config.system.path;
usersGroups = import ./users-groups.nix { inherit pkgs config defaultShell; };
defaultShell = config.system.shell;
@ -208,8 +205,6 @@ rec {
pkgs.lib.optional (config.services.xserver.sessionType == "kde") "kcheckpass" ++
map ( x : x.program ) config.security.setuidOwners;
inherit (usersGroups) createUsersGroups usersList groupsList;
bash = pkgs.bashInteractive;
adjustSetuidOwner = pkgs.lib.concatStrings (map

View File

@ -1,8 +1,48 @@
{pkgs, config, defaultShell}:
{pkgs, config, ...}:
let ids = import ./ids.nix; in
###### interface
let
inherit (pkgs.lib) mkOption;
rec {
options = {
users = {
extraUsers = mkOption {
default = [];
example = [
{ name = "alice";
uid = 1234;
description = "Alice";
home = "/home/alice";
createHome = true;
group = "users";
extraGroups = ["wheel"];
shell = "/bin/sh";
}
];
description = "
Additional user accounts to be created automatically by the system.
";
};
extraGroups = mkOption {
default = [];
example = [
{ name = "students";
gid = 1001;
}
];
description = "
Additional groups to be created automatically by the system.
";
};
};
};
in
###### implementation
let
ids = import ./ids.nix;
defaultShell = config.system.shell;
# User accounts to be created/updated by NixOS.
users =
@ -93,10 +133,106 @@ rec {
in map addAttrs (defaultGroups ++ config.users.extraGroups);
inherit (pkgs.lib) concatStringsSep;
# Awful hackery necessary to pass the users/groups to the activation script.
createUsersGroups = ../helpers/create-users-groups.sh;
usersList = pkgs.writeText "users" (pkgs.lib.concatStrings (map (u: "${u.name}\n${u.description}\n${toString u.uid}\n${u.group}\n${toString (pkgs.lib.concatStringsSep "," u.extraGroups)}\n${u.home}\n${u.shell}\n${toString u.createHome}\n") users));
groupsList = pkgs.writeText "groups" (pkgs.lib.concatStrings (map (g: "${g.name}\n${toString g.gid}\n") groups));
serializedUser = u: "${u.name}\n${u.description}\n${toString u.uid}\n${u.group}\n${toString (concatStringsSep "," u.extraGroups)}\n${u.home}\n${u.shell}\n${toString u.createHome}";
serializedGroup = g: "${g.name}\n${toString g.gid}";
in
let
inherit (pkgs.stringsWithDeps) FullDepEntry;
activateLib = config.system.activationScripts.lib;
in
{
require = [
options
# config.system.activationScripts
(import ../system/activate-configuration.nix)
];
system = {
activationScripts = {
users = FullDepEntry ''
while true; do
read name || break
read description
read uid
read group
read extraGroups
read home
read shell
read createHome
if ! curEnt=$(getent passwd "$name"); then
echo "creating user $name..."
useradd --system \
"$name" \
--comment "$description" \
''${uid:+--uid $uid} \
--gid "$group" \
--groups "$extraGroups" \
--home "$home" \
--shell "$shell" \
''${createHome:+--create-home}
else
#echo "updating user $name..."
oldIFS="$IFS"; IFS=:; set -- $curEnt; IFS="$oldIFS"
prevUid=$3
prevHome=$6
# Don't change the UID if it's the same, otherwise usermod
# will complain.
if test "$prevUid" = "$uid"; then unset uid; fi
# Don't change the home directory if it's the same to prevent
# unnecessary warnings about logged in users.
if test "$prevHome" = "$home"; then unset home; fi
usermod \
"$name" \
--comment "$description" \
''${uid:+--uid $uid} \
--gid "$group" \
--groups "$extraGroups" \
''${home:+--home "$home"} \
--shell "$shell"
fi
done <<EndOfUserList
${concatStringsSep "\n" (map serializedUser users)}
EndOfUserList
'' [
activateLib.groups
];
groups = FullDepEntry ''
while true; do
read name || break
read gid
if ! curEnt=$(getent group "$name"); then
echo "creating group $name..."
groupadd --system \
"$name" \
''${gid:+--gid $gid}
else
#echo "updating group $name..."
oldIFS="$IFS"; IFS=:; set -- $curEnt; IFS="$oldIFS"
prevGid=$3
if test -n "$gid" -a "$prevGid" != "$gid"; then
groupmod "$name" --gid $gid
fi
fi
done <<EndOfGroupList
${concatStringsSep "\n" (map serializedGroup groups)}
EndOfGroupList
'' [
activateLib.rootPasswd
activateLib.binsh
activateLib.etc
activateLib.var
];
};
};
}