From 32814a6eb1de3b564ff43e5b6453637b1eb25721 Mon Sep 17 00:00:00 2001
From: Michael Hoang <enzime@users.noreply.github.com>
Date: Fri, 1 Nov 2024 00:38:47 +1100
Subject: [PATCH] users: replace runtime check to prevent deleting `root` with
 assertion

This fixes SC2050 as `${name} == "root"` will be generated as a constant
expression.
---
 modules/users/default.nix | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/modules/users/default.nix b/modules/users/default.nix
index d15deac6..4044732c 100644
--- a/modules/users/default.nix
+++ b/modules/users/default.nix
@@ -99,6 +99,10 @@ in
         assertion = cfg.users ? root -> (cfg.users.root.home == null || cfg.users.root.home == "/var/root");
         message = "`users.users.root.home` must be set to either `null` or `/var/root`.";
       }
+      {
+        assertion = !builtins.elem "root" deletedUsers;
+        message = "Remove `root` from `users.knownUsers` if you no longer want nix-darwin to manage it.";
+      }
     ];
 
     users.gids = mkMerge gids;
@@ -194,9 +198,6 @@ in
               # shellcheck disable=SC2016
               printf >&2 '\e[1;31merror: refusing to delete the user calling `darwin-rebuild` (%s), aborting activation\e[0m\n', ${name}
               exit 1
-            elif [[ ${name} == "root" ]]; then
-              printf >&2 '\e[1;31merror: refusing to delete `root`, aborting activation\e[0m\n'
-              exit 1
             fi
 
             ensurePerms ${name} delete