mirror of
https://github.com/LnL7/nix-darwin.git
synced 2025-03-16 13:28:16 +00:00
users: add option to configure nixbld users.
This commit is contained in:
Daiderd Jordan
parent
1ba19da50d
commit
4e0ddf3061
2 changed files with 63 additions and 0 deletions
|
|
@ -63,6 +63,7 @@ let
|
||||||
./modules/programs/vim.nix
|
./modules/programs/vim.nix
|
||||||
./modules/programs/zsh
|
./modules/programs/zsh
|
||||||
./modules/users
|
./modules/users
|
||||||
|
./modules/users/nixbld
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
62
modules/users/nixbld/default.nix
Normal file
62
modules/users/nixbld/default.nix
Normal file
|
|
@ -0,0 +1,62 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.users;
|
||||||
|
|
||||||
|
createdGroups = mapAttrsToList (n: v: v.name) cfg.groups;
|
||||||
|
createdUsers = mapAttrsToList (n: v: v.name) cfg.users;
|
||||||
|
|
||||||
|
mkUsers = f: genList (x: f (x + 1)) cfg.nix.nrBuildUsers;
|
||||||
|
|
||||||
|
buildUsers = mkUsers (i: {
|
||||||
|
name = "nixbld${toString i}";
|
||||||
|
uid = 30000 + i;
|
||||||
|
gid = 30000;
|
||||||
|
description = "Nix build user ${toString i}";
|
||||||
|
});
|
||||||
|
|
||||||
|
buildGroups = [{
|
||||||
|
name = "nixbld";
|
||||||
|
gid = 30000;
|
||||||
|
description = "Nix build group for nix-daemon";
|
||||||
|
members = map (v: v.name) buildUsers;
|
||||||
|
}];
|
||||||
|
in
|
||||||
|
|
||||||
|
{
|
||||||
|
options = {
|
||||||
|
users.nix.configureBuildUsers = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = ''
|
||||||
|
Configuration for nixbld group and users.
|
||||||
|
NOTE: This does not work unless knownGroups/knownUsers is set.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
users.nix.nrBuildUsers = mkOption {
|
||||||
|
type = mkOptionType {
|
||||||
|
name = "integer";
|
||||||
|
check = t: isInt t && t > 1;
|
||||||
|
};
|
||||||
|
default = 10;
|
||||||
|
description = "Number of nixbld user accounts created to perform secure concurrent builds.";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = {
|
||||||
|
|
||||||
|
assertions = [
|
||||||
|
{ assertion = elem "nixbld" cfg.knownGroups -> elem "nixbld" createdGroups; message = "refusing to delete group nixbld in users.knownGroups, this would break nix"; }
|
||||||
|
{ assertion = elem "nixbld1" cfg.knownUsers -> elem "nixbld1" createdUsers; message = "refusing to delete user nixbld1 in users.knownUsers, this would break nix"; }
|
||||||
|
{ assertion = cfg.groups ? "nixbld" -> cfg.groups.nixbld.members != []; message = "refusing to remove all members from nixbld group, this would break nix"; }
|
||||||
|
];
|
||||||
|
|
||||||
|
users.groups = mkIf cfg.nix.configureBuildUsers buildGroups;
|
||||||
|
users.users = mkIf cfg.nix.configureBuildUsers buildUsers;
|
||||||
|
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
Loading…
Add table
Reference in a new issue