mirrors/nix-darwin
1
0
Fork 0
mirror of https://github.com/LnL7/nix-darwin.git synced 2024-12-14 11:57:34 +00:00
Code Activity

Merge pull request #1128 from Enzime/push-yxyppuxmyunx

Browse source 
users: remove `users.forceRecreate` option
This commit is contained in:
Emily 2024-10-29 01:38:20 +00:00 committed by GitHub
commit a55c84e06f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 24 additions and 68 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

82
modules/users/default.nix
View file

@ -41,6 +41,10 @@ let
in in
{ {
imports = [
(lib.mkRemovedOptionModule [ "users" "forceRecreate" ] "")
];
options = { options = {
users.knownGroups = mkOption { users.knownGroups = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
@ -85,13 +89,6 @@ in
type = types.attrsOf types.str; type = types.attrsOf types.str;
default = {}; default = {};
}; };
users.forceRecreate = mkOption {
internal = true;
type = types.bool;
default = false;
description = "Remove and recreate existing groups/users.";
};
}; };
config = { config = {
@ -152,33 +149,11 @@ in
fi fi
} }
ensureDeletable() {
# TODO: add `darwin.primaryUser` as well
if [[ "$1" == "$USER" ]]; then
printf >&2 '\e[1;31merror: refusing to delete the user calling `darwin-rebuild` (%s), aborting activation\e[0m\n', "$1"
exit 1
elif [[ "$1" == "root" ]]; then
printf >&2 '\e[1;31merror: refusing to delete `root`, aborting activation\e[0m\n'
exit 1
fi
ensurePerms "$1" delete
}
${concatMapStringsSep "\n" (v: let ${concatMapStringsSep "\n" (v: let
name = lib.escapeShellArg v.name; name = lib.escapeShellArg v.name;
dsclUser = lib.escapeShellArg "/Users/${v.name}"; dsclUser = lib.escapeShellArg "/Users/${v.name}";
in '' in ''
${optionalString cfg.forceRecreate ''
u=$(id -u ${name} 2> /dev/null) || true
if [[ "$u" -eq ${toString v.uid} ]]; then
# TODO: add `darwin.primaryUser` as well
if [[ ${name} != "$USER" && ${name} != "root" ]]; then
ensureDeletable ${name}
fi
fi
''}
u=$(id -u ${name} 2> /dev/null) || true u=$(id -u ${name} 2> /dev/null) || true
if ! [[ -n "$u" && "$u" -ne "${toString v.uid}" ]]; then if ! [[ -n "$u" && "$u" -ne "${toString v.uid}" ]]; then
if [ -z "$u" ]; then if [ -z "$u" ]; then
@ -190,7 +165,7 @@ in
homeDirectory=''${homeDirectory#NFSHomeDirectory: } homeDirectory=''${homeDirectory#NFSHomeDirectory: }
if [[ ${lib.escapeShellArg v.home} != "$homeDirectory" ]]; then if [[ ${lib.escapeShellArg v.home} != "$homeDirectory" ]]; then
printf >&2 '\e[1;31merror: config contains the wrong home directory for %s, aborting activation\e[0m\n' ${name} printf >&2 '\e[1;31merror: config contains the wrong home directory for %s, aborting activation\e[0m\n' ${name}
printf >&2 'nix-darwin does not support changing the home directory of existing users. printf >&2 'nix-darwin does not support changing the home directory of existing users.\n'
printf >&2 '\n' printf >&2 '\n'
printf >&2 'Please set:\n' printf >&2 'Please set:\n'
printf >&2 '\n' printf >&2 '\n'
@ -203,11 +178,22 @@ in
fi fi
'') createdUsers} '') createdUsers}
${concatMapStringsSep "\n" (name: '' ${concatMapStringsSep "\n" (v: let
u=$(id -u ${lib.escapeShellArg name} 2> /dev/null) || true name = lib.escapeShellArg v;
in ''
u=$(id -u ${name} 2> /dev/null) || true
if [ -n "$u" ]; then if [ -n "$u" ]; then
if [ "$u" -gt 501 ]; then if [ "$u" -gt 501 ]; then
ensureDeletable ${lib.escapeShellArg name} # TODO: add `darwin.primaryUser` as well
if [[ ${name} == "$USER" ]]; then
printf >&2 '\e[1;31merror: refusing to delete the user calling `darwin-rebuild` (%s), aborting activation\e[0m\n', ${name}
exit 1
elif [[ ${name} == "root" ]]; then
printf >&2 '\e[1;31merror: refusing to delete `root`, aborting activation\e[0m\n'
exit 1
fi
ensurePerms ${name} delete
fi fi
fi fi
'') deletedUsers} '') deletedUsers}
@ -219,17 +205,6 @@ in
${concatMapStringsSep "\n" (v: let ${concatMapStringsSep "\n" (v: let
dsclGroup = lib.escapeShellArg "/Groups/${v.name}"; dsclGroup = lib.escapeShellArg "/Groups/${v.name}";
in '' in ''
${optionalString cfg.forceRecreate ''
g=$(dscl . -read ${dsclGroup} PrimaryGroupID 2> /dev/null) || true
g=''${g#PrimaryGroupID: }
if [[ "$g" -eq ${toString v.gid} ]]; then
echo "deleting group ${v.name}..." >&2
dscl . -delete ${dsclGroup}
else
echo "warning: existing group '${v.name}' has unexpected gid $g, skipping..." >&2
fi
''}
g=$(dscl . -read ${dsclGroup} PrimaryGroupID 2> /dev/null) || true g=$(dscl . -read ${dsclGroup} PrimaryGroupID 2> /dev/null) || true
g=''${g#PrimaryGroupID: } g=''${g#PrimaryGroupID: }
if [ -z "$g" ]; then if [ -z "$g" ]; then
@ -273,23 +248,6 @@ in
name = lib.escapeShellArg v.name; name = lib.escapeShellArg v.name;
dsclUser = lib.escapeShellArg "/Users/${v.name}"; dsclUser = lib.escapeShellArg "/Users/${v.name}";
in '' in ''
${optionalString cfg.forceRecreate ''
u=$(id -u ${name} 2> /dev/null) || true
if [[ "$u" -eq ${toString v.uid} ]]; then
# TODO: add `darwin.primaryUser` as well
if [[ ${name} == "$SUDO_USER" ]]; then
printf >&2 'warning: not going to recreate the user calling `darwin-rebuild` (%s), skipping...\n' "$SUDO_USER"
elif [[ ${name} == "root" ]]; then
printf >&2 'warning: not going to recreate root, skipping...\n'
else
printf >&2 'deleting user ${v.name}...\n'
dscl . -delete ${dsclUser}
fi
else
echo "warning: existing user '${v.name}' has unexpected uid $u, skipping..." >&2
fi
''}
u=$(id -u ${name} 2> /dev/null) || true u=$(id -u ${name} 2> /dev/null) || true
if [[ -n "$u" && "$u" -ne "${toString v.uid}" ]]; then if [[ -n "$u" && "$u" -ne "${toString v.uid}" ]]; then
echo "warning: existing user '${v.name}' has unexpected uid $u, skipping..." >&2 echo "warning: existing user '${v.name}' has unexpected uid $u, skipping..." >&2
@ -302,7 +260,7 @@ in
"-UID" v.uid "-UID" v.uid
"-GID" v.gid ] "-GID" v.gid ]
++ (lib.optionals (v.description != null) [ "-fullName" v.description ]) ++ (lib.optionals (v.description != null) [ "-fullName" v.description ])
++ (lib.optionals (v.home != null) [ "-home" v.home ]) ++ [ "-home" (if v.home != null then v.home else "/var/empty") ]
++ [ "-shell" (if v.shell != null then shellPath v.shell else "/usr/bin/false") ])} 2> /dev/null ++ [ "-shell" (if v.shell != null then shellPath v.shell else "/usr/bin/false") ])} 2> /dev/null
# We need to check as `sysadminctl -addUser` still exits with exit code 0 when there's an error # We need to check as `sysadminctl -addUser` still exits with exit code 0 when there's an error

8
modules/users/user.nix
View file

@ -58,11 +58,9 @@
description = '' description = ''
The user's home directory. This defaults to `null`. The user's home directory. This defaults to `null`.
When this is set to `null`, the value is managed by macOS instead of When this is set to `null`, if the user has not been created yet,
`nix-darwin`. This means if the user has not been created yet, they will be created with the home directory `/var/empty` to match
`sysadminctl` will be called without the `-home` flag which means the the old default.
user will have a default home directory of `/Users/<name>` which will
be created by `sysadminctl`.
''; '';
}; };

2
tests/users-groups.nix
View file

@ -51,7 +51,7 @@
grep "sysadminctl -addUser ${lib.escapeShellArgs [ "foo" "-UID" 42000 "-GID" 42000 "-fullName" "Foo user" "-home" "/Users/foo" "-shell" "/run/current-system/sw/bin/bash" ]}" ${config.out}/activate grep "sysadminctl -addUser ${lib.escapeShellArgs [ "foo" "-UID" 42000 "-GID" 42000 "-fullName" "Foo user" "-home" "/Users/foo" "-shell" "/run/current-system/sw/bin/bash" ]}" ${config.out}/activate
grep "createhomedir -cu ${lib.escapeShellArg "foo"}" ${config.out}/activate grep "createhomedir -cu ${lib.escapeShellArg "foo"}" ${config.out}/activate
grep "sysadminctl -addUser ${lib.escapeShellArgs [ "created.user" "-UID" 42001 ]} .* ${lib.escapeShellArgs [ "-shell" "/usr/bin/false" ] }" ${config.out}/activate grep "sysadminctl -addUser ${lib.escapeShellArgs [ "created.user" "-UID" 42001 ]} .* ${lib.escapeShellArgs [ "-shell" "/usr/bin/false" ] }" ${config.out}/activate
(! grep "sysadminctl -addUser ${lib.escapeShellArg "created.user"} .* -home" ${config.out}/activate) grep "sysadminctl -addUser ${lib.escapeShellArg "created.user"} .* ${lib.escapeShellArgs [ "-home" "/var/empty" ]}" ${config.out}/activate
(! grep "dscl . -delete ${lib.escapeShellArg "/Users/created.user"}" ${config.out}/activate) (! grep "dscl . -delete ${lib.escapeShellArg "/Users/created.user"}" ${config.out}/activate)
(! grep "dscl . -delete ${lib.escapeShellArg "/Groups/created.user"}" ${config.out}/activate) (! grep "dscl . -delete ${lib.escapeShellArg "/Groups/created.user"}" ${config.out}/activate)