users: add support for group members

Unlike user options this is updated if the group already exists.
2025-03-30 19:54:43 +00:00 · 2018-01-14 13:26:18 +01:00 · 2018-01-14 13:26:18 +01:00 · b1645201f1
commit b1645201f1
parent f0e4aabb78
2 changed files with 24 additions and 9 deletions
--- a/modules/users/default.nix
+++ b/modules/users/default.nix
@ -8,6 +8,8 @@ let
  group = import ./group.nix;
  user = import ./user.nix;

+  toArguments = concatMapStringsSep " " (v: "'${v}'");
+
  isCreated = list: name: elem name list;
  isDeleted = attrs: name: ! elem name (mapAttrsToList (n: v: v.name) attrs);

@ -56,10 +58,17 @@ in
          echo "creating group ${v.name}..." >&2
          dscl . -create '/Groups/${v.name}' PrimaryGroupID ${toString v.gid}
          dscl . -create '/Groups/${v.name}' RealName '${v.description}'
-        else
-          if [ "$g" -ne ${toString v.gid} ]; then
-            echo "[1;31mwarning: existing group '${v.name}' has unexpected gid $g, skipping...[0m" >&2
+          g=${toString v.gid}
+        fi
+
+        if [ "$g" -eq ${toString v.gid} ]; then
+          g=$(dscl . -read '/Groups/${v.name}' GroupMembership 2> /dev/null) || true
+          if [ "$g" != 'GroupMembership: ${concatStringsSep " " v.members}' ]; then
+            echo "updating group members ${v.name}..." >&2
+            dscl . -create '/Groups/${v.name}' GroupMembership ${toArguments v.members}
          fi
+        else
+          echo "[1;31mwarning: existing group '${v.name}' has unexpected gid $g, skipping...[0m" >&2
        fi
      '') createdGroups}

--- a/modules/users/group.nix
+++ b/modules/users/group.nix
@ -4,6 +4,14 @@ with lib;

 {
  options = {
+    name = mkOption {
+      type = types.str;
+      description = ''
+        The group's name. If undefined, the name of the attribute set
+        will be used.
+      '';
+    };
+
    gid = mkOption {
      type = mkOptionType {
        name = "gid";
@ -12,12 +20,10 @@ with lib;
      description = "The group's GID.";
    };

-    name = mkOption {
-      type = types.str;
-      description = ''
-        The group's name. If undefined, the name of the attribute set
-        will be used.
-      '';
+    members = mkOption {
+      type = types.listOf types.string;
+      default = [];
+      description = "The group's members.";
    };

    description = mkOption {