From bd161d61d6f322e1c16543b67b1dbd13934e763c Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Thu, 24 Oct 2024 23:19:27 +1100 Subject: [PATCH] users: allow `home` to be managed by macOS --- modules/users/default.nix | 13 +++++++++++-- modules/users/user.nix | 14 +++++++++++--- tests/users-groups.nix | 2 ++ 3 files changed, 24 insertions(+), 5 deletions(-) diff --git a/modules/users/default.nix b/modules/users/default.nix index f293f779..0b2ffd91 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -236,7 +236,13 @@ in requireFDA ${name} "created" - sysadminctl -addUser ${lib.escapeShellArgs ([ v.name "-UID" v.uid "-GID" v.gid ] ++ (lib.optionals (v.description != null) [ "-fullName" v.description ]) ++ [ "-home" v.home "-shell" (shellPath v.shell) ])} 2> /dev/null + sysadminctl -addUser ${lib.escapeShellArgs ([ + v.name + "-UID" v.uid + "-GID" v.gid ] + ++ (lib.optionals (v.description != null) [ "-fullName" v.description ]) + ++ (lib.optionals (v.home != null) [ "-home" v.home ]) + ++ [ "-shell" (shellPath v.shell) ])} 2> /dev/null # We need to check as `sysadminctl -addUser` still exits with exit code 0 when there's an error if ! id ${name} &> /dev/null; then @@ -245,7 +251,10 @@ in fi dscl . -create ${dsclUser} IsHidden ${if v.isHidden then "1" else "0"} - ${optionalString v.createHome "createhomedir -cu ${name}"} + + # `sysadminctl -addUser` won't create the home directory if we use the `-home` + # flag so we need to do it ourselves + ${optionalString (v.home != null && v.createHome) "createhomedir -cu ${name} > /dev/null"} fi # Update properties on known users to keep them inline with configuration diff --git a/modules/users/user.nix b/modules/users/user.nix index a0c8aab5..b9c97997 100644 --- a/modules/users/user.nix +++ b/modules/users/user.nix @@ -53,9 +53,17 @@ # }; home = mkOption { - type = types.path; - default = "/var/empty"; - description = "The user's home directory."; + type = types.nullOr types.path; + default = null; + description = '' + The user's home directory. This defaults to `null`. + + When this is set to `null`, the value is managed by macOS instead of + `nix-darwin`. This means if the user has not been created yet, + `sysadminctl` will be called without the `-home` flag which means the + user will have a default home directory of `/Users/` which will + be created by `sysadminctl`. + ''; }; createHome = mkOption { diff --git a/tests/users-groups.nix b/tests/users-groups.nix index d06eedd8..8fc435ae 100644 --- a/tests/users-groups.nix +++ b/tests/users-groups.nix @@ -20,6 +20,7 @@ users.users."created.user".uid = 42001; users.users."created.user".description = null; + users.users."created.user".home = null; users.users."unknown.user".uid = 42002; @@ -49,6 +50,7 @@ grep "sysadminctl -addUser ${lib.escapeShellArgs [ "foo" "-UID" 42000 "-GID" 42000 "-fullName" "Foo user" "-home" "/Users/foo" "-shell" "/run/current-system/sw/bin/bash" ]}" ${config.out}/activate grep "createhomedir -cu ${lib.escapeShellArg "foo"}" ${config.out}/activate grep "sysadminctl -addUser ${lib.escapeShellArgs [ "created.user" "-UID" 42001 ]} .* ${lib.escapeShellArgs [ "-shell" "/sbin/nologin" ]}" ${config.out}/activate + (! grep "sysadminctl -addUser ${lib.escapeShellArg "created.user"} .* -home" ${config.out}/activate) (! grep "deleteUser ${lib.escapeShellArg "created.user"}" ${config.out}/activate) (! grep "dscl . -delete ${lib.escapeShellArg "/Groups/created.user"}" ${config.out}/activate)