users: update properties on known users

2024-12-14 11:57:34 +00:00 · 2024-10-24 22:58:35 +11:00 · 2024-10-24 22:58:35 +11:00 · c9af5c2d13
commit c9af5c2d13
parent 13816f682d
2 changed files with 16 additions and 2 deletions
--- a/modules/users/default.nix
+++ b/modules/users/default.nix
@ -247,7 +247,10 @@ in
            dscl . -create ${dsclUser} IsHidden ${if v.isHidden then "1" else "0"}
            ${optionalString v.createHome "createhomedir -cu ${name}"}
          fi
-          # Always set the shell path, in case it was updated
+
+          # Update properties on known users to keep them inline with configuration
+          dscl . -create ${dsclUser} PrimaryGroupID ${toString v.gid}
+          ${optionalString (v.description != null) "dscl . -create ${dsclUser} RealName ${lib.escapeShellArg v.description}"}
          dscl . -create ${dsclUser} UserShell ${lib.escapeShellArg (shellPath v.shell)}
        fi
      '') createdUsers}
--- a/tests/users-groups.nix
+++ b/tests/users-groups.nix
@ -19,6 +19,8 @@
  users.users.foo.shell = pkgs.bashInteractive;

  users.users."created.user".uid = 42001;
+  users.users."created.user".description = null;
+
  users.users."unknown.user".uid = 42002;

  test = ''
@ -39,6 +41,7 @@
    grep "dscl . -create ${lib.escapeShellArg "/Groups/created.group"} GroupMembership" ${config.out}/activate

    # checking unknown group in /activate
+    # checking groups not in knownGroups don't appear in /activate
    (! grep "dscl . -create ${lib.escapeShellArg "/Groups/unknown.group"}" ${config.out}/activate)
    (! grep "dscl . -delete ${lib.escapeShellArg "/Groups/unknown.group"}" ${config.out}/activate)

@ -50,15 +53,23 @@
    (! grep "dscl . -delete ${lib.escapeShellArg "/Groups/created.user"}" ${config.out}/activate)

    # checking user properties always get updated in /activate
+    grep "dscl . -create ${lib.escapeShellArg "/Users/foo"} PrimaryGroupID 42000" ${config.out}/activate
+    grep "dscl . -create ${lib.escapeShellArg "/Users/foo"} RealName ${lib.escapeShellArg "Foo user"}" ${config.out}/activate
+    grep "createhomedir -cu ${lib.escapeShellArg "foo"}" ${config.out}/activate
    grep "dscl . -create ${lib.escapeShellArg "/Users/foo"} UserShell ${lib.escapeShellArg "/run/current-system/sw/bin/bash"}" ${config.out}/activate
+    grep "dscl . -create ${lib.escapeShellArg "/Users/foo"} IsHidden 0" ${config.out}/activate
+
+    # checking user properties that are null don't get updated in /activate
+    (! grep "dscl . -create ${lib.escapeShellArg "/Users/created.user"} RealName" ${config.out}/activate)

    # checking user deletion in /activate
    grep "deleteUser ${lib.escapeShellArg "deleted.user"}" ${config.out}/activate
    (! grep "sysadminctl -addUser ${lib.escapeShellArg "deleted.user"}" ${config.out}/activate)

-    # checking unknown user in /activate
+    # checking that users not specified in knownUsers doesn't get changed in /activate
    (! grep "sysadminctl -addUser ${lib.escapeShellArg "unknown.user"}" ${config.out}/activate)
    (! grep "deleteUser ${lib.escapeShellArg "unknown.user"}" ${config.out}/activate)
+    (! grep "dscl . -create ${lib.escapeShellArg "/Users/unknown.user"}" ${config.out}/activate)

    set +v
  '';