From c9af5c2d1394d1bc34f4722998bcd51714ccd68c Mon Sep 17 00:00:00 2001
From: Michael Hoang <enzime@users.noreply.github.com>
Date: Thu, 24 Oct 2024 22:58:35 +1100
Subject: [PATCH] users: update properties on known users

---
 modules/users/default.nix |  5 ++++-
 tests/users-groups.nix    | 13 ++++++++++++-
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/modules/users/default.nix b/modules/users/default.nix
index b636d6fe..f293f779 100644
--- a/modules/users/default.nix
+++ b/modules/users/default.nix
@@ -247,7 +247,10 @@ in
             dscl . -create ${dsclUser} IsHidden ${if v.isHidden then "1" else "0"}
             ${optionalString v.createHome "createhomedir -cu ${name}"}
           fi
-          # Always set the shell path, in case it was updated
+
+          # Update properties on known users to keep them inline with configuration
+          dscl . -create ${dsclUser} PrimaryGroupID ${toString v.gid}
+          ${optionalString (v.description != null) "dscl . -create ${dsclUser} RealName ${lib.escapeShellArg v.description}"}
           dscl . -create ${dsclUser} UserShell ${lib.escapeShellArg (shellPath v.shell)}
         fi
       '') createdUsers}
diff --git a/tests/users-groups.nix b/tests/users-groups.nix
index fa6dcc30..d06eedd8 100644
--- a/tests/users-groups.nix
+++ b/tests/users-groups.nix
@@ -19,6 +19,8 @@
   users.users.foo.shell = pkgs.bashInteractive;
 
   users.users."created.user".uid = 42001;
+  users.users."created.user".description = null;
+
   users.users."unknown.user".uid = 42002;
 
   test = ''
@@ -39,6 +41,7 @@
     grep "dscl . -create ${lib.escapeShellArg "/Groups/created.group"} GroupMembership" ${config.out}/activate
 
     # checking unknown group in /activate
+    # checking groups not in knownGroups don't appear in /activate
     (! grep "dscl . -create ${lib.escapeShellArg "/Groups/unknown.group"}" ${config.out}/activate)
     (! grep "dscl . -delete ${lib.escapeShellArg "/Groups/unknown.group"}" ${config.out}/activate)
 
@@ -50,15 +53,23 @@
     (! grep "dscl . -delete ${lib.escapeShellArg "/Groups/created.user"}" ${config.out}/activate)
 
     # checking user properties always get updated in /activate
+    grep "dscl . -create ${lib.escapeShellArg "/Users/foo"} PrimaryGroupID 42000" ${config.out}/activate
+    grep "dscl . -create ${lib.escapeShellArg "/Users/foo"} RealName ${lib.escapeShellArg "Foo user"}" ${config.out}/activate
+    grep "createhomedir -cu ${lib.escapeShellArg "foo"}" ${config.out}/activate
     grep "dscl . -create ${lib.escapeShellArg "/Users/foo"} UserShell ${lib.escapeShellArg "/run/current-system/sw/bin/bash"}" ${config.out}/activate
+    grep "dscl . -create ${lib.escapeShellArg "/Users/foo"} IsHidden 0" ${config.out}/activate
+
+    # checking user properties that are null don't get updated in /activate
+    (! grep "dscl . -create ${lib.escapeShellArg "/Users/created.user"} RealName" ${config.out}/activate)
 
     # checking user deletion in /activate
     grep "deleteUser ${lib.escapeShellArg "deleted.user"}" ${config.out}/activate
     (! grep "sysadminctl -addUser ${lib.escapeShellArg "deleted.user"}" ${config.out}/activate)
 
-    # checking unknown user in /activate
+    # checking that users not specified in knownUsers doesn't get changed in /activate
     (! grep "sysadminctl -addUser ${lib.escapeShellArg "unknown.user"}" ${config.out}/activate)
     (! grep "deleteUser ${lib.escapeShellArg "unknown.user"}" ${config.out}/activate)
+    (! grep "dscl . -create ${lib.escapeShellArg "/Users/unknown.user"}" ${config.out}/activate)
 
     set +v
   '';