mirrors/nix-darwin
1
0
Fork 0
mirror of https://github.com/LnL7/nix-darwin.git synced 2024-12-14 11:57:34 +00:00
Code Activity

users: allow shell to be managed by macOS

Browse source
This commit is contained in:
Michael Hoang 2024-10-25 01:16:19 +11:00
parent 3712ff78cc
commit dc6f754fe5
4 changed files with 24 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
modules/system/shells.nix
View file

@ -14,9 +14,15 @@ in
example = literalExpression "[ pkgs.bashInteractive pkgs.zsh ]"; example = literalExpression "[ pkgs.bashInteractive pkgs.zsh ]";
description = '' description = ''
A list of permissible login shells for user accounts. A list of permissible login shells for user accounts.
No need to mention `/bin/sh`
and other shells that are available by default on The default macOS shells will be automatically included:
macOS. - /bin/bash
- /bin/csh
- /bin/dash
- /bin/ksh
- /bin/sh
- /bin/tcsh
- /bin/zsh
''; '';
apply = map (v: if types.shellPackage.check v then "/run/current-system/sw${v.shellPath}" else v); apply = map (v: if types.shellPackage.check v then "/run/current-system/sw${v.shellPath}" else v);
}; };

4
modules/users/default.nix
View file

@ -242,7 +242,7 @@ in
"-GID" v.gid ] "-GID" v.gid ]
++ (lib.optionals (v.description != null) [ "-fullName" v.description ]) ++ (lib.optionals (v.description != null) [ "-fullName" v.description ])
++ (lib.optionals (v.home != null) [ "-home" v.home ]) ++ (lib.optionals (v.home != null) [ "-home" v.home ])
++ [ "-shell" (shellPath v.shell) ])} 2> /dev/null ++ [ "-shell" (if v.shell != null then shellPath v.shell else "/usr/bin/false") ])} 2> /dev/null
# We need to check as `sysadminctl -addUser` still exits with exit code 0 when there's an error # We need to check as `sysadminctl -addUser` still exits with exit code 0 when there's an error
if ! id ${name} &> /dev/null; then if ! id ${name} &> /dev/null; then
@ -260,7 +260,7 @@ in
# Update properties on known users to keep them inline with configuration # Update properties on known users to keep them inline with configuration
dscl . -create ${dsclUser} PrimaryGroupID ${toString v.gid} dscl . -create ${dsclUser} PrimaryGroupID ${toString v.gid}
${optionalString (v.description != null) "dscl . -create ${dsclUser} RealName ${lib.escapeShellArg v.description}"} ${optionalString (v.description != null) "dscl . -create ${dsclUser} RealName ${lib.escapeShellArg v.description}"}
dscl . -create ${dsclUser} UserShell ${lib.escapeShellArg (shellPath v.shell)} ${optionalString (v.shell != null) "dscl . -create ${dsclUser} UserShell ${lib.escapeShellArg (shellPath v.shell)}"}
fi fi
'') createdUsers} '') createdUsers}

13
modules/users/user.nix
View file

@ -73,10 +73,17 @@
}; };
shell = mkOption { shell = mkOption {
type = types.either types.shellPackage types.path; type = types.nullOr (types.either types.shellPackage types.path);
default = "/usr/bin/false"; default = null;
example = literalExpression "pkgs.bashInteractive"; example = literalExpression "pkgs.bashInteractive";
description = "The user's shell."; description = ''
The user's shell. This defaults to `null`.
When this is set to `null`, if the user has not been created yet,
they will be created with the shell `/usr/bin/false` to prevent
interactive login. If the user already exists, the value is
considered managed by macOS and `nix-darwin` will not change it.
'';
}; };
packages = mkOption { packages = mkOption {

4
tests/users-groups.nix
View file

@ -21,6 +21,7 @@
users.users."created.user".uid = 42001; users.users."created.user".uid = 42001;
users.users."created.user".description = null; users.users."created.user".description = null;
users.users."created.user".home = null; users.users."created.user".home = null;
users.users."created.user".shell = null;
users.users."unknown.user".uid = 42002; users.users."unknown.user".uid = 42002;
@ -49,7 +50,7 @@
# checking user creation in /activate # checking user creation in /activate
grep "sysadminctl -addUser ${lib.escapeShellArgs [ "foo" "-UID" 42000 "-GID" 42000 "-fullName" "Foo user" "-home" "/Users/foo" "-shell" "/run/current-system/sw/bin/bash" ]}" ${config.out}/activate grep "sysadminctl -addUser ${lib.escapeShellArgs [ "foo" "-UID" 42000 "-GID" 42000 "-fullName" "Foo user" "-home" "/Users/foo" "-shell" "/run/current-system/sw/bin/bash" ]}" ${config.out}/activate
grep "createhomedir -cu ${lib.escapeShellArg "foo"}" ${config.out}/activate grep "createhomedir -cu ${lib.escapeShellArg "foo"}" ${config.out}/activate
grep "sysadminctl -addUser ${lib.escapeShellArgs [ "created.user" "-UID" 42001 ]} .* ${lib.escapeShellArgs [ "-shell" "/usr/bin/false" ]}" ${config.out}/activate grep "sysadminctl -addUser ${lib.escapeShellArgs [ "created.user" "-UID" 42001 ]} .* ${lib.escapeShellArgs [ "-shell" "/usr/bin/false" ] }" ${config.out}/activate
(! grep "sysadminctl -addUser ${lib.escapeShellArg "created.user"} .* -home" ${config.out}/activate) (! grep "sysadminctl -addUser ${lib.escapeShellArg "created.user"} .* -home" ${config.out}/activate)
(! grep "deleteUser ${lib.escapeShellArg "created.user"}" ${config.out}/activate) (! grep "deleteUser ${lib.escapeShellArg "created.user"}" ${config.out}/activate)
(! grep "dscl . -delete ${lib.escapeShellArg "/Groups/created.user"}" ${config.out}/activate) (! grep "dscl . -delete ${lib.escapeShellArg "/Groups/created.user"}" ${config.out}/activate)
@ -63,6 +64,7 @@
# checking user properties that are null don't get updated in /activate # checking user properties that are null don't get updated in /activate
(! grep "dscl . -create ${lib.escapeShellArg "/Users/created.user"} RealName" ${config.out}/activate) (! grep "dscl . -create ${lib.escapeShellArg "/Users/created.user"} RealName" ${config.out}/activate)
(! grep "dscl . -create ${lib.escapeShellArg "/Users/created.user"} UserShell" ${config.out}/activate)
# checking user deletion in /activate # checking user deletion in /activate
grep "deleteUser ${lib.escapeShellArg "deleted.user"}" ${config.out}/activate grep "deleteUser ${lib.escapeShellArg "deleted.user"}" ${config.out}/activate