Simplify the credentials configuration step

2020-07-18 16:30:11 +02:00 · 2020-07-18 16:30:11 +02:00 · 9e3c25c775
parent a476bcf809
commit 9e3c25c775
9 changed files with 43 additions and 8 deletions
--- a/nixproc/create-managed-process/agnostic/generate-docker-container.nix
+++ b/nixproc/create-managed-process/agnostic/generate-docker-container.nix
@ -73,7 +73,9 @@ let
    path = basePackages ++ path;
  };

-  credentialsSpec = if credentials == {} || forceDisableUserChange then null else createCredentials credentials;
+  credentialsSpec = credentialsSpec = util.createCredentialsOrNull {
+    inherit createCredentials credentials forceDisableUserChange;
+  };

  _user = util.determineUser {
    inherit user forceDisableUserChange;
--- a/nixproc/create-managed-process/bsdrc/create-bsdrc-script.nix
+++ b/nixproc/create-managed-process/bsdrc/create-bsdrc-script.nix
@ -228,7 +228,9 @@ let
    '';
  };

-  credentialsSpec = if credentials == {} || forceDisableUserChange then null else createCredentials credentials;
+  credentialsSpec = util.createCredentialsOrNull {
+    inherit createCredentials credentials forceDisableUserChange;
+  };
 in
 stdenv.mkDerivation {
  inherit name;
--- a/nixproc/create-managed-process/disnix/create-process-script.nix
+++ b/nixproc/create-managed-process/disnix/create-process-script.nix
@ -9,7 +9,9 @@
 }:

 let
-  credentialsSpec = if credentials == {} || forceDisableUserChange then null else createCredentials credentials;
+  credentialsSpec = credentialsSpec = util.createCredentialsOrNull {
+    inherit createCredentials credentials forceDisableUserChange;
+  };
 in
 stdenv.mkDerivation {
  inherit name;
--- a/nixproc/create-managed-process/launchd/create-launchd-daemon.nix
+++ b/nixproc/create-managed-process/launchd/create-launchd-daemon.nix
@ -88,7 +88,9 @@ let
    '';
  };

-  credentialsSpec = if credentials == {} || forceDisableUserChange then null else createCredentials credentials;
+  credentialsSpec = util.createCredentialsOrNull {
+    inherit createCredentials credentials forceDisableUserChange;
+  };
 in
 stdenv.mkDerivation {
  inherit name;
--- a/nixproc/create-managed-process/supervisord/create-supervisord-program.nix
+++ b/nixproc/create-managed-process/supervisord/create-supervisord-program.nix
@ -63,7 +63,9 @@ let
      ) (builtins.attrNames properties);
  };

-  credentialsSpec = if credentials == {} || forceDisableUserChange then null else createCredentials credentials;
+  credentialsSpec = util.createCredentialsOrNull {
+    inherit createCredentials credentials forceDisableUserChange;
+  };
 in
 stdenv.mkDerivation {
  inherit name priority;
--- a/nixproc/create-managed-process/systemd/create-systemd-service.nix
+++ b/nixproc/create-managed-process/systemd/create-systemd-service.nix
@ -100,7 +100,9 @@ let
    '';
  };

-  credentialsSpec = if credentials == {} || forceDisableUserChange then null else createCredentials credentials;
+  credentialsSpec = util.createCredentialsOrNull {
+    inherit createCredentials credentials forceDisableUserChange;
+  };
 in
 stdenv.mkDerivation {
  name = "${prefix}${name}";
--- a/nixproc/create-managed-process/sysvinit/create-sysvinit-script.nix
+++ b/nixproc/create-managed-process/sysvinit/create-sysvinit-script.nix
@ -240,7 +240,9 @@ let
    if number < 10 then "0${toString number}"
    else toString number;

-  credentialsSpec = if credentials == {} || forceDisableUserChange then null else createCredentials credentials;
+  credentialsSpec = util.createCredentialsOrNull {
+    inherit createCredentials credentials forceDisableUserChange;
+  };
 in
 stdenv.mkDerivation {
  inherit name;
--- a/nixproc/create-managed-process/util/default.nix
+++ b/nixproc/create-managed-process/util/default.nix
@ -77,4 +77,11 @@ rec {
    in
    if user == null then invocation
    else "${su} ${user} -c ${lib.escapeShellArgs [ invocation ]}";
+
+  /*
+   * Creates credential configuration files for users and groups, or returns
+   * null if user changing was disabled.
+   */
+  createCredentialsOrNull = {createCredentials, credentials, forceDisableUserChange}:
+    if credentials == {} || forceDisableUserChange then null else createCredentials credentials;
 }
--- a/tests/webapps-agnostic-supervisord.nix
+++ b/tests/webapps-agnostic-supervisord.nix
@ -25,6 +25,11 @@ let
    exprFile = ../examples/webapps-agnostic/processes.nix;
  };

+  processesEnvAutoUnprivileged = import ../nixproc/create-managed-process/supervisord/build-supervisord-env.nix {
+    exprFile = ../examples/webapps-agnostic/processes.nix;
+    forceDisableUserChange = true;
+  };
+
  processesEnvAdvanced = import ../nixproc/create-managed-process/supervisord/build-supervisord-env.nix {
    exprFile = ../examples/webapps-agnostic/processes-advanced.nix;
  };
@ -44,7 +49,16 @@ makeTest {
    {pkgs, ...}:

    {
-      virtualisation.pathsInNixDB = [ pkgs.stdenv ] ++ pkgs.coreutils.all ++ [ supervisordProcessEnv processesEnvForeground processesEnvDaemon processesEnvAuto processesEnvAdvanced processesEnvEmpty ];
+      virtualisation.pathsInNixDB = [ pkgs.stdenv ] ++ pkgs.coreutils.all ++ [
+        supervisordProcessEnv
+        processesEnvForeground
+        processesEnvDaemon
+        processesEnvAuto
+        processesEnvAutoUnprivileged
+        processesEnvAdvanced
+        processesEnvEmpty
+      ];
+
      virtualisation.writableStore = true;
      virtualisation.memorySize = 1024;