Get rid of createCredentials wrapper, create config files for users that require home directories even when forceDisableUserChange is enabled

examples/services-agnostic/influxdb.nix

@@ -12,9 +12,6 @@ createManagedProcess {
   inherit instanceName user postInstall;
   foregroundProcess = "${influxdb}/bin/influxd";
   args = [ "-config" configFile ];
-  initialize = ''
-    mkdir -p ${influxdbStateDir}
-  '';
 
   credentials = {
     groups = {

examples/webapps-sysvinit/constructors.nix

@@ -15,7 +15,7 @@ let
 
     createCredentials = import ../../nixproc/create-credentials {
       inherit (pkgs) stdenv;
-      inherit ids;
+      inherit ids forceDisableUserChange;
     };
 
     initFunctions = import ../../nixproc/create-managed-process/sysvinit/init-functions.nix {

nixproc/create-credentials/default.nix

@@ -1,28 +1,30 @@
-{stdenv, ids ? {}}:
-{groups, users}:
+{stdenv, ids ? {}, forceDisableUserChange}:
+{groups ? {}, users ? {}}:
 
 stdenv.mkDerivation {
   name = "credentials";
   buildCommand = ''
-    mkdir -p $out/dysnomia-support/groups
+    ${stdenv.lib.optionalString (!forceDisableUserChange && groups != {}) ''
+      mkdir -p $out/dysnomia-support/groups
 
-    ${stdenv.lib.concatMapStrings (groupname:
-      let
-        group = builtins.getAttr groupname groups;
-      in
-      ''
-        ${stdenv.lib.optionalString (ids ? gids && builtins.hasAttr groupname ids.gids) ''echo "gid=${toString ids.gids."${groupname}"}" > $out/dysnomia-support/groups/${groupname}''}
+      ${stdenv.lib.concatMapStrings (groupname:
+        let
+          group = builtins.getAttr groupname groups;
+        in
+        ''
+          ${stdenv.lib.optionalString (ids ? gids && builtins.hasAttr groupname ids.gids) ''echo "gid=${toString ids.gids."${groupname}"}" > $out/dysnomia-support/groups/${groupname}''}
 
-        cat >> $out/dysnomia-support/groups/${groupname} <<EOF
-        ${stdenv.lib.concatMapStrings (propertyName:
-          let
-            value = builtins.getAttr propertyName group;
-          in
-          "${propertyName}=${stdenv.lib.escapeShellArg value}\n"
-        ) (builtins.attrNames group)}
-        EOF
-      ''
-    ) (builtins.attrNames groups)}
+          cat >> $out/dysnomia-support/groups/${groupname} <<EOF
+          ${stdenv.lib.concatMapStrings (propertyName:
+            let
+              value = builtins.getAttr propertyName group;
+            in
+            "${propertyName}=${stdenv.lib.escapeShellArg value}\n"
+          ) (builtins.attrNames group)}
+          EOF
+        ''
+      ) (builtins.attrNames groups)}
+    ''}
 
     mkdir -p $out/dysnomia-support/users
 
@@ -30,7 +32,16 @@ stdenv.mkDerivation {
       let
         user = builtins.getAttr username users;
       in
+      # If we force disable user changes, we should still create the desired home directory, if applicable
+      if forceDisableUserChange then stdenv.lib.optionalString (user ? createHomeDir && user.createHomeDir) ''
+        cat > $out/dysnomia-support/users/${username} <<EOF
+        homeDir=${user.homeDir}
+        createHomeDir=1
+        createHomeDirOnly=1
+        EOF
       ''
+      # Regular user creation configuration
+      else ''
         ${stdenv.lib.optionalString (ids ? uids && builtins.hasAttr username ids.uids) ''echo "uid=${toString ids.uids."${username}"}" > $out/dysnomia-support/users/${username}''}
 
         cat >> $out/dysnomia-support/users/${username} <<EOF
@@ -43,5 +54,8 @@ stdenv.mkDerivation {
         EOF
       ''
     ) (builtins.attrNames users)}
+
+    # If we end up having no user configurations, then delete the empty folder
+    rmdir --ignore-fail-on-non-empty $out/dysnomia-support/users
   '';
 }

nixproc/create-managed-process/agnostic/create-managed-process-universal.nix

@@ -10,7 +10,7 @@ let
 
   createCredentials = import ../../create-credentials {
     inherit (pkgs) stdenv;
-    inherit ids;
+    inherit ids forceDisableUserChange;
   };
 
   createSystemVInitScript = import ../sysvinit/create-sysvinit-script.nix {

nixproc/create-managed-process/agnostic/generate-docker-container.nix

@@ -75,9 +75,7 @@ let
     path = basePackages ++ path ++ [ "/" ]; # Also give permission to /bin to allow any package added to contents can be used
   };
 
-  credentialsSpec = util.createCredentialsOrNull {
-    inherit createCredentials credentials forceDisableUserChange;
-  };
+  credentialsSpec = createCredentials credentials;
 
   _user = util.determineUser {
     inherit user forceDisableUserChange;

nixproc/create-managed-process/bsdrc/create-bsdrc-script.nix

@@ -247,9 +247,7 @@ let
     '';
   };
 
-  credentialsSpec = util.createCredentialsOrNull {
-    inherit createCredentials credentials forceDisableUserChange;
-  };
+  credentialsSpec = createCredentials credentials;
 in
 stdenv.mkDerivation {
   inherit name;
@@ -258,10 +256,7 @@ stdenv.mkDerivation {
     mkdir -p $out/etc/rc.d
     cd $out/etc/rc.d
     ln -s ${rcScript} ${name}
-
-    ${stdenv.lib.optionalString (credentialsSpec != null) ''
-      ln -s ${credentialsSpec}/dysnomia-support $out/dysnomia-support
-    ''}
+    ln -s ${credentialsSpec}/dysnomia-support $out/dysnomia-support
 
     cd $TMPDIR
     ${postInstall}

nixproc/create-managed-process/disnix/create-process-script.nix

@@ -9,13 +9,7 @@
 }:
 
 let
-  util = import ../util {
-    inherit (stdenv) lib;
-  };
-
-  credentialsSpec = util.createCredentialsOrNull {
-    inherit createCredentials credentials forceDisableUserChange;
-  };
+  credentialsSpec = createCredentials credentials;
 in
 stdenv.mkDerivation {
   inherit name;
@@ -26,9 +20,7 @@ stdenv.mkDerivation {
     ${stdenv.lib.optionalString (pidFile != null) "pidFile=${pidFile}"}
     EOF
 
-    ${stdenv.lib.optionalString (credentialsSpec != null) ''
-      ln -s ${credentialsSpec}/dysnomia-support $out/dysnomia-support
-    ''}
+    ln -s ${credentialsSpec}/dysnomia-support $out/dysnomia-support
 
     ${postInstall}
   '';

nixproc/create-managed-process/launchd/create-launchd-daemon.nix

@@ -88,19 +88,14 @@ let
     '';
   };
 
-  credentialsSpec = util.createCredentialsOrNull {
-    inherit createCredentials credentials forceDisableUserChange;
-  };
+  credentialsSpec = createCredentials credentials;
 in
 stdenv.mkDerivation {
   inherit name;
   buildCommand = ''
     mkdir -p $out/Library/LaunchDaemons
     ln -s ${launchdDaemonConfig} $out/Library/LaunchDaemons/${label}.plist
-
-    ${stdenv.lib.optionalString (credentialsSpec != null) ''
-      ln -s ${credentialsSpec}/dysnomia-support $out/dysnomia-support
-    ''}
+    ln -s ${credentialsSpec}/dysnomia-support $out/dysnomia-support
 
     ${postInstall}
   '';

nixproc/create-managed-process/supervisord/create-supervisord-program.nix

@@ -63,19 +63,14 @@ let
       ) (builtins.attrNames properties);
   };
 
-  credentialsSpec = util.createCredentialsOrNull {
-    inherit createCredentials credentials forceDisableUserChange;
-  };
+  credentialsSpec = createCredentials credentials;
 in
 stdenv.mkDerivation {
   inherit name priority;
   buildCommand = ''
     mkdir -p $out/conf.d
     ln -s ${confFile} $out/conf.d/${name}.conf
-
-    ${stdenv.lib.optionalString (credentialsSpec != null) ''
-      ln -s ${credentialsSpec}/dysnomia-support $out/dysnomia-support
-    ''}
+    ln -s ${credentialsSpec}/dysnomia-support $out/dysnomia-support
 
     ${postInstall}
   '';

nixproc/create-managed-process/systemd/create-systemd-service.nix

@@ -100,9 +100,7 @@ let
     '';
   };
 
-  credentialsSpec = util.createCredentialsOrNull {
-    inherit createCredentials credentials forceDisableUserChange;
-  };
+  credentialsSpec = createCredentials credentials;
 in
 stdenv.mkDerivation {
   name = "${prefix}${name}";
@@ -119,9 +117,7 @@ stdenv.mkDerivation {
       '') dependencies}
     ''}
 
-    ${stdenv.lib.optionalString (credentialsSpec != null) ''
-      ln -s ${credentialsSpec}/dysnomia-support $out/dysnomia-support
-    ''}
+    ln -s ${credentialsSpec}/dysnomia-support $out/dysnomia-support
 
     ${postInstall}
   '';

nixproc/create-managed-process/sysvinit/create-sysvinit-script.nix

@@ -254,9 +254,7 @@ let
     if number < 10 then "0${toString number}"
     else toString number;
 
-  credentialsSpec = util.createCredentialsOrNull {
-    inherit createCredentials credentials forceDisableUserChange;
-  };
+  credentialsSpec = createCredentials credentials;
 in
 stdenv.mkDerivation {
   inherit name;
@@ -280,9 +278,7 @@ stdenv.mkDerivation {
       ln -s ../init.d/${name} rc${toString runlevel}.d/K${sequenceNumberToString stopSequenceNumber}${name}
     '') _defaultStop}
 
-    ${stdenv.lib.optionalString (credentialsSpec != null) ''
-      ln -s ${credentialsSpec}/dysnomia-support $out/dysnomia-support
-    ''}
+    ln -s ${credentialsSpec}/dysnomia-support $out/dysnomia-support
 
     cd $TMPDIR
     ${postInstall}

nixproc/create-managed-process/util/default.nix

@@ -91,11 +91,4 @@ rec {
     in
     if user == null then invocation
     else "${su} ${user} -c ${lib.escapeShellArgs [ invocation ]}";
-
-  /*
-   * Creates credential configuration files for users and groups, or returns
-   * null if user changing was disabled.
-   */
-  createCredentialsOrNull = {createCredentials, credentials, forceDisableUserChange}:
-    if credentials == {} || forceDisableUserChange then null else createCredentials credentials;
 }

tests/webapps-agnostic-systemd-user.nix

@@ -52,12 +52,9 @@ makeTest {
       services.xserver = {
         enable = true;
 
-        displayManager.lightdm = {
+        displayManager.autoLogin = {
           enable = true;
-          autoLogin = {
-            enable = true;
-            user = "unprivileged";
-          };
+          user = "unprivileged";
         };
 
         # Use IceWM as the window manager.