Get rid of createCredentials wrapper, create config files for users that require home directories even when forceDisableUserChange is enabled
This commit is contained in:
parent
43efbd9ca2
commit
e22e76792c
|
@ -12,9 +12,6 @@ createManagedProcess {
|
|||
inherit instanceName user postInstall;
|
||||
foregroundProcess = "${influxdb}/bin/influxd";
|
||||
args = [ "-config" configFile ];
|
||||
initialize = ''
|
||||
mkdir -p ${influxdbStateDir}
|
||||
'';
|
||||
|
||||
credentials = {
|
||||
groups = {
|
||||
|
|
|
@ -15,7 +15,7 @@ let
|
|||
|
||||
createCredentials = import ../../nixproc/create-credentials {
|
||||
inherit (pkgs) stdenv;
|
||||
inherit ids;
|
||||
inherit ids forceDisableUserChange;
|
||||
};
|
||||
|
||||
initFunctions = import ../../nixproc/create-managed-process/sysvinit/init-functions.nix {
|
||||
|
|
|
@ -1,28 +1,30 @@
|
|||
{stdenv, ids ? {}}:
|
||||
{groups, users}:
|
||||
{stdenv, ids ? {}, forceDisableUserChange}:
|
||||
{groups ? {}, users ? {}}:
|
||||
|
||||
stdenv.mkDerivation {
|
||||
name = "credentials";
|
||||
buildCommand = ''
|
||||
mkdir -p $out/dysnomia-support/groups
|
||||
${stdenv.lib.optionalString (!forceDisableUserChange && groups != {}) ''
|
||||
mkdir -p $out/dysnomia-support/groups
|
||||
|
||||
${stdenv.lib.concatMapStrings (groupname:
|
||||
let
|
||||
group = builtins.getAttr groupname groups;
|
||||
in
|
||||
''
|
||||
${stdenv.lib.optionalString (ids ? gids && builtins.hasAttr groupname ids.gids) ''echo "gid=${toString ids.gids."${groupname}"}" > $out/dysnomia-support/groups/${groupname}''}
|
||||
${stdenv.lib.concatMapStrings (groupname:
|
||||
let
|
||||
group = builtins.getAttr groupname groups;
|
||||
in
|
||||
''
|
||||
${stdenv.lib.optionalString (ids ? gids && builtins.hasAttr groupname ids.gids) ''echo "gid=${toString ids.gids."${groupname}"}" > $out/dysnomia-support/groups/${groupname}''}
|
||||
|
||||
cat >> $out/dysnomia-support/groups/${groupname} <<EOF
|
||||
${stdenv.lib.concatMapStrings (propertyName:
|
||||
let
|
||||
value = builtins.getAttr propertyName group;
|
||||
in
|
||||
"${propertyName}=${stdenv.lib.escapeShellArg value}\n"
|
||||
) (builtins.attrNames group)}
|
||||
EOF
|
||||
''
|
||||
) (builtins.attrNames groups)}
|
||||
cat >> $out/dysnomia-support/groups/${groupname} <<EOF
|
||||
${stdenv.lib.concatMapStrings (propertyName:
|
||||
let
|
||||
value = builtins.getAttr propertyName group;
|
||||
in
|
||||
"${propertyName}=${stdenv.lib.escapeShellArg value}\n"
|
||||
) (builtins.attrNames group)}
|
||||
EOF
|
||||
''
|
||||
) (builtins.attrNames groups)}
|
||||
''}
|
||||
|
||||
mkdir -p $out/dysnomia-support/users
|
||||
|
||||
|
@ -30,7 +32,16 @@ stdenv.mkDerivation {
|
|||
let
|
||||
user = builtins.getAttr username users;
|
||||
in
|
||||
# If we force disable user changes, we should still create the desired home directory, if applicable
|
||||
if forceDisableUserChange then stdenv.lib.optionalString (user ? createHomeDir && user.createHomeDir) ''
|
||||
cat > $out/dysnomia-support/users/${username} <<EOF
|
||||
homeDir=${user.homeDir}
|
||||
createHomeDir=1
|
||||
createHomeDirOnly=1
|
||||
EOF
|
||||
''
|
||||
# Regular user creation configuration
|
||||
else ''
|
||||
${stdenv.lib.optionalString (ids ? uids && builtins.hasAttr username ids.uids) ''echo "uid=${toString ids.uids."${username}"}" > $out/dysnomia-support/users/${username}''}
|
||||
|
||||
cat >> $out/dysnomia-support/users/${username} <<EOF
|
||||
|
@ -43,5 +54,8 @@ stdenv.mkDerivation {
|
|||
EOF
|
||||
''
|
||||
) (builtins.attrNames users)}
|
||||
|
||||
# If we end up having no user configurations, then delete the empty folder
|
||||
rmdir --ignore-fail-on-non-empty $out/dysnomia-support/users
|
||||
'';
|
||||
}
|
||||
|
|
|
@ -10,7 +10,7 @@ let
|
|||
|
||||
createCredentials = import ../../create-credentials {
|
||||
inherit (pkgs) stdenv;
|
||||
inherit ids;
|
||||
inherit ids forceDisableUserChange;
|
||||
};
|
||||
|
||||
createSystemVInitScript = import ../sysvinit/create-sysvinit-script.nix {
|
||||
|
|
|
@ -75,9 +75,7 @@ let
|
|||
path = basePackages ++ path ++ [ "/" ]; # Also give permission to /bin to allow any package added to contents can be used
|
||||
};
|
||||
|
||||
credentialsSpec = util.createCredentialsOrNull {
|
||||
inherit createCredentials credentials forceDisableUserChange;
|
||||
};
|
||||
credentialsSpec = createCredentials credentials;
|
||||
|
||||
_user = util.determineUser {
|
||||
inherit user forceDisableUserChange;
|
||||
|
|
|
@ -247,9 +247,7 @@ let
|
|||
'';
|
||||
};
|
||||
|
||||
credentialsSpec = util.createCredentialsOrNull {
|
||||
inherit createCredentials credentials forceDisableUserChange;
|
||||
};
|
||||
credentialsSpec = createCredentials credentials;
|
||||
in
|
||||
stdenv.mkDerivation {
|
||||
inherit name;
|
||||
|
@ -258,10 +256,7 @@ stdenv.mkDerivation {
|
|||
mkdir -p $out/etc/rc.d
|
||||
cd $out/etc/rc.d
|
||||
ln -s ${rcScript} ${name}
|
||||
|
||||
${stdenv.lib.optionalString (credentialsSpec != null) ''
|
||||
ln -s ${credentialsSpec}/dysnomia-support $out/dysnomia-support
|
||||
''}
|
||||
ln -s ${credentialsSpec}/dysnomia-support $out/dysnomia-support
|
||||
|
||||
cd $TMPDIR
|
||||
${postInstall}
|
||||
|
|
|
@ -9,13 +9,7 @@
|
|||
}:
|
||||
|
||||
let
|
||||
util = import ../util {
|
||||
inherit (stdenv) lib;
|
||||
};
|
||||
|
||||
credentialsSpec = util.createCredentialsOrNull {
|
||||
inherit createCredentials credentials forceDisableUserChange;
|
||||
};
|
||||
credentialsSpec = createCredentials credentials;
|
||||
in
|
||||
stdenv.mkDerivation {
|
||||
inherit name;
|
||||
|
@ -26,9 +20,7 @@ stdenv.mkDerivation {
|
|||
${stdenv.lib.optionalString (pidFile != null) "pidFile=${pidFile}"}
|
||||
EOF
|
||||
|
||||
${stdenv.lib.optionalString (credentialsSpec != null) ''
|
||||
ln -s ${credentialsSpec}/dysnomia-support $out/dysnomia-support
|
||||
''}
|
||||
ln -s ${credentialsSpec}/dysnomia-support $out/dysnomia-support
|
||||
|
||||
${postInstall}
|
||||
'';
|
||||
|
|
|
@ -88,19 +88,14 @@ let
|
|||
'';
|
||||
};
|
||||
|
||||
credentialsSpec = util.createCredentialsOrNull {
|
||||
inherit createCredentials credentials forceDisableUserChange;
|
||||
};
|
||||
credentialsSpec = createCredentials credentials;
|
||||
in
|
||||
stdenv.mkDerivation {
|
||||
inherit name;
|
||||
buildCommand = ''
|
||||
mkdir -p $out/Library/LaunchDaemons
|
||||
ln -s ${launchdDaemonConfig} $out/Library/LaunchDaemons/${label}.plist
|
||||
|
||||
${stdenv.lib.optionalString (credentialsSpec != null) ''
|
||||
ln -s ${credentialsSpec}/dysnomia-support $out/dysnomia-support
|
||||
''}
|
||||
ln -s ${credentialsSpec}/dysnomia-support $out/dysnomia-support
|
||||
|
||||
${postInstall}
|
||||
'';
|
||||
|
|
|
@ -63,19 +63,14 @@ let
|
|||
) (builtins.attrNames properties);
|
||||
};
|
||||
|
||||
credentialsSpec = util.createCredentialsOrNull {
|
||||
inherit createCredentials credentials forceDisableUserChange;
|
||||
};
|
||||
credentialsSpec = createCredentials credentials;
|
||||
in
|
||||
stdenv.mkDerivation {
|
||||
inherit name priority;
|
||||
buildCommand = ''
|
||||
mkdir -p $out/conf.d
|
||||
ln -s ${confFile} $out/conf.d/${name}.conf
|
||||
|
||||
${stdenv.lib.optionalString (credentialsSpec != null) ''
|
||||
ln -s ${credentialsSpec}/dysnomia-support $out/dysnomia-support
|
||||
''}
|
||||
ln -s ${credentialsSpec}/dysnomia-support $out/dysnomia-support
|
||||
|
||||
${postInstall}
|
||||
'';
|
||||
|
|
|
@ -100,9 +100,7 @@ let
|
|||
'';
|
||||
};
|
||||
|
||||
credentialsSpec = util.createCredentialsOrNull {
|
||||
inherit createCredentials credentials forceDisableUserChange;
|
||||
};
|
||||
credentialsSpec = createCredentials credentials;
|
||||
in
|
||||
stdenv.mkDerivation {
|
||||
name = "${prefix}${name}";
|
||||
|
@ -119,9 +117,7 @@ stdenv.mkDerivation {
|
|||
'') dependencies}
|
||||
''}
|
||||
|
||||
${stdenv.lib.optionalString (credentialsSpec != null) ''
|
||||
ln -s ${credentialsSpec}/dysnomia-support $out/dysnomia-support
|
||||
''}
|
||||
ln -s ${credentialsSpec}/dysnomia-support $out/dysnomia-support
|
||||
|
||||
${postInstall}
|
||||
'';
|
||||
|
|
|
@ -254,9 +254,7 @@ let
|
|||
if number < 10 then "0${toString number}"
|
||||
else toString number;
|
||||
|
||||
credentialsSpec = util.createCredentialsOrNull {
|
||||
inherit createCredentials credentials forceDisableUserChange;
|
||||
};
|
||||
credentialsSpec = createCredentials credentials;
|
||||
in
|
||||
stdenv.mkDerivation {
|
||||
inherit name;
|
||||
|
@ -280,9 +278,7 @@ stdenv.mkDerivation {
|
|||
ln -s ../init.d/${name} rc${toString runlevel}.d/K${sequenceNumberToString stopSequenceNumber}${name}
|
||||
'') _defaultStop}
|
||||
|
||||
${stdenv.lib.optionalString (credentialsSpec != null) ''
|
||||
ln -s ${credentialsSpec}/dysnomia-support $out/dysnomia-support
|
||||
''}
|
||||
ln -s ${credentialsSpec}/dysnomia-support $out/dysnomia-support
|
||||
|
||||
cd $TMPDIR
|
||||
${postInstall}
|
||||
|
|
|
@ -91,11 +91,4 @@ rec {
|
|||
in
|
||||
if user == null then invocation
|
||||
else "${su} ${user} -c ${lib.escapeShellArgs [ invocation ]}";
|
||||
|
||||
/*
|
||||
* Creates credential configuration files for users and groups, or returns
|
||||
* null if user changing was disabled.
|
||||
*/
|
||||
createCredentialsOrNull = {createCredentials, credentials, forceDisableUserChange}:
|
||||
if credentials == {} || forceDisableUserChange then null else createCredentials credentials;
|
||||
}
|
||||
|
|
|
@ -52,12 +52,9 @@ makeTest {
|
|||
services.xserver = {
|
||||
enable = true;
|
||||
|
||||
displayManager.lightdm = {
|
||||
displayManager.autoLogin = {
|
||||
enable = true;
|
||||
autoLogin = {
|
||||
enable = true;
|
||||
user = "unprivileged";
|
||||
};
|
||||
user = "unprivileged";
|
||||
};
|
||||
|
||||
# Use IceWM as the window manager.
|
||||
|
|
Loading…
Reference in New Issue