Synit: user management?
This commit is contained in:
parent
1650358036
commit
f86e024796
|
@ -1,6 +1,6 @@
|
|||
{ lib, busybox, runtimeShell, toPreserves, writeScript, writeTextFile }:
|
||||
{ lib, busybox, runtimeShell, toPreserves, util, writeScript, writeTextFile }:
|
||||
|
||||
{ name, description, argv, environment, directory, path
|
||||
{ name, description, environment, directory, path, user, process, args
|
||||
# Shell instructions that specify how the state of the process should be initialized.
|
||||
, initialize ? ""
|
||||
# List of services that this configuration depends on.
|
||||
|
@ -9,15 +9,24 @@
|
|||
# Example: [ "<service-state <milestone network> up>" ]
|
||||
, depends-on ? [ ]
|
||||
# Whether the daemon shall be declared as required.
|
||||
, require-service ? true }:
|
||||
, require-service ? true, forceDisableUserChange ? false }:
|
||||
|
||||
let
|
||||
env = environment // {
|
||||
PATH = lib.strings.makeBinPath (path ++ [ busybox ]);
|
||||
};
|
||||
|
||||
user' = util.determineUser { inherit user forceDisableUserChange; };
|
||||
|
||||
processSpec = {
|
||||
inherit argv env;
|
||||
argv = if user' == null then
|
||||
[ process ] ++ args
|
||||
else
|
||||
util.invokeDaemon {
|
||||
inherit process args;
|
||||
su = "su";
|
||||
};
|
||||
inherit env;
|
||||
} // (lib.attrsets.optionalAttrs (directory != null) { dir = directory; });
|
||||
|
||||
serviceName = "<daemon ${name}>";
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
{ lib, busybox, runtimeShell, writeScript, writeTextFile, undaemonize }:
|
||||
|
||||
rec {
|
||||
util = import ./util.nix { inherit lib; };
|
||||
util = import ../util { inherit lib; };
|
||||
|
||||
toPreserves = util.toPreserves { };
|
||||
inherit (import ./util.nix { inherit lib; }) toPreserves;
|
||||
|
||||
createSynitDaemon = import ../../backends/synit/create-synit-daemon.nix {
|
||||
inherit lib busybox runtimeShell writeScript writeTextFile;
|
||||
inherit toPreserves;
|
||||
inherit toPreserves util;
|
||||
};
|
||||
|
||||
generateSynitService =
|
||||
|
|
|
@ -6,12 +6,18 @@
|
|||
|
||||
let
|
||||
generatedTargetSpecificArgs = {
|
||||
inherit name description environment directory path dependencies initialize;
|
||||
inherit name description environment directory path dependencies initialize
|
||||
user;
|
||||
|
||||
argv = map toString (if foregroundProcess != null then
|
||||
[ foregroundProcess ] ++ foregroundProcessArgs
|
||||
process = if foregroundProcess != null then
|
||||
foregroundProcess
|
||||
else
|
||||
[ "${undaemonize}/bin/undaemonize" daemon ] ++ daemonArgs);
|
||||
(lib.getExe undaemonize);
|
||||
|
||||
args = map toString (if foregroundProcess != null then
|
||||
foregroundProcessArgs
|
||||
else
|
||||
[ daemon ] ++ daemonArgs);
|
||||
};
|
||||
|
||||
targetSpecificArgs = if builtins.isFunction overrides then
|
||||
|
|
|
@ -12,11 +12,10 @@ rec {
|
|||
toPreserves { } [{ a = 0; b = 1; } "c" [ true false ] { record = "foo"; }]
|
||||
=> "<foo { a: 0 b: 1 } \"c\" [ #t #f ]>"
|
||||
*/
|
||||
toPreserves = { }@args:
|
||||
toPreserves =
|
||||
let
|
||||
toPreserves' = toPreserves args;
|
||||
concatItems = toString;
|
||||
mapToSeq = lib.strings.concatMapStringsSep " " toPreserves';
|
||||
mapToSeq = lib.strings.concatMapStringsSep " " toPreserves;
|
||||
recordLabel = list:
|
||||
with builtins;
|
||||
let len = length list;
|
||||
|
@ -37,7 +36,7 @@ rec {
|
|||
else if lib.isAttrs v then
|
||||
"{ ${
|
||||
concatItems
|
||||
(lib.attrsets.mapAttrsToList (key: val: "${key}: ${toPreserves' val}")
|
||||
(lib.attrsets.mapAttrsToList (key: val: "${key}: ${toPreserves val}")
|
||||
v)
|
||||
} }"
|
||||
else if lib.isList v then
|
||||
|
|
|
@ -132,10 +132,6 @@ fi
|
|||
|
||||
nixproc-init-state $stateDirArg $runtimeDirArg $logDirArg $tmpDirArg $cacheDirArg $spoolDirArg $lockDirArg $libDirArg $forceDisableUserChangeArg
|
||||
|
||||
# Create new groups and users
|
||||
createNewGroups
|
||||
createNewUsers
|
||||
|
||||
dest_file=/run/etc/syndicate/services/processes.pr
|
||||
|
||||
if [ -e "$dest_file"] && [ ! -L "$dest_file" ]
|
||||
|
@ -144,7 +140,11 @@ then
|
|||
exit 1
|
||||
fi
|
||||
|
||||
ln -sf $profilePath /etc/syndicate/services/processes.pr
|
||||
# Create new groups and users
|
||||
createNewGroups
|
||||
createNewUsers
|
||||
|
||||
ln -sf $profilePath /run/etc/syndicate/services/processes.pr
|
||||
|
||||
# Delete obsolete users and groups
|
||||
deleteObsoleteUsers
|
||||
|
|
Loading…
Reference in New Issue