diff options
| author | Michael Hoang <enzime@users.noreply.github.com> | 2024-11-11 00:08:42 +1100 |
|---|---|---|
| committer | Michael Hoang <enzime@users.noreply.github.com> | 2024-11-11 15:19:41 +1100 |
| commit | 5eb88645f74396d4b80fdf736ddd63afbe8320d5 (patch) | |
| tree | 47a51de378adceb83317618b2b8d64ff60fb5911 /modules/users/default.nix | |
| parent | c2c88ae983c236839c24f547a0047310f8c69647 (diff) | |
users: assert that `programs.<shell>.enable = true;` for users' shells
Backport of https://github.com/NixOS/nixpkgs/pull/211603 and https://github.com/NixOS/nixpkgs/commit/093f354a1777e462bd80398c4fc624c4d383dc68
Diffstat (limited to 'modules/users/default.nix')
| -rw-r--r-- | modules/users/default.nix | 28 |
1 files changed, 25 insertions, 3 deletions
diff --git a/modules/users/default.nix b/modules/users/default.nix index 2adf813..ade4ffb 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -2,8 +2,8 @@ let inherit (lib) concatStringsSep concatMapStringsSep elem escapeShellArg - escapeShellArgs filter filterAttrs mapAttrs' mapAttrsToList mkAfter - mkIf mkMerge mkOption mkOrder mkRemovedOptionModule optionals + escapeShellArgs filter filterAttrs flatten flip mapAttrs' mapAttrsToList + mkAfter mkIf mkMerge mkOption mkOrder mkRemovedOptionModule optionals optionalString types; cfg = config.users; @@ -105,7 +105,29 @@ in assertion = !builtins.elem "root" deletedUsers; message = "Remove `root` from `users.knownUsers` if you no longer want nix-darwin to manage it."; } - ]; + ] ++ flatten (flip mapAttrsToList cfg.users (name: user: + map (shell: { + assertion = let + s = user.shell.pname or null; + in + !user.ignoreShellProgramCheck -> (s == shell || (shell == "bash" && s == "bash-interactive")) -> (config.programs.${shell}.enable == true); + message = '' + users.users.${user.name}.shell is set to ${shell}, but + programs.${shell}.enable is not true. This will cause the ${shell} + shell to lack the basic Nix directories in its PATH and might make + logging in as that user impossible. You can fix it with: + programs.${shell}.enable = true; + + If you know what you're doing and you are fine with the behavior, + set users.users.${user.name}.ignoreShellProgramCheck = true; + instead. + ''; + }) [ + "bash" + "fish" + "zsh" + ] + )); users.gids = mkMerge gids; users.uids = mkMerge uids; |