users: add support for group members

Unlike user options this is updated if the group already exists.

1 files changed, 12 insertions, 3 deletions

diff --git a/modules/users/default.nix b/modules/users/default.nix
index fb43265..0a4c1de 100644
--- a/modules/users/default.nix
+++ b/modules/users/default.nix
@@ -8,6 +8,8 @@ let
   group = import ./group.nix;
   user = import ./user.nix;
 
+  toArguments = concatMapStringsSep " " (v: "'${v}'");
+
   isCreated = list: name: elem name list;
   isDeleted = attrs: name: ! elem name (mapAttrsToList (n: v: v.name) attrs);
 
@@ -56,10 +58,17 @@ in
           echo "creating group ${v.name}..." >&2
           dscl . -create '/Groups/${v.name}' PrimaryGroupID ${toString v.gid}
           dscl . -create '/Groups/${v.name}' RealName '${v.description}'
-        else
-          if [ "$g" -ne ${toString v.gid} ]; then
-            echo "warning: existing group '${v.name}' has unexpected gid $g, skipping..." >&2
+          g=${toString v.gid}
+        fi
+
+        if [ "$g" -eq ${toString v.gid} ]; then
+          g=$(dscl . -read '/Groups/${v.name}' GroupMembership 2> /dev/null) || true
+          if [ "$g" != 'GroupMembership: ${concatStringsSep " " v.members}' ]; then
+            echo "updating group members ${v.name}..." >&2
+            dscl . -create '/Groups/${v.name}' GroupMembership ${toArguments v.members}
           fi
+        else
+          echo "warning: existing group '${v.name}' has unexpected gid $g, skipping..." >&2
         fi
       '') createdGroups}