From c2c88ae983c236839c24f547a0047310f8c69647 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 11 Nov 2024 00:21:42 +1100 Subject: users: remove `lib.` --- modules/users/default.nix | 42 ++++++++++++++++++++++-------------------- 1 file changed, 22 insertions(+), 20 deletions(-) (limited to 'modules') diff --git a/modules/users/default.nix b/modules/users/default.nix index 434b1da..2adf813 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -1,8 +1,10 @@ { config, lib, pkgs, ... }: let - inherit (lib) concatStringsSep concatMapStringsSep elem filter filterAttrs - mapAttrs' mapAttrsToList mkIf mkMerge mkOption mkOrder optionalString types; + inherit (lib) concatStringsSep concatMapStringsSep elem escapeShellArg + escapeShellArgs filter filterAttrs mapAttrs' mapAttrsToList mkAfter + mkIf mkMerge mkOption mkOrder mkRemovedOptionModule optionals + optionalString types; cfg = config.users; @@ -42,7 +44,7 @@ in { imports = [ - (lib.mkRemovedOptionModule [ "users" "forceRecreate" ] "") + (mkRemovedOptionModule [ "users" "forceRecreate" ] "") ]; options = { @@ -111,7 +113,7 @@ in # NOTE: We put this in `system.checks` as we want this to run first to avoid partial activations # however currently that runs at user level activation as that runs before system level activation # TODO: replace `$USER` with `$SUDO_USER` when system.checks runs from system level - system.checks.text = lib.mkIf (builtins.length (createdUsers ++ deletedUsers) > 0) (lib.mkAfter '' + system.checks.text = mkIf (builtins.length (createdUsers ++ deletedUsers) > 0) (mkAfter '' ensurePerms() { homeDirectory=$(dscl . -read /Users/nobody NFSHomeDirectory) homeDirectory=''${homeDirectory#NFSHomeDirectory: } @@ -158,8 +160,8 @@ in } ${concatMapStringsSep "\n" (v: let - name = lib.escapeShellArg v.name; - dsclUser = lib.escapeShellArg "/Users/${v.name}"; + name = escapeShellArg v.name; + dsclUser = escapeShellArg "/Users/${v.name}"; in '' u=$(id -u ${name} 2> /dev/null) || true if ! [[ -n "$u" && "$u" -ne "${toString v.uid}" ]]; then @@ -170,7 +172,7 @@ in else homeDirectory=$(dscl . -read ${dsclUser} NFSHomeDirectory) homeDirectory=''${homeDirectory#NFSHomeDirectory: } - if [[ ${lib.escapeShellArg v.home} != "$homeDirectory" ]]; then + if [[ ${escapeShellArg v.home} != "$homeDirectory" ]]; then printf >&2 '\e[1;31merror: config contains the wrong home directory for %s, aborting activation\e[0m\n' ${name} printf >&2 'nix-darwin does not support changing the home directory of existing users.\n' printf >&2 '\n' @@ -187,7 +189,7 @@ in '') createdUsers} ${concatMapStringsSep "\n" (v: let - name = lib.escapeShellArg v; + name = escapeShellArg v; in '' u=$(id -u ${name} 2> /dev/null) || true if [ -n "$u" ]; then @@ -209,14 +211,14 @@ in echo "setting up groups..." >&2 ${concatMapStringsSep "\n" (v: let - dsclGroup = lib.escapeShellArg "/Groups/${v.name}"; + dsclGroup = escapeShellArg "/Groups/${v.name}"; in '' g=$(dscl . -read ${dsclGroup} PrimaryGroupID 2> /dev/null) || true g=''${g#PrimaryGroupID: } if [ -z "$g" ]; then echo "creating group ${v.name}..." >&2 dscl . -create ${dsclGroup} PrimaryGroupID ${toString v.gid} - dscl . -create ${dsclGroup} RealName ${lib.escapeShellArg v.description} + dscl . -create ${dsclGroup} RealName ${escapeShellArg v.description} g=${toString v.gid} fi @@ -224,7 +226,7 @@ in g=$(dscl . -read ${dsclGroup} GroupMembership 2> /dev/null) || true if [ "$g" != 'GroupMembership: ${concatStringsSep " " v.members}' ]; then echo "updating group members ${v.name}..." >&2 - dscl . -create ${dsclGroup} GroupMembership ${lib.escapeShellArgs v.members} + dscl . -create ${dsclGroup} GroupMembership ${escapeShellArgs v.members} fi else echo "warning: existing group '${v.name}' has unexpected gid $g, skipping..." >&2 @@ -232,7 +234,7 @@ in '') createdGroups} ${concatMapStringsSep "\n" (name: let - dsclGroup = lib.escapeShellArg "/Groups/${name}"; + dsclGroup = escapeShellArg "/Groups/${name}"; in '' g=$(dscl . -read ${dsclGroup} PrimaryGroupID 2> /dev/null) || true g=''${g#PrimaryGroupID: } @@ -251,8 +253,8 @@ in echo "setting up users..." >&2 ${concatMapStringsSep "\n" (v: let - name = lib.escapeShellArg v.name; - dsclUser = lib.escapeShellArg "/Users/${v.name}"; + name = escapeShellArg v.name; + dsclUser = escapeShellArg "/Users/${v.name}"; in '' u=$(id -u ${name} 2> /dev/null) || true if [[ -n "$u" && "$u" -ne "${toString v.uid}" ]]; then @@ -261,11 +263,11 @@ in if [ -z "$u" ]; then echo "creating user ${v.name}..." >&2 - sysadminctl -addUser ${lib.escapeShellArgs ([ + sysadminctl -addUser ${escapeShellArgs ([ v.name "-UID" v.uid "-GID" v.gid ] - ++ (lib.optionals (v.description != null) [ "-fullName" v.description ]) + ++ (optionals (v.description != null) [ "-fullName" v.description ]) ++ [ "-home" (if v.home != null then v.home else "/var/empty") ] ++ [ "-shell" (if v.shell != null then shellPath v.shell else "/usr/bin/false") ])} 2> /dev/null @@ -284,17 +286,17 @@ in # Update properties on known users to keep them inline with configuration dscl . -create ${dsclUser} PrimaryGroupID ${toString v.gid} - ${optionalString (v.description != null) "dscl . -create ${dsclUser} RealName ${lib.escapeShellArg v.description}"} - ${optionalString (v.shell != null) "dscl . -create ${dsclUser} UserShell ${lib.escapeShellArg (shellPath v.shell)}"} + ${optionalString (v.description != null) "dscl . -create ${dsclUser} RealName ${escapeShellArg v.description}"} + ${optionalString (v.shell != null) "dscl . -create ${dsclUser} UserShell ${escapeShellArg (shellPath v.shell)}"} fi '') createdUsers} ${concatMapStringsSep "\n" (name: '' - u=$(id -u ${lib.escapeShellArg name} 2> /dev/null) || true + u=$(id -u ${escapeShellArg name} 2> /dev/null) || true if [ -n "$u" ]; then if [ "$u" -gt 501 ]; then echo "deleting user ${name}..." >&2 - dscl . -delete ${lib.escapeShellArg "/Users/${name}"} + dscl . -delete ${escapeShellArg "/Users/${name}"} else echo "warning: existing user '${name}' has unexpected uid $u, skipping..." >&2 fi -- cgit v1.2.3 From 5eb88645f74396d4b80fdf736ddd63afbe8320d5 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 11 Nov 2024 00:08:42 +1100 Subject: users: assert that `programs..enable = true;` for users' shells Backport of https://github.com/NixOS/nixpkgs/pull/211603 and https://github.com/NixOS/nixpkgs/commit/093f354a1777e462bd80398c4fc624c4d383dc68 --- modules/users/default.nix | 28 +++++++++++++++++++++++++--- modules/users/user.nix | 11 +++++++++++ 2 files changed, 36 insertions(+), 3 deletions(-) (limited to 'modules') diff --git a/modules/users/default.nix b/modules/users/default.nix index 2adf813..ade4ffb 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -2,8 +2,8 @@ let inherit (lib) concatStringsSep concatMapStringsSep elem escapeShellArg - escapeShellArgs filter filterAttrs mapAttrs' mapAttrsToList mkAfter - mkIf mkMerge mkOption mkOrder mkRemovedOptionModule optionals + escapeShellArgs filter filterAttrs flatten flip mapAttrs' mapAttrsToList + mkAfter mkIf mkMerge mkOption mkOrder mkRemovedOptionModule optionals optionalString types; cfg = config.users; @@ -105,7 +105,29 @@ in assertion = !builtins.elem "root" deletedUsers; message = "Remove `root` from `users.knownUsers` if you no longer want nix-darwin to manage it."; } - ]; + ] ++ flatten (flip mapAttrsToList cfg.users (name: user: + map (shell: { + assertion = let + s = user.shell.pname or null; + in + !user.ignoreShellProgramCheck -> (s == shell || (shell == "bash" && s == "bash-interactive")) -> (config.programs.${shell}.enable == true); + message = '' + users.users.${user.name}.shell is set to ${shell}, but + programs.${shell}.enable is not true. This will cause the ${shell} + shell to lack the basic Nix directories in its PATH and might make + logging in as that user impossible. You can fix it with: + programs.${shell}.enable = true; + + If you know what you're doing and you are fine with the behavior, + set users.users.${user.name}.ignoreShellProgramCheck = true; + instead. + ''; + }) [ + "bash" + "fish" + "zsh" + ] + )); users.gids = mkMerge gids; users.uids = mkMerge uids; diff --git a/modules/users/user.nix b/modules/users/user.nix index 9689e05..5256ac3 100644 --- a/modules/users/user.nix +++ b/modules/users/user.nix @@ -84,6 +84,17 @@ ''; }; + ignoreShellProgramCheck = mkOption { + type = types.bool; + default = false; + description = '' + By default, nix-darwin will check that programs.SHELL.enable is set to + true if the user has a custom shell specified. If that behavior isn't + required and there are custom overrides in place to make sure that the + shell is functional, set this to true. + ''; + }; + packages = mkOption { type = types.listOf types.package; default = []; -- cgit v1.2.3 From 8b27551e094666e6beb273c484392fa205bb0c97 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 11 Nov 2024 00:08:42 +1100 Subject: users: warn users to use `pkgs.bashInteractive` instead of `pkgs.bash` --- modules/users/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'modules') diff --git a/modules/users/default.nix b/modules/users/default.nix index ade4ffb..574f5a4 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -129,6 +129,12 @@ in ] )); + warnings = flatten (flip mapAttrsToList cfg.users (name: user: + mkIf + (user.shell.pname or null == "bash") + "Set `users.users.${name}.shell = pkgs.bashInteractive;` instead of `pkgs.bash` as it does not include `readline`." + )); + users.gids = mkMerge gids; users.uids = mkMerge uids; -- cgit v1.2.3 From 2bacd8db310f479fab713829663d4b36913553cf Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 11 Nov 2024 00:54:26 +1100 Subject: environment: fix `lowPrio` support in `environment.systemPackages` --- modules/environment/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'modules') diff --git a/modules/environment/default.nix b/modules/environment/default.nix index 994c77a..fc4db2a 100644 --- a/modules/environment/default.nix +++ b/modules/environment/default.nix @@ -197,6 +197,7 @@ in name = "system-path"; paths = cfg.systemPackages; postBuild = cfg.extraSetup; + ignoreCollisions = true; inherit (cfg) pathsToLink extraOutputsToInstall; }; -- cgit v1.2.3