diff options
| author | Nikolay Amiantov <ab@fmap.me> | 2022-01-05 13:20:47 +0300 |
|---|---|---|
| committer | Nikolay Amiantov <ab@fmap.me> | 2022-01-09 09:43:55 +0300 |
| commit | f2c5970a7654c8fed9ba13f70071c29161d80c7c (patch) | |
| tree | d5c68ce8a21f5f5f13646431e85d5d2b7a564859 /nixos/modules/config | |
| parent | 95e4f1eff7d887c866241e82aa5bf27e7e237c1a (diff) | |
| download | nixpkgs-f2c5970a7654c8fed9ba13f70071c29161d80c7c.tar nixpkgs-f2c5970a7654c8fed9ba13f70071c29161d80c7c.tar.gz nixpkgs-f2c5970a7654c8fed9ba13f70071c29161d80c7c.tar.bz2 nixpkgs-f2c5970a7654c8fed9ba13f70071c29161d80c7c.tar.lz nixpkgs-f2c5970a7654c8fed9ba13f70071c29161d80c7c.tar.xz nixpkgs-f2c5970a7654c8fed9ba13f70071c29161d80c7c.tar.zst nixpkgs-f2c5970a7654c8fed9ba13f70071c29161d80c7c.zip | |
users-groups service: add autoSubUidGidRange option
Previously we allocated subuids automatically for all normal users. Make this explicitly configurable, so that one can use this for system users too (or explicitly disable for normal users). Also don't allocate automatically by default if a user already has ranges specified statically.
Diffstat (limited to 'nixos/modules/config')
| -rw-r--r-- | nixos/modules/config/update-users-groups.pl | 2 | ||||
| -rw-r--r-- | nixos/modules/config/users-groups.nix | 15 |
2 files changed, 15 insertions, 2 deletions
diff --git a/nixos/modules/config/update-users-groups.pl b/nixos/modules/config/update-users-groups.pl index 232f886789d..26ce561013b 100644 --- a/nixos/modules/config/update-users-groups.pl +++ b/nixos/modules/config/update-users-groups.pl @@ -351,7 +351,7 @@ foreach my $u (values %usersOut) { push @subGids, $value; } - if($u->{isNormalUser}) { + if($u->{autoSubUidGidRange}) { my $subordinate = allocSubUid($name); $subUidMap->{$name} = $subordinate; my $value = join(":", ($name, $subordinate, 65536)); diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index a34d2814341..2470d8b5bfe 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -204,6 +204,16 @@ let ''; }; + autoSubUidGidRange = mkOption { + type = types.bool; + default = false; + example = true; + description = '' + Automatically allocate subordinate user and group ids for this user. + Allocated range is currently always of size 65536. + ''; + }; + createHome = mkOption { type = types.bool; default = false; @@ -320,6 +330,9 @@ let (mkIf (!cfg.mutableUsers && config.initialHashedPassword != null) { hashedPassword = mkDefault config.initialHashedPassword; }) + (mkIf (config.isNormalUser && config.subUidRanges == [] && config.subGidRanges == []) { + autoSubUidGidRange = mkDefault true; + }) ]; }; @@ -419,7 +432,7 @@ let { inherit (u) name uid group description home createHome isSystemUser password passwordFile hashedPassword - isNormalUser subUidRanges subGidRanges + autoSubUidGidRange subUidRanges subGidRanges initialPassword initialHashedPassword; shell = utils.toShellPath u.shell; }) cfg.users; |