diff options
author | Vladimir Pouzanov <farcaller@gmail.com> | 2023-10-14 08:38:25 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-10-14 08:38:25 +0100 |
commit | ed44cfb141a4aa06c7ae078575ce729dfd44a136 (patch) | |
tree | 70d17baa8a8d946770ba6df94195ebec5c4ddffd /nixos/modules/config | |
parent | 093f354a1777e462bd80398c4fc624c4d383dc68 (diff) | |
parent | db7978c88c18e536683430fb882922e127429092 (diff) | |
download | nixpkgs-ed44cfb141a4aa06c7ae078575ce729dfd44a136.tar nixpkgs-ed44cfb141a4aa06c7ae078575ce729dfd44a136.tar.gz nixpkgs-ed44cfb141a4aa06c7ae078575ce729dfd44a136.tar.bz2 nixpkgs-ed44cfb141a4aa06c7ae078575ce729dfd44a136.tar.lz nixpkgs-ed44cfb141a4aa06c7ae078575ce729dfd44a136.tar.xz nixpkgs-ed44cfb141a4aa06c7ae078575ce729dfd44a136.tar.zst nixpkgs-ed44cfb141a4aa06c7ae078575ce729dfd44a136.zip |
Merge branch 'master' into shellconfig
Diffstat (limited to 'nixos/modules/config')
-rw-r--r-- | nixos/modules/config/console.nix | 4 | ||||
-rw-r--r-- | nixos/modules/config/gnu.nix | 43 | ||||
-rw-r--r-- | nixos/modules/config/system-path.nix | 3 | ||||
-rw-r--r-- | nixos/modules/config/users-groups.nix | 45 |
4 files changed, 47 insertions, 48 deletions
diff --git a/nixos/modules/config/console.nix b/nixos/modules/config/console.nix index d06ec0051c4..0a931c6918f 100644 --- a/nixos/modules/config/console.nix +++ b/nixos/modules/config/console.nix @@ -127,8 +127,8 @@ in ${optionalString (config.environment.sessionVariables ? XKB_CONFIG_ROOT) "-I${config.environment.sessionVariables.XKB_CONFIG_ROOT}" } \ - -model '${xkbModel}' -layout '${layout}' \ - -option '${xkbOptions}' -variant '${xkbVariant}' > "$out" + -model '${xkb.model}' -layout '${xkb.layout}' \ + -option '${xkb.options}' -variant '${xkb.variant}' > "$out" ''); } diff --git a/nixos/modules/config/gnu.nix b/nixos/modules/config/gnu.nix deleted file mode 100644 index a47d299b226..00000000000 --- a/nixos/modules/config/gnu.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - options = { - gnu = lib.mkOption { - type = lib.types.bool; - default = false; - description = lib.mdDoc '' - When enabled, GNU software is chosen by default whenever a there is - a choice between GNU and non-GNU software (e.g., GNU lsh - vs. OpenSSH). - ''; - }; - }; - - config = lib.mkIf config.gnu { - - environment.systemPackages = with pkgs; - # TODO: Adjust `requiredPackages' from `system-path.nix'. - # TODO: Add Inetutils once it has the new `ifconfig'. - [ parted - #fdisk # XXX: GNU fdisk currently fails to build and it's redundant - # with the `parted' command. - nano zile - texinfo # for the stand-alone Info reader - ] - ++ lib.optional (!stdenv.isAarch32) grub2; - - - # GNU GRUB, where available. - boot.loader.grub.enable = !pkgs.stdenv.isAarch32; - - # GNU lsh. - services.openssh.enable = false; - services.lshd.enable = true; - programs.ssh.startAgent = false; - services.xserver.startGnuPGAgent = true; - - # TODO: GNU dico. - # TODO: GNU Inetutils' inetd. - # TODO: GNU Pies. - }; -} diff --git a/nixos/modules/config/system-path.nix b/nixos/modules/config/system-path.nix index 222da3e02e8..7e623dec4b1 100644 --- a/nixos/modules/config/system-path.nix +++ b/nixos/modules/config/system-path.nix @@ -42,8 +42,7 @@ let ]; defaultPackageNames = - [ "nano" - "perl" + [ "perl" "rsync" "strace" ]; diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index 0f7209ef9ea..97268a8d83e 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -341,6 +341,20 @@ let administrator before being able to use the system again. ''; }; + + linger = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Whether to enable lingering for this user. If true, systemd user + units will start at boot, rather than starting at login and stopping + at logout. This is the declarative equivalent of running + `loginctl enable-linger` for this user. + + If false, user units will not be started until the user logs in, and + may be stopped on logout depending on the settings in `logind.conf`. + ''; + }; }; config = mkMerge @@ -460,6 +474,8 @@ let gidsAreUnique = idsAreUnique (filterAttrs (n: g: g.gid != null) cfg.groups) "gid"; sdInitrdUidsAreUnique = idsAreUnique (filterAttrs (n: u: u.uid != null) config.boot.initrd.systemd.users) "uid"; sdInitrdGidsAreUnique = idsAreUnique (filterAttrs (n: g: g.gid != null) config.boot.initrd.systemd.groups) "gid"; + groupNames = lib.mapAttrsToList (n: g: g.name) cfg.groups; + usersWithoutExistingGroup = lib.filterAttrs (n: u: !lib.elem u.group groupNames) cfg.users; spec = pkgs.writeText "users-groups.json" (builtins.toJSON { inherit (cfg) mutableUsers; @@ -672,6 +688,20 @@ in { ''; }; + system.activationScripts.update-lingering = let + lingerDir = "/var/lib/systemd/linger"; + lingeringUsers = map (u: u.name) (attrValues (flip filterAttrs cfg.users (n: u: u.linger))); + lingeringUsersFile = builtins.toFile "lingering-users" + (concatStrings (map (s: "${s}\n") + (sort (a: b: a < b) lingeringUsers))); # this sorting is important for `comm` to work correctly + in stringAfter [ "users" ] '' + if [ -e ${lingerDir} ] ; then + cd ${lingerDir} + ls ${lingerDir} | sort | comm -3 -1 ${lingeringUsersFile} - | xargs -r ${pkgs.systemd}/bin/loginctl disable-linger + ls ${lingerDir} | sort | comm -3 -2 ${lingeringUsersFile} - | xargs -r ${pkgs.systemd}/bin/loginctl enable-linger + fi + ''; + # Warn about user accounts with deprecated password hashing schemes system.activationScripts.hashes = { deps = [ "users" ]; @@ -711,7 +741,8 @@ in { environment.profiles = [ "$HOME/.nix-profile" - "\${XDG_STATE_HOME:-$HOME/.local/state}/nix/profile" + "\${XDG_STATE_HOME}/nix/profile" + "$HOME/.local/state/nix/profile" "/etc/profiles/per-user/$USER" ]; @@ -761,6 +792,18 @@ in { { assertion = !cfg.enforceIdUniqueness || (sdInitrdUidsAreUnique && sdInitrdGidsAreUnique); message = "systemd initrd UIDs and GIDs must be unique!"; } + { assertion = usersWithoutExistingGroup == {}; + message = + let + errUsers = lib.attrNames usersWithoutExistingGroup; + missingGroups = lib.unique (lib.mapAttrsToList (n: u: u.group) usersWithoutExistingGroup); + mkConfigHint = group: "users.groups.${group} = {};"; + in '' + The following users have a primary group that is undefined: ${lib.concatStringsSep " " errUsers} + Hint: Add this to your NixOS configuration: + ${lib.concatStringsSep "\n " (map mkConfigHint missingGroups)} + ''; + } { # If mutableUsers is false, to prevent users creating a # configuration that locks them out of the system, ensure that # there is at least one "privileged" account that has a |