diff options
author | Symphorien Gibol <symphorien+git@xlumurb.eu> | 2021-03-07 14:54:00 +0100 |
---|---|---|
committer | Symphorien Gibol <symphorien+git@xlumurb.eu> | 2021-04-14 20:40:00 +0200 |
commit | 7a87973b4ced86e1ba94ee84449979d6afebc9ea (patch) | |
tree | fca832b3d43925bd5d420ea083671d662a97e5fe /nixos/modules/services | |
parent | 311ceed827f531f88f46222920cd1ebb2c101f73 (diff) | |
download | nixpkgs-7a87973b4ced86e1ba94ee84449979d6afebc9ea.tar nixpkgs-7a87973b4ced86e1ba94ee84449979d6afebc9ea.tar.gz nixpkgs-7a87973b4ced86e1ba94ee84449979d6afebc9ea.tar.bz2 nixpkgs-7a87973b4ced86e1ba94ee84449979d6afebc9ea.tar.lz nixpkgs-7a87973b4ced86e1ba94ee84449979d6afebc9ea.tar.xz nixpkgs-7a87973b4ced86e1ba94ee84449979d6afebc9ea.tar.zst nixpkgs-7a87973b4ced86e1ba94ee84449979d6afebc9ea.zip |
nixos/users: require one of users.users.name.{isSystemUser,isNormalUser}
As the only consequence of isSystemUser is that if the uid is null then it's allocated below 500, if a user has uid = something below 500 then we don't require isSystemUser to be set. Motivation: https://github.com/NixOS/nixpkgs/issues/112647
Diffstat (limited to 'nixos/modules/services')
-rw-r--r-- | nixos/modules/services/backup/borgbackup.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/databases/pgmanage.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/misc/bazarr.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/misc/nix-daemon.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/monitoring/tuptime.nix | 5 | ||||
-rw-r--r-- | nixos/modules/services/networking/bird.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/networking/ncdns.nix | 6 | ||||
-rw-r--r-- | nixos/modules/services/networking/pixiecore.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/networking/pleroma.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/security/privacyidea.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/web-apps/nextcloud.nix | 1 |
11 files changed, 18 insertions, 3 deletions
diff --git a/nixos/modules/services/backup/borgbackup.nix b/nixos/modules/services/backup/borgbackup.nix index be661b201f0..18fb29fd72a 100644 --- a/nixos/modules/services/backup/borgbackup.nix +++ b/nixos/modules/services/backup/borgbackup.nix @@ -169,6 +169,7 @@ let (map (mkAuthorizedKey cfg false) cfg.authorizedKeys ++ map (mkAuthorizedKey cfg true) cfg.authorizedKeysAppendOnly); useDefaultShell = true; + isSystemUser = true; }; groups.${cfg.group} = { }; }; diff --git a/nixos/modules/services/databases/pgmanage.nix b/nixos/modules/services/databases/pgmanage.nix index 0f8634dab31..8508e76b5cd 100644 --- a/nixos/modules/services/databases/pgmanage.nix +++ b/nixos/modules/services/databases/pgmanage.nix @@ -197,6 +197,7 @@ in { group = pgmanage; home = cfg.sqlRoot; createHome = true; + isSystemUser = true; }; groups.${pgmanage} = { name = pgmanage; diff --git a/nixos/modules/services/misc/bazarr.nix b/nixos/modules/services/misc/bazarr.nix index d3fd5b08cc8..99343a146a7 100644 --- a/nixos/modules/services/misc/bazarr.nix +++ b/nixos/modules/services/misc/bazarr.nix @@ -64,6 +64,7 @@ in users.users = mkIf (cfg.user == "bazarr") { bazarr = { + isSystemUser = true; group = cfg.group; home = "/var/lib/${config.systemd.services.bazarr.serviceConfig.StateDirectory}"; }; diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index 64bdbf159d5..133e96da0ec 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -21,6 +21,7 @@ let calls in `libstore/build.cc', don't add any supplementary group here except "nixbld". */ uid = builtins.add config.ids.uids.nixbld nr; + isSystemUser = true; group = "nixbld"; extraGroups = [ "nixbld" ]; }; diff --git a/nixos/modules/services/monitoring/tuptime.nix b/nixos/modules/services/monitoring/tuptime.nix index 8f79d916599..17c5c1f56ea 100644 --- a/nixos/modules/services/monitoring/tuptime.nix +++ b/nixos/modules/services/monitoring/tuptime.nix @@ -34,7 +34,10 @@ in { users = { groups._tuptime.members = [ "_tuptime" ]; - users._tuptime.description = "tuptime database owner"; + users._tuptime = { + isSystemUser = true; + description = "tuptime database owner"; + }; }; systemd = { diff --git a/nixos/modules/services/networking/bird.nix b/nixos/modules/services/networking/bird.nix index 6d7e7760d94..1923afdf83f 100644 --- a/nixos/modules/services/networking/bird.nix +++ b/nixos/modules/services/networking/bird.nix @@ -73,6 +73,7 @@ let users.${variant} = { description = "BIRD Internet Routing Daemon user"; group = variant; + isSystemUser = true; }; groups.${variant} = {}; }; diff --git a/nixos/modules/services/networking/ncdns.nix b/nixos/modules/services/networking/ncdns.nix index c1832ad1752..d30fe0f6f6d 100644 --- a/nixos/modules/services/networking/ncdns.nix +++ b/nixos/modules/services/networking/ncdns.nix @@ -243,8 +243,10 @@ in xlog.journal = true; }; - users.users.ncdns = - { description = "ncdns daemon user"; }; + users.users.ncdns = { + isSystemUser = true; + description = "ncdns daemon user"; + }; systemd.services.ncdns = { description = "ncdns daemon"; diff --git a/nixos/modules/services/networking/pixiecore.nix b/nixos/modules/services/networking/pixiecore.nix index 85aa40784af..d2642c82c2d 100644 --- a/nixos/modules/services/networking/pixiecore.nix +++ b/nixos/modules/services/networking/pixiecore.nix @@ -93,6 +93,7 @@ in users.users.pixiecore = { description = "Pixiecore daemon user"; group = "pixiecore"; + isSystemUser = true; }; networking.firewall = mkIf cfg.openFirewall { diff --git a/nixos/modules/services/networking/pleroma.nix b/nixos/modules/services/networking/pleroma.nix index 9b2bf9f6124..2687230a158 100644 --- a/nixos/modules/services/networking/pleroma.nix +++ b/nixos/modules/services/networking/pleroma.nix @@ -75,6 +75,7 @@ in { description = "Pleroma user"; home = cfg.stateDir; extraGroups = [ cfg.group ]; + isSystemUser = true; }; groups."${cfg.group}" = {}; }; diff --git a/nixos/modules/services/security/privacyidea.nix b/nixos/modules/services/security/privacyidea.nix index f7b40089a93..2696dca4c76 100644 --- a/nixos/modules/services/security/privacyidea.nix +++ b/nixos/modules/services/security/privacyidea.nix @@ -264,6 +264,7 @@ in users.users.privacyidea = mkIf (cfg.user == "privacyidea") { group = cfg.group; + isSystemUser = true; }; users.groups.privacyidea = mkIf (cfg.group == "privacyidea") {}; @@ -294,6 +295,7 @@ in users.users.pi-ldap-proxy = mkIf (cfg.ldap-proxy.user == "pi-ldap-proxy") { group = cfg.ldap-proxy.group; + isSystemUser = true; }; users.groups.pi-ldap-proxy = mkIf (cfg.ldap-proxy.group == "pi-ldap-proxy") {}; diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index 9a541aba6e4..58e8e5a0a8b 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -607,6 +607,7 @@ in { home = "${cfg.home}"; group = "nextcloud"; createHome = true; + isSystemUser = true; }; users.groups.nextcloud.members = [ "nextcloud" config.services.nginx.user ]; |