From c95612a5a2d4bd93011c042066c6c3deacfd436d Mon Sep 17 00:00:00 2001 From: worldofpeace Date: Sun, 26 Jan 2020 17:41:19 -0500 Subject: nixos/display-managers/auto: remove This module allows root autoLogin, so we would break that for users, but they shouldn't be using it anyways. This gives the impression like auto is some special display manager, when it's just lightdm and special pam rules to allow root autoLogin. It was created for NixOS's testing so I believe this is where it belongs. --- nixos/doc/manual/configuration/x-windows.xml | 9 ++- nixos/doc/manual/release-notes/rl-2003.xml | 33 +++++++++++ nixos/modules/module-list.nix | 1 - nixos/modules/rename.nix | 7 +++ .../modules/services/x11/display-managers/auto.nix | 68 ---------------------- nixos/modules/services/x11/xserver.nix | 3 +- nixos/tests/chromium.nix | 2 +- nixos/tests/common/auto.nix | 68 ++++++++++++++++++++++ nixos/tests/common/x11.nix | 9 ++- nixos/tests/i3wm.nix | 2 +- nixos/tests/signal-desktop.nix | 2 +- nixos/tests/systemd.nix | 2 +- nixos/tests/virtualbox.nix | 2 +- nixos/tests/xautolock.nix | 2 +- nixos/tests/xfce.nix | 14 ++++- nixos/tests/xmonad.nix | 2 +- nixos/tests/xrdp.nix | 2 +- nixos/tests/xss-lock.nix | 4 +- nixos/tests/yabar.nix | 2 +- 19 files changed, 144 insertions(+), 90 deletions(-) delete mode 100644 nixos/modules/services/x11/display-managers/auto.nix create mode 100644 nixos/tests/common/auto.nix diff --git a/nixos/doc/manual/configuration/x-windows.xml b/nixos/doc/manual/configuration/x-windows.xml index 55ad9fe6e65..06dd7c8bfb9 100644 --- a/nixos/doc/manual/configuration/x-windows.xml +++ b/nixos/doc/manual/configuration/x-windows.xml @@ -85,11 +85,14 @@ = "none+i3"; - And, finally, to enable auto-login for a user johndoe: + Every display manager in NixOS supports auto-login, here is an example + using lightdm for a user alice: - = true; - = "johndoe"; + = true; + = true; + = "alice"; + The options are named identically for all other display managers. diff --git a/nixos/doc/manual/release-notes/rl-2003.xml b/nixos/doc/manual/release-notes/rl-2003.xml index f268f583f09..67e7c861eff 100644 --- a/nixos/doc/manual/release-notes/rl-2003.xml +++ b/nixos/doc/manual/release-notes/rl-2003.xml @@ -457,6 +457,39 @@ users.users.me = The gcc5 and gfortran5 packages have been removed. + + + The module has been removed. + It was only intended for use in internal NixOS tests, and gave the false impression + of it being a special display manager when it's actually LightDM. + Please use the options instead, + or any other display manager in NixOS as they all support auto-login. If you used this module specifically + because it permitted root auto-login you can override the lightdm-autologin pam module like: + +security.pam.services.lightdm-autologin.text = lib.mkForce '' + auth requisite pam_nologin.so + auth required pam_succeed_if.so quiet + auth required pam_permit.so + + account include lightdm + + password include lightdm + + session include lightdm +''; + + The difference is the: + +auth required pam_succeed_if.so quiet + + line, where default it's: + +auth required pam_succeed_if.so uid >= 1000 quiet + + not permitting users with uid's below 1000 (like root). + All other display managers in NixOS are configured like this. + + diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 3dd414ffb0a..9957fdbb5c4 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -865,7 +865,6 @@ ./services/x11/unclutter.nix ./services/x11/unclutter-xfixes.nix ./services/x11/desktop-managers/default.nix - ./services/x11/display-managers/auto.nix ./services/x11/display-managers/default.nix ./services/x11/display-managers/gdm.nix ./services/x11/display-managers/lightdm.nix diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index 26de8a18d92..dbe687d8e22 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -34,6 +34,13 @@ with lib; as the underlying package isn't being maintained. Working alternatives are libinput and synaptics. '') + (mkRemovedOptionModule [ "services" "xserver" "displayManager" "auto" ] '' + The services.xserver.displayManager.auto module has been removed + because it was only intended for use in internal NixOS tests, and gave the + false impression of it being a special display manager when it's actually + LightDM. Please use the services.xserver.displayManager.lightdm.autoLogin options + instead, or any other display manager in NixOS as they all support auto-login. + '') # Do NOT add any option renames here, see top of the file ]; diff --git a/nixos/modules/services/x11/display-managers/auto.nix b/nixos/modules/services/x11/display-managers/auto.nix deleted file mode 100644 index 1068a344e0c..00000000000 --- a/nixos/modules/services/x11/display-managers/auto.nix +++ /dev/null @@ -1,68 +0,0 @@ -{ config, lib, ... }: - -with lib; - -let - - dmcfg = config.services.xserver.displayManager; - cfg = dmcfg.auto; - -in - -{ - - ###### interface - - options = { - - services.xserver.displayManager.auto = { - - enable = mkOption { - default = false; - description = '' - Whether to enable the fake "auto" display manager, which - automatically logs in the user specified in the - option. This is mostly useful for - automated tests. - ''; - }; - - user = mkOption { - default = "root"; - description = "The user account to login automatically."; - }; - - }; - - }; - - - ###### implementation - - config = mkIf cfg.enable { - - services.xserver.displayManager.lightdm = { - enable = true; - autoLogin = { - enable = true; - user = cfg.user; - }; - }; - - # lightdm by default doesn't allow auto login for root, which is - # required by some nixos tests. Override it here. - security.pam.services.lightdm-autologin.text = lib.mkForce '' - auth requisite pam_nologin.so - auth required pam_succeed_if.so quiet - auth required pam_permit.so - - account include lightdm - - password include lightdm - - session include lightdm - ''; - - }; - -} diff --git a/nixos/modules/services/x11/xserver.nix b/nixos/modules/services/x11/xserver.nix index 7029919170a..7f0de96d208 100644 --- a/nixos/modules/services/x11/xserver.nix +++ b/nixos/modules/services/x11/xserver.nix @@ -556,8 +556,7 @@ in services.xserver.displayManager.lightdm.enable = let dmconf = cfg.displayManager; - default = !( dmconf.auto.enable - || dmconf.gdm.enable + default = !(dmconf.gdm.enable || dmconf.sddm.enable || dmconf.xpra.enable ); in mkIf (default) true; diff --git a/nixos/tests/chromium.nix b/nixos/tests/chromium.nix index a5531d112e3..3844255bd8a 100644 --- a/nixos/tests/chromium.nix +++ b/nixos/tests/chromium.nix @@ -23,7 +23,7 @@ mapAttrs (channel: chromiumPkg: makeTest rec { machine.imports = [ ./common/user-account.nix ./common/x11.nix ]; machine.virtualisation.memorySize = 2047; - machine.services.xserver.displayManager.auto.user = "alice"; + machine.test-support.displayManager.auto.user = "alice"; machine.environment.systemPackages = [ chromiumPkg ]; startupHTML = pkgs.writeText "chromium-startup.html" '' diff --git a/nixos/tests/common/auto.nix b/nixos/tests/common/auto.nix new file mode 100644 index 00000000000..2c21a8d5167 --- /dev/null +++ b/nixos/tests/common/auto.nix @@ -0,0 +1,68 @@ +{ config, lib, ... }: + +with lib; + +let + + dmcfg = config.services.xserver.displayManager; + cfg = config.test-support.displayManager.auto; + +in + +{ + + ###### interface + + options = { + + test-support.displayManager.auto = { + + enable = mkOption { + default = false; + description = '' + Whether to enable the fake "auto" display manager, which + automatically logs in the user specified in the + option. This is mostly useful for + automated tests. + ''; + }; + + user = mkOption { + default = "root"; + description = "The user account to login automatically."; + }; + + }; + + }; + + + ###### implementation + + config = mkIf cfg.enable { + + services.xserver.displayManager.lightdm = { + enable = true; + autoLogin = { + enable = true; + user = cfg.user; + }; + }; + + # lightdm by default doesn't allow auto login for root, which is + # required by some nixos tests. Override it here. + security.pam.services.lightdm-autologin.text = lib.mkForce '' + auth requisite pam_nologin.so + auth required pam_succeed_if.so quiet + auth required pam_permit.so + + account include lightdm + + password include lightdm + + session include lightdm + ''; + + }; + +} diff --git a/nixos/tests/common/x11.nix b/nixos/tests/common/x11.nix index 5ad0ac20fac..0d76a0e972f 100644 --- a/nixos/tests/common/x11.nix +++ b/nixos/tests/common/x11.nix @@ -1,9 +1,14 @@ { lib, ... }: -{ services.xserver.enable = true; +{ + imports = [ + ./auto.nix + ]; + + services.xserver.enable = true; # Automatically log in. - services.xserver.displayManager.auto.enable = true; + test-support.displayManager.auto.enable = true; # Use IceWM as the window manager. # Don't use a desktop manager. diff --git a/nixos/tests/i3wm.nix b/nixos/tests/i3wm.nix index 126178d1187..b527aa706ad 100644 --- a/nixos/tests/i3wm.nix +++ b/nixos/tests/i3wm.nix @@ -6,7 +6,7 @@ import ./make-test-python.nix ({ pkgs, ...} : { machine = { lib, ... }: { imports = [ ./common/x11.nix ./common/user-account.nix ]; - services.xserver.displayManager.auto.user = "alice"; + test-support.displayManager.auto.user = "alice"; services.xserver.displayManager.defaultSession = lib.mkForce "none+i3"; services.xserver.windowManager.i3.enable = true; }; diff --git a/nixos/tests/signal-desktop.nix b/nixos/tests/signal-desktop.nix index c746d46dc55..ae141fe116d 100644 --- a/nixos/tests/signal-desktop.nix +++ b/nixos/tests/signal-desktop.nix @@ -15,7 +15,7 @@ import ./make-test-python.nix ({ pkgs, ...} : ]; services.xserver.enable = true; - services.xserver.displayManager.auto.user = "alice"; + test-support.displayManager.auto.user = "alice"; environment.systemPackages = [ pkgs.signal-desktop ]; }; diff --git a/nixos/tests/systemd.nix b/nixos/tests/systemd.nix index 4b71b4d6759..9a9b526e332 100644 --- a/nixos/tests/systemd.nix +++ b/nixos/tests/systemd.nix @@ -19,7 +19,7 @@ import ./make-test.nix ({ pkgs, ... }: { systemd.extraConfig = "DefaultEnvironment=\"XXX_SYSTEM=foo\""; systemd.user.extraConfig = "DefaultEnvironment=\"XXX_USER=bar\""; services.journald.extraConfig = "Storage=volatile"; - services.xserver.displayManager.auto.user = "alice"; + test-support.displayManager.auto.user = "alice"; systemd.shutdown.test = pkgs.writeScript "test.shutdown" '' #!${pkgs.stdenv.shell} diff --git a/nixos/tests/virtualbox.nix b/nixos/tests/virtualbox.nix index 32637d2c1ef..f03dc1cc413 100644 --- a/nixos/tests/virtualbox.nix +++ b/nixos/tests/virtualbox.nix @@ -356,7 +356,7 @@ let virtualisation.qemu.options = if useKvmNestedVirt then ["-cpu" "kvm64,vmx=on"] else []; virtualisation.virtualbox.host.enable = true; - services.xserver.displayManager.auto.user = "alice"; + test-support.displayManager.auto.user = "alice"; users.users.alice.extraGroups = let inherit (config.virtualisation.virtualbox.host) enableHardening; in lib.mkIf enableHardening (lib.singleton "vboxusers"); diff --git a/nixos/tests/xautolock.nix b/nixos/tests/xautolock.nix index 10e92b40e95..4a8d3f4cebf 100644 --- a/nixos/tests/xautolock.nix +++ b/nixos/tests/xautolock.nix @@ -9,7 +9,7 @@ with lib; nodes.machine = { imports = [ ./common/x11.nix ./common/user-account.nix ]; - services.xserver.displayManager.auto.user = "bob"; + test-support.displayManager.auto.user = "bob"; services.xserver.xautolock.enable = true; services.xserver.xautolock.time = 1; }; diff --git a/nixos/tests/xfce.nix b/nixos/tests/xfce.nix index 3ea96b38363..99065669661 100644 --- a/nixos/tests/xfce.nix +++ b/nixos/tests/xfce.nix @@ -4,12 +4,20 @@ import ./make-test-python.nix ({ pkgs, ...} : { machine = { pkgs, ... }: - { imports = [ ./common/user-account.nix ]; + { + imports = [ + ./common/user-account.nix + ]; services.xserver.enable = true; - services.xserver.displayManager.auto.enable = true; - services.xserver.displayManager.auto.user = "alice"; + services.xserver.displayManager.lightdm = { + enable = true; + autoLogin = { + enable = true; + user = "alice"; + }; + }; services.xserver.desktopManager.xfce.enable = true; diff --git a/nixos/tests/xmonad.nix b/nixos/tests/xmonad.nix index ef711f8dcf6..56baae8b9d3 100644 --- a/nixos/tests/xmonad.nix +++ b/nixos/tests/xmonad.nix @@ -6,7 +6,7 @@ import ./make-test-python.nix ({ pkgs, ...} : { machine = { pkgs, ... }: { imports = [ ./common/x11.nix ./common/user-account.nix ]; - services.xserver.displayManager.auto.user = "alice"; + test-support.displayManager.auto.user = "alice"; services.xserver.displayManager.defaultSession = "none+xmonad"; services.xserver.windowManager.xmonad = { enable = true; diff --git a/nixos/tests/xrdp.nix b/nixos/tests/xrdp.nix index 1aceeffb955..6d7f2b9249f 100644 --- a/nixos/tests/xrdp.nix +++ b/nixos/tests/xrdp.nix @@ -14,7 +14,7 @@ import ./make-test-python.nix ({ pkgs, ...} : { client = { pkgs, ... }: { imports = [ ./common/x11.nix ./common/user-account.nix ]; - services.xserver.displayManager.auto.user = "alice"; + test-support.displayManager.auto.user = "alice"; environment.systemPackages = [ pkgs.freerdp ]; services.xrdp.enable = true; services.xrdp.defaultWindowManager = "${pkgs.icewm}/bin/icewm"; diff --git a/nixos/tests/xss-lock.nix b/nixos/tests/xss-lock.nix index 3a7dea07d53..b77bbbbb3c4 100644 --- a/nixos/tests/xss-lock.nix +++ b/nixos/tests/xss-lock.nix @@ -10,12 +10,12 @@ with lib; simple = { imports = [ ./common/x11.nix ./common/user-account.nix ]; programs.xss-lock.enable = true; - services.xserver.displayManager.auto.user = "alice"; + test-support.displayManager.auto.user = "alice"; }; custom_lockcmd = { pkgs, ... }: { imports = [ ./common/x11.nix ./common/user-account.nix ]; - services.xserver.displayManager.auto.user = "alice"; + test-support.displayManager.auto.user = "alice"; programs.xss-lock = { enable = true; diff --git a/nixos/tests/yabar.nix b/nixos/tests/yabar.nix index 9108004d4df..b374ef29680 100644 --- a/nixos/tests/yabar.nix +++ b/nixos/tests/yabar.nix @@ -11,7 +11,7 @@ with lib; machine = { imports = [ ./common/x11.nix ./common/user-account.nix ]; - services.xserver.displayManager.auto.user = "bob"; + test-support.displayManager.auto.user = "bob"; programs.yabar.enable = true; programs.yabar.bars = { -- cgit 1.4.1