3
0
Fork 0
forked from mirrors/nixpkgs
nixpkgs/system/users-groups.nix
Eelco Dolstra 2a4417d637 * make-etc / activate-configuration: allow /etc files to be installed
as regular files instead of symlinks to the store.
* Sudo configuration, enabled through security.sudo.enable (on by
  default).  The contents of the sudoers file is specified in
  security.sudo.configFile.  The default sudoers file allows members
  of the new "wheel" group to run any command.

svn path=/nixos/trunk/; revision=9138
2007-08-16 15:09:06 +00:00

85 lines
2.3 KiB
Nix

{pkgs, upstartJobs, defaultShell}:
let ids = import ./ids.nix; in
rec {
# System user accounts.
systemUsers =
let
jobUsers = pkgs.lib.concatLists (map (job: job.users) upstartJobs.jobs);
defaultUsers =
[
{ name = "root";
uid = ids.uids.root;
description = "System administrator";
home = "/root";
shell = defaultShell;
}
{ name = "nobody";
uid = ids.uids.nobody;
description = "Unprivileged account (don't use!)";
}
];
makeNixBuildUser = nr:
{ name = "nixbld${toString nr}";
description = "Nix build user ${toString nr}";
uid = builtins.add ids.uids.nixbld nr;
extraGroups = ["nixbld"];
};
nixBuildUsers = map makeNixBuildUser (pkgs.lib.range 1 10);
addAttrs =
{ name
, description
, uid ? ""
, group ? "nogroup"
, extraGroups ? []
, home ? "/var/empty"
, shell ? "/noshell"
}:
{ inherit name description uid group extraGroups home shell; };
in map addAttrs (defaultUsers ++ jobUsers ++ nixBuildUsers);
# System groups.
systemGroups =
let
jobGroups = pkgs.lib.concatLists (map (job: job.groups) upstartJobs.jobs);
defaultGroups =
[
{ name = "root";
gid = ids.gids.root;
}
{ name = "wheel";
gid = ids.gids.wheel;
}
{ name = "nogroup";
gid = ids.gids.nogroup;
}
{ name = "users";
gid = ids.gids.users;
}
{ name = "nixbld";
gid = ids.gids.nixbld;
}
];
addAttrs =
{ name, gid ? "" }:
{ inherit name gid; };
in map addAttrs (defaultGroups ++ jobGroups);
# Awful hackery necessary to pass the users/groups to the activation script.
createUsersGroups = ../helpers/create-users-groups.sh;
usersList = pkgs.writeText "users" (pkgs.lib.concatStrings (map (u: "${u.name}\n${u.description}\n${toString u.uid}\n${u.group}\n${toString u.extraGroups}\n${u.home}\n${u.shell}\n") systemUsers));
groupsList = pkgs.writeText "groups" (pkgs.lib.concatStrings (map (g: "${g.name}\n${toString g.gid}\n") systemGroups));
}