dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

* Move the uid/gid mappings into a module. This allows other modules

Browse Source 
to use it through config.ids.{uids,gids} rather than `import
  relative-path/ids.nix'.

svn path=/nixos/branches/modular-nixos/; revision=15796
This commit is contained in:
Eelco Dolstra 2009-05-29 14:25:56 +00:00
parent c4f50d85cb
commit dba1d48b78
22 changed files with 83 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
modules/config/users-groups.nix
View File

@ -41,7 +41,7 @@ in
###### implementation
let
ids = import ../../system/ids.nix;
ids = config.ids;
# User accounts to be created/updated by NixOS.
users =

32
system/ids.nix → modules/misc/ids.nix
View File

@ -1,6 +1,32 @@
{
# This module defines the global list of uids and gids. We keep a
# central list to prevent id collissions.
uids = {
{config, pkgs, ...}:
let
options = {
ids.uids = pkgs.lib.mkOption {
description = ''
The user IDs used in NixOS.
'';
};
ids.gids = pkgs.lib.mkOption {
description = ''
The group IDs used in NixOS.
'';
};
};
in
{
require = options;
ids.uids = {
root = 0;
nscd = 1;
sshd = 2;
@ -25,7 +51,7 @@
nobody = 65534;
};
gids = {
ids.gids = {
root = 0;
wheel = 1;
kmem = 2;

1
modules/module-list.nix
View File

@ -14,6 +14,7 @@
./installer/tools/nixos-checkout.nix
./installer/tools/tools.nix
./misc/assertions.nix
./misc/ids.nix
./misc/locate.nix
./programs/bash/bash.nix
./programs/info.nix

2
modules/services/audio/alsa.nix
View File

@ -34,7 +34,7 @@ let
# not used (e.g., doesn't own any devices).
group = {
name = "audio";
gid = (import ../../../system/ids.nix).gids.audio;
gid = config.ids.gids.audio;
};
job = {

9
modules/services/audio/pulseaudio.nix
View File

@ -4,8 +4,8 @@
let
inherit (pkgs.lib) mkOption mkIf;
uid = (import ../../../system/ids.nix).uids.pulseaudio;
gid = (import ../../../system/ids.nix).gids.pulseaudio;
uid = config.ids.uids.pulseaudio;
gid = config.ids.gids.pulseaudio;
options = {
services = {
@ -36,8 +36,6 @@ in
###### implementation
# For some reason, PulseAudio wants UID == GID.
assert uid == gid;
mkIf config.services.pulseaudio.enable {
require = [
@ -51,7 +49,8 @@ mkIf config.services.pulseaudio.enable {
users = {
extraUsers = [
{ name = "pulse";
inherit uid;
# For some reason, PulseAudio wants UID == GID.
uid = assert uid == gid; uid;
group = "pulse";
description = "PulseAudio system-wide daemon";
home = "/var/run/pulse";

4
modules/services/hardware/hal.nix
View File

@ -36,13 +36,13 @@ let
user = {
name = "haldaemon";
uid = (import ../../../system/ids.nix).uids.haldaemon;
uid = config.ids.uids.haldaemon;
description = "HAL daemon user";
};
group = {
name = "haldaemon";
gid = (import ../../../system/ids.nix).gids.haldaemon;
gid = config.ids.gids.haldaemon;
};
fdi =

5
modules/services/mail/dovecot.nix
View File

@ -44,7 +44,6 @@ let
startingDependency = if config.services.gw6c.enable then "gw6c" else "network-interfaces";
cfg = config.services.dovecot;
idList = import ../../../system/ids.nix;
dovecotConf =
''
@ -112,13 +111,13 @@ mkIf config.services.dovecot.enable {
users = {
extraUsers = [{
name = cfg.user;
uid = idList.uids.dovecot;
uid = config.ids.uids.dovecot;
description = "Dovecot user";
group = cfg.group;
}];
extraGroups = [{
name = cfg.group;
gid = idList.gids.dovecot;
gid = config.ids.gids.dovecot;
}];
};

7
modules/services/mail/postfix.nix
View File

@ -156,7 +156,6 @@ let
user = cfg.user;
group = cfg.group;
setgidGroup = cfg.setgidGroup;
idList = import ../../../system/ids.nix;
optionalString = pkgs.lib.optionalString;
concatStringsSep = pkgs.lib.concatStringsSep;
@ -270,17 +269,17 @@ mkIf config.services.postfix.enable {
extraUsers = [
{ name = user;
description = "Postfix mail server user";
uid = idList.uids.postfix;
uid = config.ids.uids.postfix;
group = group;
}
];
extraGroups = [
{ name = group;
gid = idList.gids.postfix;
gid = config.ids.gids.postfix;
}
{ name = setgidGroup;
gid = idList.gids.postdrop;
gid = config.ids.gids.postdrop;
}
];
};

2
modules/services/monitoring/nagios/default.nix
View File

@ -137,7 +137,7 @@ let
user = {
name = nagiosUser;
uid = (import ../../../../system/ids.nix).uids.nagios;
uid = config.ids.uids.nagios;
description = "Nagios monitoring daemon";
home = nagiosState;
};

2
modules/services/monitoring/zabbix-agent.nix
View File

@ -52,7 +52,7 @@ let
user = {
name = "zabbix";
uid = (import ../../../system/ids.nix).uids.zabbix;
uid = config.ids.uids.zabbix;
description = "Zabbix daemon user";
};

2
modules/services/monitoring/zabbix-server.nix
View File

@ -42,7 +42,7 @@ let
user = {
name = "zabbix";
uid = (import ../../../system/ids.nix).uids.zabbix;
uid = config.ids.uids.zabbix;
description = "Zabbix daemon user";
};

4
modules/services/networking/avahi-daemon.nix
View File

@ -93,14 +93,14 @@ let
user = {
name = "avahi";
uid = (import ../system/ids.nix).uids.avahi;
uid = config.ids.uids.avahi;
description = "`avahi-daemon' privilege separation user";
home = "/var/empty";
};
group = {
name = "avahi";
gid = (import ../system/ids.nix).gids.avahi;
gid = config.ids.gids.avahi;
};
job = {

45
modules/services/networking/bitlbee.nix
View File

@ -41,15 +41,13 @@ in
###### implementation
let
bitlbeeUid = (import ../system/ids.nix).uids.bitlbee;
bitlbeeUid = config.ids.uids.bitlbee;
inherit (config.services.bitlbee) portNumber interface;
in
mkIf config.services.bitlbee.enable {
require = [
options
];
require = options;
users = {
extraUsers = [
@ -62,32 +60,31 @@ mkIf config.services.bitlbee.enable {
extraGroups = [
{ name = "bitlbee";
gid = (import ../system/ids.nix).gids.bitlbee;
gid = config.ids.gids.bitlbee;
}
];
};
services = {
extraJobs = [{
name = "bitlbee";
services.extraJobs = [{
name = "bitlbee";
job = ''
description "BitlBee IRC to other chat networks gateway"
job = ''
description "BitlBee IRC to other chat networks gateway"
start on network-interfaces/started
stop on network-interfaces/stop
start on network-interfaces/started
stop on network-interfaces/stop
start script
if ! test -d /var/lib/bitlbee
then
mkdir -p /var/lib/bitlbee
fi
end script
start script
if ! test -d /var/lib/bitlbee
then
mkdir -p /var/lib/bitlbee
fi
end script
respawn ${pkgs.bitlbee}/sbin/bitlbee -F -p ${toString portNumber} \
-i ${interface} -u bitlbee
'';
}];
};
respawn ${pkgs.bitlbee}/sbin/bitlbee -F -p ${toString portNumber} \
-i ${interface} -u bitlbee
'';
}];
environment.systemPackages = pkgs.bitlbee;
}

2
modules/services/networking/gnunet.nix
View File

@ -154,7 +154,7 @@ mkIf config.services.gnunet.enable {
users = {
extraUsers = [
{ name = "gnunetd";
uid = (import ../system/ids.nix).uids.gnunetd;
uid = config.ids.uids.gnunetd;
description = "GNUnet Daemon User";
home = "/var/empty";
}

2
modules/services/networking/ntpd.nix
View File

@ -72,7 +72,7 @@ mkIf config.services.ntp.enable {
users = [
{ name = ntpUser;
uid = (import ../../../system/ids.nix).uids.ntp;
uid = config.ids.uids.ntp;
description = "NTP daemon user";
home = stateDir;
}

4
modules/services/networking/portmap.nix
View File

@ -37,8 +37,8 @@ in
###### implementation
let uid = (import ../../../system/ids.nix).uids.portmap;
gid = (import ../../../system/ids.nix).gids.portmap;
let uid = config.ids.uids.portmap;
gid = config.ids.gids.portmap;
in
mkIf config.services.portmap.enable {

4
modules/services/networking/ssh/sshd.nix
View File

@ -85,8 +85,6 @@ let
'';
sshdUid = (import ../../../../system/ids.nix).uids.sshd;
# !!! is this assertion evaluated anywhere???
assertion = cfg.permitRootLogin == "yes" ||
cfg.permitRootLogin == "without-password" ||
@ -104,7 +102,7 @@ mkIf config.services.sshd.enable {
users = {
extraUsers = [
{ name = "sshd";
uid = (import ../../../../system/ids.nix).uids.sshd;
uid = config.ids.uids.sshd;
description = "SSH privilege separation user";
home = "/var/empty";
}

6
modules/services/networking/vsftpd.nix
View File

@ -95,13 +95,13 @@ mkIf config.services.vsftpd.enable {
users = {
extraUsers = [
{ name = "vsftpd";
uid = (import ../../../system/ids.nix).uids.vsftpd;
uid = config.ids.uids.vsftpd;
description = "VSFTPD user";
home = "/homeless-shelter";
}
] ++ pkgs.lib.optional anonymousUser
{ name = "ftp";
uid = (import ../../../system/ids.nix).uids.ftp;
uid = config.ids.uids.ftp;
group = "ftp";
description = "Anonymous ftp user";
home = "/home/ftp";
@ -109,7 +109,7 @@ mkIf config.services.vsftpd.enable {
extraGroups = [
{ name = "ftp";
gid = (import ../../../system/ids.nix).gids.ftp;
gid = config.ids.gids.ftp;
}
];

4
modules/services/scheduling/atd.nix
View File

@ -37,14 +37,14 @@ let
user = {
name = "atd";
uid = (import ../../../system/ids.nix).uids.atd;
uid = config.ids.uids.atd;
description = "atd user";
home = "/var/empty";
};
group = {
name = "atd";
gid = (import ../../../system/ids.nix).gids.atd;
gid = config.ids.gids.atd;
};
job = ''

2
modules/services/system/dbus.nix
View File

@ -55,7 +55,7 @@ let
user = {
name = "messagebus";
uid = (import ../../../system/ids.nix).uids.messagebus;
uid = config.ids.uids.messagebus;
description = "D-Bus system message bus daemon user";
home = homeDir;
};

2
modules/services/system/nscd.nix
View File

@ -13,7 +13,7 @@ in
users = [
{ name = "nscd";
uid = (import ../../../system/ids.nix).uids.nscd;
uid = config.ids.uids.nscd;
description = "Name service cache daemon user";
}
];

4
modules/services/web-servers/tomcat.nix
View File

@ -73,13 +73,13 @@ mkIf config.services.tomcat.enable {
groups = [
{ name = "tomcat";
gid = (import ../../../system/ids.nix).gids.tomcat;
gid = config.ids.gids.tomcat;
}
];
users = [
{ name = "tomcat";
uid = (import ../../../system/ids.nix).uids.tomcat;
uid = config.ids.uids.tomcat;
description = "Tomcat user";
home = "/homeless-shelter";
}