From 0cc87ab901909ae949d22caf071e446bed83e47a Mon Sep 17 00:00:00 2001 From: Leorize Date: Wed, 7 Dec 2022 18:31:05 -0600 Subject: [PATCH] nixos/systemd/userdbd: add method to enable service This is recommended to enable in conjunction with systemd-homed. --- nixos/modules/module-list.nix | 1 + nixos/modules/system/boot/systemd/userdbd.nix | 18 +++++++++++ nixos/tests/all-tests.nix | 1 + nixos/tests/systemd-userdbd.nix | 32 +++++++++++++++++++ 4 files changed, 52 insertions(+) create mode 100644 nixos/modules/system/boot/systemd/userdbd.nix create mode 100644 nixos/tests/systemd-userdbd.nix diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 9faa58409b19..587cb2319e97 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1275,6 +1275,7 @@ ./system/boot/systemd/shutdown.nix ./system/boot/systemd/tmpfiles.nix ./system/boot/systemd/user.nix + ./system/boot/systemd/userdbd.nix ./system/boot/timesyncd.nix ./system/boot/tmp.nix ./system/boot/uvesafb.nix diff --git a/nixos/modules/system/boot/systemd/userdbd.nix b/nixos/modules/system/boot/systemd/userdbd.nix new file mode 100644 index 000000000000..994aa3ca3b8c --- /dev/null +++ b/nixos/modules/system/boot/systemd/userdbd.nix @@ -0,0 +1,18 @@ +{ config, lib, ... }: + +let + cfg = config.services.userdbd; +in +{ + options.services.userdbd.enable = lib.mkEnableOption (lib.mdDoc '' + Enables the systemd JSON user/group record lookup service + ''); + config = lib.mkIf cfg.enable { + systemd.additionalUpstreamSystemUnits = [ + "systemd-userdbd.socket" + "systemd-userdbd.service" + ]; + + systemd.sockets.systemd-userdbd.wantedBy = [ "sockets.target" ]; + }; +} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 895cbe4290dc..31243f59bb98 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -636,6 +636,7 @@ in { systemd-shutdown = handleTest ./systemd-shutdown.nix {}; systemd-timesyncd = handleTest ./systemd-timesyncd.nix {}; systemd-misc = handleTest ./systemd-misc.nix {}; + systemd-userdbd = handleTest ./systemd-userdbd.nix {}; tandoor-recipes = handleTest ./tandoor-recipes.nix {}; taskserver = handleTest ./taskserver.nix {}; tayga = handleTest ./tayga.nix {}; diff --git a/nixos/tests/systemd-userdbd.nix b/nixos/tests/systemd-userdbd.nix new file mode 100644 index 000000000000..5d0233ffd9fb --- /dev/null +++ b/nixos/tests/systemd-userdbd.nix @@ -0,0 +1,32 @@ +import ./make-test-python.nix ({ pkgs, lib, ... }: { + name = "systemd-userdbd"; + nodes.machine = { config, pkgs, ... }: { + services.userdbd.enable = true; + + users.users.test-user-nss = { + isNormalUser = true; + }; + + environment.etc."userdb/test-user-dropin.user".text = builtins.toJSON { + userName = "test-user-dropin"; + }; + + environment.systemPackages = with pkgs; [ libvarlink ]; + }; + testScript = '' + import json + from shlex import quote + + def getUserRecord(name): + Interface = "unix:/run/systemd/userdb/io.systemd.Multiplexer/io.systemd.UserDatabase" + payload = json.dumps({ + "service": "io.systemd.Multiplexer", + "userName": name + }) + return json.loads(machine.succeed(f"varlink call {Interface}.GetUserRecord {quote(payload)}")) + + machine.wait_for_unit("systemd-userdbd.socket") + getUserRecord("test-user-nss") + getUserRecord("test-user-dropin") + ''; +})