ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-10-05 12:08:02 +03:00
Code Issues Projects Releases Wiki Activity

nixos/users-groups: avoid top level with lib; use lib before builtins (#327757)

Browse Source
This commit is contained in:
Philip Taron 2024-07-17 11:00:54 -07:00 committed by GitHub
parent 0f926b7396
commit 1438803fb5
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 48 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
nixos/modules/config/users-groups.nix
View File

@ -1,8 +1,43 @@
{ config, lib, utils, pkgs, ... }:
with lib;
let
inherit (lib)
any
attrNames
attrValues
concatMap
concatStrings
elem
filter
filterAttrs
flatten
flip
foldr
getAttr
hasAttr
id
length
listToAttrs
literalExpression
mapAttrs'
mapAttrsToList
match
mkAliasOptionModuleMD
mkDefault
mkIf
mkMerge
mkOption
mkRenamedOptionModule
optional
optionals
sort
stringAfter
stringLength
trace
types
xor
;
ids = config.ids;
cfg = config.users;
@ -55,7 +90,7 @@ let
name = mkOption {
type = types.passwdEntry types.str;
apply = x: assert (builtins.stringLength x < 32 || abort "Username '${x}' is longer than 31 characters which is not allowed!"); x;
apply = x: assert (stringLength x < 32 || abort "Username '${x}' is longer than 31 characters which is not allowed!"); x;
description = ''
The name of the user account. If undefined, the name of the
attribute set will be used.
@ -113,7 +148,7 @@ let
group = mkOption {
type = types.str;
apply = x: assert (builtins.stringLength x < 32 || abort "Group name '${x}' is longer than 31 characters which is not allowed!"); x;
apply = x: assert (stringLength x < 32 || abort "Group name '${x}' is longer than 31 characters which is not allowed!"); x;
default = "";
description = "The user's primary group.";
};
@ -462,13 +497,13 @@ let
idsAreUnique = set: idAttr: !(foldr (name: args@{ dup, acc }:
let
id = builtins.toString (builtins.getAttr idAttr (builtins.getAttr name set));
exists = builtins.hasAttr id acc;
newAcc = acc // (builtins.listToAttrs [ { name = id; value = true; } ]);
id = toString (getAttr idAttr (getAttr name set));
exists = hasAttr id acc;
newAcc = acc // (listToAttrs [ { name = id; value = true; } ]);
in if dup then args else if exists
then builtins.trace "Duplicate ${idAttr} ${id}" { dup = true; acc = null; }
then trace "Duplicate ${idAttr} ${id}" { dup = true; acc = null; }
else { dup = false; acc = newAcc; }
) { dup = false; acc = {}; } (builtins.attrNames set)).dup;
) { dup = false; acc = {}; } (attrNames set)).dup;
uidsAreUnique = idsAreUnique (filterAttrs (n: u: u.uid != null) cfg.users) "uid";
gidsAreUnique = idsAreUnique (filterAttrs (n: g: g.gid != null) cfg.groups) "gid";
@ -696,7 +731,7 @@ in {
'';
} else ""; # keep around for backwards compatibility
systemd.services.linger-users = lib.mkIf ((builtins.length lingeringUsers) > 0) {
systemd.services.linger-users = lib.mkIf ((length lingeringUsers) > 0) {
wantedBy = ["multi-user.target"];
after = ["systemd-logind.service"];
requires = ["systemd-logind.service"];
@ -862,7 +897,7 @@ in {
[
{
assertion = (user.hashedPassword != null)
-> (builtins.match ".*:.*" user.hashedPassword == null);
-> (match ".*:.*" user.hashedPassword == null);
message = ''
The password hash of user "${user.name}" contains a ":" character.
This is invalid and would break the login system because the fields
@ -927,7 +962,7 @@ in {
given above which can lead to surprising results. To resolve this warning,
set at most one of the options above to a non-`null` value.
'')
++ builtins.filter (x: x != null) (
++ filter (x: x != null) (
flip mapAttrsToList cfg.users (_: user:
# This regex matches a subset of the Modular Crypto Format (MCF)[1]
# informal standard. Since this depends largely on the OS or the
@ -950,7 +985,7 @@ in {
in
if (allowsLogin user.hashedPassword
&& user.hashedPassword != "" # login without password
&& builtins.match mcf user.hashedPassword == null)
&& match mcf user.hashedPassword == null)
then ''
The password hash of user "${user.name}" may be invalid. You must set a
valid hash or the user will be locked out of their account. Please