Remove Some Static IDs (#367563) · tjh.dev/nixpkgs@4af8ef3

tjh.dev / nixpkgs

fork atom

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

fork atom

Remove Some Static IDs (#367563)

authored by

Ramses and committed by

GitHub 1 year ago 4af8ef3c 631ac7fa

+13 -12

4 changed files

expand all

unified split

OWNERS

nixos

modules

hardware

uinput.nix

misc

ids.nix

services

misc

whisparr.nix

ci/OWNERS

··· 102 102 /nixos/default.nix @infinisil 103 103 /nixos/lib/from-env.nix @infinisil 104 104 /nixos/lib/eval-config.nix @infinisil 105 + /nixos/modules/misc/ids.nix @R-VdP 105 106 /nixos/modules/system/activation/bootspec.nix @grahamc @cole-h @raitobezarius 106 107 /nixos/modules/system/activation/bootspec.cue @grahamc @cole-h @raitobezarius 107 108

+1 -1

nixos/modules/hardware/uinput.nix

··· 11 11 config = lib.mkIf cfg.enable { 12 12 boot.kernelModules = [ "uinput" ]; 13 13 14 - users.groups.uinput.gid = config.ids.gids.uinput; 14 + users.groups.uinput = { }; 15 15 16 16 services.udev.extraRules = '' 17 17 SUBSYSTEM=="misc", KERNEL=="uinput", MODE="0660", GROUP="uinput", OPTIONS+="static_node=uinput"

+9 -9

nixos/modules/misc/ids.nix

··· 2 2 # central list to prevent id collisions. 3 3 4 4 # IMPORTANT! 5 - # We only add static uids and gids for services where it is not feasible 6 - # to change uids/gids on service start, for example a service with a lot of 7 - # files. Please also check if the service is applicable for systemd's 8 - # DynamicUser option and does not need a uid/gid allocation at all. 9 - # Systemd can also change ownership of service directories using the 10 - # RuntimeDirectory/StateDirectory options. 5 + # 6 + # https://github.com/NixOS/rfcs/blob/master/rfcs/0052-dynamic-ids.md 7 + # 8 + # Use of static ids is deprecated within NixOS. Dynamic allocation is 9 + # required, barring special circumstacnes. Please check if the service 10 + # is applicable for systemd's DynamicUser option and does not need a 11 + # uid/gid allocation at all. Systemd can also change ownership of 12 + # service directories using the RuntimeDirectory/StateDirectory 13 + # options. 11 14 12 15 { lib, ... }: 13 16 ··· 355 358 rstudio-server = 324; 356 359 localtimed = 325; 357 360 automatic-timezoned = 326; 358 - whisparr = 328; 359 361 360 362 # When adding a uid, make sure it doesn't match an existing gid. 361 363 # ··· 683 685 rstudio-server = 324; 684 686 localtimed = 325; 685 687 automatic-timezoned = 326; 686 - uinput = 327; 687 - whisparr = 328; 688 688 689 689 # When adding a gid, make sure it doesn't match an existing 690 690 # uid. Users and groups with the same name should have equal

+2 -2

nixos/modules/services/misc/whisparr.nix

··· 64 64 whisparr = { 65 65 group = cfg.group; 66 66 home = cfg.dataDir; 67 - uid = config.ids.uids.whisparr; 67 + isSystemUser = true; 68 68 }; 69 69 }; 70 70 71 - users.groups = lib.mkIf (cfg.group == "whisparr") { whisparr.gid = config.ids.gids.whisparr; }; 71 + users.groups.whisparr = lib.mkIf (cfg.group == "whisparr") { }; 72 72 }; 73 73 }