Remove Some Static IDs (#367563) · tjh.dev/nixpkgs@4af8ef3

tjh.dev / nixpkgs

fork atom

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

fork atom

Remove Some Static IDs (#367563)

authored by

Ramses and committed by

GitHub 1 year ago 4af8ef3c 631ac7fa

+13 -12

4 changed files

expand all

unified split

OWNERS

nixos

modules

hardware

uinput.nix

misc

ids.nix

services

misc

whisparr.nix

ci/OWNERS

··· 102 /nixos/default.nix @infinisil 103 /nixos/lib/from-env.nix @infinisil 104 /nixos/lib/eval-config.nix @infinisil 105 /nixos/modules/system/activation/bootspec.nix @grahamc @cole-h @raitobezarius 106 /nixos/modules/system/activation/bootspec.cue @grahamc @cole-h @raitobezarius 107

··· 102 /nixos/default.nix @infinisil 103 /nixos/lib/from-env.nix @infinisil 104 /nixos/lib/eval-config.nix @infinisil 105 + /nixos/modules/misc/ids.nix @R-VdP 106 /nixos/modules/system/activation/bootspec.nix @grahamc @cole-h @raitobezarius 107 /nixos/modules/system/activation/bootspec.cue @grahamc @cole-h @raitobezarius 108

+1 -1

nixos/modules/hardware/uinput.nix

··· 11 config = lib.mkIf cfg.enable { 12 boot.kernelModules = [ "uinput" ]; 13 14 - users.groups.uinput.gid = config.ids.gids.uinput; 15 16 services.udev.extraRules = '' 17 SUBSYSTEM=="misc", KERNEL=="uinput", MODE="0660", GROUP="uinput", OPTIONS+="static_node=uinput"

··· 11 config = lib.mkIf cfg.enable { 12 boot.kernelModules = [ "uinput" ]; 13 14 + users.groups.uinput = { }; 15 16 services.udev.extraRules = '' 17 SUBSYSTEM=="misc", KERNEL=="uinput", MODE="0660", GROUP="uinput", OPTIONS+="static_node=uinput"

+9 -9

nixos/modules/misc/ids.nix

··· 2 # central list to prevent id collisions. 3 4 # IMPORTANT! 5 - # We only add static uids and gids for services where it is not feasible 6 - # to change uids/gids on service start, for example a service with a lot of 7 - # files. Please also check if the service is applicable for systemd's 8 - # DynamicUser option and does not need a uid/gid allocation at all. 9 - # Systemd can also change ownership of service directories using the 10 - # RuntimeDirectory/StateDirectory options. 11 12 { lib, ... }: 13 ··· 355 rstudio-server = 324; 356 localtimed = 325; 357 automatic-timezoned = 326; 358 - whisparr = 328; 359 360 # When adding a uid, make sure it doesn't match an existing gid. 361 # ··· 683 rstudio-server = 324; 684 localtimed = 325; 685 automatic-timezoned = 326; 686 - uinput = 327; 687 - whisparr = 328; 688 689 # When adding a gid, make sure it doesn't match an existing 690 # uid. Users and groups with the same name should have equal

··· 2 # central list to prevent id collisions. 3 4 # IMPORTANT! 5 + # 6 + # https://github.com/NixOS/rfcs/blob/master/rfcs/0052-dynamic-ids.md 7 + # 8 + # Use of static ids is deprecated within NixOS. Dynamic allocation is 9 + # required, barring special circumstacnes. Please check if the service 10 + # is applicable for systemd's DynamicUser option and does not need a 11 + # uid/gid allocation at all. Systemd can also change ownership of 12 + # service directories using the RuntimeDirectory/StateDirectory 13 + # options. 14 15 { lib, ... }: 16 ··· 358 rstudio-server = 324; 359 localtimed = 325; 360 automatic-timezoned = 326; 361 362 # When adding a uid, make sure it doesn't match an existing gid. 363 # ··· 685 rstudio-server = 324; 686 localtimed = 325; 687 automatic-timezoned = 326; 688 689 # When adding a gid, make sure it doesn't match an existing 690 # uid. Users and groups with the same name should have equal

+2 -2

nixos/modules/services/misc/whisparr.nix

··· 64 whisparr = { 65 group = cfg.group; 66 home = cfg.dataDir; 67 - uid = config.ids.uids.whisparr; 68 }; 69 }; 70 71 - users.groups = lib.mkIf (cfg.group == "whisparr") { whisparr.gid = config.ids.gids.whisparr; }; 72 }; 73 }

··· 64 whisparr = { 65 group = cfg.group; 66 home = cfg.dataDir; 67 + isSystemUser = true; 68 }; 69 }; 70 71 + users.groups.whisparr = lib.mkIf (cfg.group == "whisparr") { }; 72 }; 73 }