Merge pull request #138600 from austinbutler/tpm2-tss-group

nixos/tpm2: define group, fix after #133166
2021-09-20 18:34:39 +02:00 · 2021-09-20 18:34:39 +02:00 · 2fcef20cb1
parent f50fc9e7b2 f0fac59a17
commit 2fcef20cb1
3 changed files with 6 additions and 7 deletions
--- a/nixos/modules/misc/ids.nix
+++ b/nixos/modules/misc/ids.nix
@ -210,7 +210,7 @@ in
      #fleet = 173; # unused
      #input = 174; # unused
      sddm = 175;
-      tss = 176;
+      #tss = 176; # dynamically allocated as of 2021-09-17
      #memcached = 177; removed 2018-01-03
      #ntp = 179; # dynamically allocated as of 2021-09-17
      zabbix = 180;
@ -524,7 +524,7 @@ in
      #fleet = 173; # unused
      input = 174;
      sddm = 175;
-      tss = 176;
+      #tss = 176; #dynamically allocateda as of 2021-09-20
      #memcached = 177; # unused, removed 2018-01-03
      #ntp = 179; # unused
      zabbix = 180;
--- a/nixos/modules/security/tpm2.nix
+++ b/nixos/modules/security/tpm2.nix
@ -146,6 +146,7 @@ in {
      # Create the tss user and group only if the default value is used
      users.users.${cfg.tssUser} = lib.mkIf (cfg.tssUser == "tss") {
        isSystemUser = true;
        group = "tss";
      };
      users.groups.${cfg.tssGroup} = lib.mkIf (cfg.tssGroup == "tss") {};
@ -172,7 +173,7 @@ in {
          BusName = "com.intel.tss2.Tabrmd";
          ExecStart = "${cfg.abrmd.package}/bin/tpm2-abrmd";
          User = "tss";
-          Group = "nogroup";
+          Group = "tss";
        };
      };
--- a/nixos/modules/services/hardware/tcsd.nix
+++ b/nixos/modules/services/hardware/tcsd.nix
@ -149,12 +149,10 @@ in
    users.users = optionalAttrs (cfg.user == "tss") {
      tss = {
        group = "tss";
-        uid = config.ids.uids.tss;
+        isSystemUser = true;
      };
    };
-    users.groups = optionalAttrs (cfg.group == "tss") {
+    users.groups = optionalAttrs (cfg.group == "tss") { tss = {}; };
      tss.gid = config.ids.gids.tss;
    };
  };
 }