From dba1d48b7897c49e5df9430c6b60f17e03ec361e Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 29 May 2009 14:25:56 +0000 Subject: [PATCH] * Move the uid/gid mappings into a module. This allows other modules to use it through config.ids.{uids,gids} rather than `import relative-path/ids.nix'. svn path=/nixos/branches/modular-nixos/; revision=15796 --- modules/config/users-groups.nix | 2 +- {system => modules/misc}/ids.nix | 32 +++++++++++-- modules/module-list.nix | 1 + modules/services/audio/alsa.nix | 2 +- modules/services/audio/pulseaudio.nix | 9 ++-- modules/services/hardware/hal.nix | 4 +- modules/services/mail/dovecot.nix | 5 +-- modules/services/mail/postfix.nix | 7 ++- .../services/monitoring/nagios/default.nix | 2 +- modules/services/monitoring/zabbix-agent.nix | 2 +- modules/services/monitoring/zabbix-server.nix | 2 +- modules/services/networking/avahi-daemon.nix | 4 +- modules/services/networking/bitlbee.nix | 45 +++++++++---------- modules/services/networking/gnunet.nix | 2 +- modules/services/networking/ntpd.nix | 2 +- modules/services/networking/portmap.nix | 4 +- modules/services/networking/ssh/sshd.nix | 4 +- modules/services/networking/vsftpd.nix | 6 +-- modules/services/scheduling/atd.nix | 4 +- modules/services/system/dbus.nix | 2 +- modules/services/system/nscd.nix | 2 +- modules/services/web-servers/tomcat.nix | 4 +- 22 files changed, 83 insertions(+), 64 deletions(-) rename {system => modules/misc}/ids.nix (66%) diff --git a/modules/config/users-groups.nix b/modules/config/users-groups.nix index 9acaae17db9..bd32fcafd83 100644 --- a/modules/config/users-groups.nix +++ b/modules/config/users-groups.nix @@ -41,7 +41,7 @@ in ###### implementation let - ids = import ../../system/ids.nix; + ids = config.ids; # User accounts to be created/updated by NixOS. users = diff --git a/system/ids.nix b/modules/misc/ids.nix similarity index 66% rename from system/ids.nix rename to modules/misc/ids.nix index a950ec84db1..79121ae0c1f 100644 --- a/system/ids.nix +++ b/modules/misc/ids.nix @@ -1,6 +1,32 @@ -{ +# This module defines the global list of uids and gids. We keep a +# central list to prevent id collissions. - uids = { +{config, pkgs, ...}: + +let + + options = { + + ids.uids = pkgs.lib.mkOption { + description = '' + The user IDs used in NixOS. + ''; + }; + + ids.gids = pkgs.lib.mkOption { + description = '' + The group IDs used in NixOS. + ''; + }; + + }; + +in + +{ + require = options; + + ids.uids = { root = 0; nscd = 1; sshd = 2; @@ -25,7 +51,7 @@ nobody = 65534; }; - gids = { + ids.gids = { root = 0; wheel = 1; kmem = 2; diff --git a/modules/module-list.nix b/modules/module-list.nix index 6fc36d30369..c6b2d930e5c 100644 --- a/modules/module-list.nix +++ b/modules/module-list.nix @@ -14,6 +14,7 @@ ./installer/tools/nixos-checkout.nix ./installer/tools/tools.nix ./misc/assertions.nix + ./misc/ids.nix ./misc/locate.nix ./programs/bash/bash.nix ./programs/info.nix diff --git a/modules/services/audio/alsa.nix b/modules/services/audio/alsa.nix index 51c2e924438..47c639359f4 100644 --- a/modules/services/audio/alsa.nix +++ b/modules/services/audio/alsa.nix @@ -34,7 +34,7 @@ let # not used (e.g., doesn't own any devices). group = { name = "audio"; - gid = (import ../../../system/ids.nix).gids.audio; + gid = config.ids.gids.audio; }; job = { diff --git a/modules/services/audio/pulseaudio.nix b/modules/services/audio/pulseaudio.nix index a32f4e38228..a63b58ca538 100644 --- a/modules/services/audio/pulseaudio.nix +++ b/modules/services/audio/pulseaudio.nix @@ -4,8 +4,8 @@ let inherit (pkgs.lib) mkOption mkIf; - uid = (import ../../../system/ids.nix).uids.pulseaudio; - gid = (import ../../../system/ids.nix).gids.pulseaudio; + uid = config.ids.uids.pulseaudio; + gid = config.ids.gids.pulseaudio; options = { services = { @@ -36,8 +36,6 @@ in ###### implementation -# For some reason, PulseAudio wants UID == GID. -assert uid == gid; mkIf config.services.pulseaudio.enable { require = [ @@ -51,7 +49,8 @@ mkIf config.services.pulseaudio.enable { users = { extraUsers = [ { name = "pulse"; - inherit uid; + # For some reason, PulseAudio wants UID == GID. + uid = assert uid == gid; uid; group = "pulse"; description = "PulseAudio system-wide daemon"; home = "/var/run/pulse"; diff --git a/modules/services/hardware/hal.nix b/modules/services/hardware/hal.nix index 4a12973b853..475ba7299d7 100644 --- a/modules/services/hardware/hal.nix +++ b/modules/services/hardware/hal.nix @@ -36,13 +36,13 @@ let user = { name = "haldaemon"; - uid = (import ../../../system/ids.nix).uids.haldaemon; + uid = config.ids.uids.haldaemon; description = "HAL daemon user"; }; group = { name = "haldaemon"; - gid = (import ../../../system/ids.nix).gids.haldaemon; + gid = config.ids.gids.haldaemon; }; fdi = diff --git a/modules/services/mail/dovecot.nix b/modules/services/mail/dovecot.nix index 7bc091deba7..33675efef7a 100644 --- a/modules/services/mail/dovecot.nix +++ b/modules/services/mail/dovecot.nix @@ -44,7 +44,6 @@ let startingDependency = if config.services.gw6c.enable then "gw6c" else "network-interfaces"; cfg = config.services.dovecot; - idList = import ../../../system/ids.nix; dovecotConf = '' @@ -112,13 +111,13 @@ mkIf config.services.dovecot.enable { users = { extraUsers = [{ name = cfg.user; - uid = idList.uids.dovecot; + uid = config.ids.uids.dovecot; description = "Dovecot user"; group = cfg.group; }]; extraGroups = [{ name = cfg.group; - gid = idList.gids.dovecot; + gid = config.ids.gids.dovecot; }]; }; diff --git a/modules/services/mail/postfix.nix b/modules/services/mail/postfix.nix index b92bef666a0..9e1ec488ae2 100644 --- a/modules/services/mail/postfix.nix +++ b/modules/services/mail/postfix.nix @@ -156,7 +156,6 @@ let user = cfg.user; group = cfg.group; setgidGroup = cfg.setgidGroup; - idList = import ../../../system/ids.nix; optionalString = pkgs.lib.optionalString; concatStringsSep = pkgs.lib.concatStringsSep; @@ -270,17 +269,17 @@ mkIf config.services.postfix.enable { extraUsers = [ { name = user; description = "Postfix mail server user"; - uid = idList.uids.postfix; + uid = config.ids.uids.postfix; group = group; } ]; extraGroups = [ { name = group; - gid = idList.gids.postfix; + gid = config.ids.gids.postfix; } { name = setgidGroup; - gid = idList.gids.postdrop; + gid = config.ids.gids.postdrop; } ]; }; diff --git a/modules/services/monitoring/nagios/default.nix b/modules/services/monitoring/nagios/default.nix index c88f486a787..079f5f1342e 100644 --- a/modules/services/monitoring/nagios/default.nix +++ b/modules/services/monitoring/nagios/default.nix @@ -137,7 +137,7 @@ let user = { name = nagiosUser; - uid = (import ../../../../system/ids.nix).uids.nagios; + uid = config.ids.uids.nagios; description = "Nagios monitoring daemon"; home = nagiosState; }; diff --git a/modules/services/monitoring/zabbix-agent.nix b/modules/services/monitoring/zabbix-agent.nix index 402e57d21b5..70e6a73277b 100644 --- a/modules/services/monitoring/zabbix-agent.nix +++ b/modules/services/monitoring/zabbix-agent.nix @@ -52,7 +52,7 @@ let user = { name = "zabbix"; - uid = (import ../../../system/ids.nix).uids.zabbix; + uid = config.ids.uids.zabbix; description = "Zabbix daemon user"; }; diff --git a/modules/services/monitoring/zabbix-server.nix b/modules/services/monitoring/zabbix-server.nix index 265565ba602..198b040f10e 100644 --- a/modules/services/monitoring/zabbix-server.nix +++ b/modules/services/monitoring/zabbix-server.nix @@ -42,7 +42,7 @@ let user = { name = "zabbix"; - uid = (import ../../../system/ids.nix).uids.zabbix; + uid = config.ids.uids.zabbix; description = "Zabbix daemon user"; }; diff --git a/modules/services/networking/avahi-daemon.nix b/modules/services/networking/avahi-daemon.nix index 9ba55f2076c..bfef7c508cf 100644 --- a/modules/services/networking/avahi-daemon.nix +++ b/modules/services/networking/avahi-daemon.nix @@ -93,14 +93,14 @@ let user = { name = "avahi"; - uid = (import ../system/ids.nix).uids.avahi; + uid = config.ids.uids.avahi; description = "`avahi-daemon' privilege separation user"; home = "/var/empty"; }; group = { name = "avahi"; - gid = (import ../system/ids.nix).gids.avahi; + gid = config.ids.gids.avahi; }; job = { diff --git a/modules/services/networking/bitlbee.nix b/modules/services/networking/bitlbee.nix index a1cc1a87861..e1ab633349c 100644 --- a/modules/services/networking/bitlbee.nix +++ b/modules/services/networking/bitlbee.nix @@ -41,15 +41,13 @@ in ###### implementation let - bitlbeeUid = (import ../system/ids.nix).uids.bitlbee; + bitlbeeUid = config.ids.uids.bitlbee; inherit (config.services.bitlbee) portNumber interface; in mkIf config.services.bitlbee.enable { - require = [ - options - ]; + require = options; users = { extraUsers = [ @@ -62,32 +60,31 @@ mkIf config.services.bitlbee.enable { extraGroups = [ { name = "bitlbee"; - gid = (import ../system/ids.nix).gids.bitlbee; + gid = config.ids.gids.bitlbee; } ]; }; - services = { - extraJobs = [{ - name = "bitlbee"; + services.extraJobs = [{ + name = "bitlbee"; - job = '' - description "BitlBee IRC to other chat networks gateway" + job = '' + description "BitlBee IRC to other chat networks gateway" - start on network-interfaces/started - stop on network-interfaces/stop + start on network-interfaces/started + stop on network-interfaces/stop - start script - if ! test -d /var/lib/bitlbee - then - mkdir -p /var/lib/bitlbee - fi - end script + start script + if ! test -d /var/lib/bitlbee + then + mkdir -p /var/lib/bitlbee + fi + end script - respawn ${pkgs.bitlbee}/sbin/bitlbee -F -p ${toString portNumber} \ - -i ${interface} -u bitlbee - ''; - - }]; - }; + respawn ${pkgs.bitlbee}/sbin/bitlbee -F -p ${toString portNumber} \ + -i ${interface} -u bitlbee + ''; + }]; + + environment.systemPackages = pkgs.bitlbee; } diff --git a/modules/services/networking/gnunet.nix b/modules/services/networking/gnunet.nix index 5fe7579d8fe..57e3b3d8c96 100644 --- a/modules/services/networking/gnunet.nix +++ b/modules/services/networking/gnunet.nix @@ -154,7 +154,7 @@ mkIf config.services.gnunet.enable { users = { extraUsers = [ { name = "gnunetd"; - uid = (import ../system/ids.nix).uids.gnunetd; + uid = config.ids.uids.gnunetd; description = "GNUnet Daemon User"; home = "/var/empty"; } diff --git a/modules/services/networking/ntpd.nix b/modules/services/networking/ntpd.nix index b7723347ea3..f2c8e1a7a3a 100644 --- a/modules/services/networking/ntpd.nix +++ b/modules/services/networking/ntpd.nix @@ -72,7 +72,7 @@ mkIf config.services.ntp.enable { users = [ { name = ntpUser; - uid = (import ../../../system/ids.nix).uids.ntp; + uid = config.ids.uids.ntp; description = "NTP daemon user"; home = stateDir; } diff --git a/modules/services/networking/portmap.nix b/modules/services/networking/portmap.nix index 74f2fd68e79..5583108f894 100644 --- a/modules/services/networking/portmap.nix +++ b/modules/services/networking/portmap.nix @@ -37,8 +37,8 @@ in ###### implementation -let uid = (import ../../../system/ids.nix).uids.portmap; - gid = (import ../../../system/ids.nix).gids.portmap; +let uid = config.ids.uids.portmap; + gid = config.ids.gids.portmap; in mkIf config.services.portmap.enable { diff --git a/modules/services/networking/ssh/sshd.nix b/modules/services/networking/ssh/sshd.nix index a50bafac236..e2bda953d72 100644 --- a/modules/services/networking/ssh/sshd.nix +++ b/modules/services/networking/ssh/sshd.nix @@ -85,8 +85,6 @@ let ''; - sshdUid = (import ../../../../system/ids.nix).uids.sshd; - # !!! is this assertion evaluated anywhere??? assertion = cfg.permitRootLogin == "yes" || cfg.permitRootLogin == "without-password" || @@ -104,7 +102,7 @@ mkIf config.services.sshd.enable { users = { extraUsers = [ { name = "sshd"; - uid = (import ../../../../system/ids.nix).uids.sshd; + uid = config.ids.uids.sshd; description = "SSH privilege separation user"; home = "/var/empty"; } diff --git a/modules/services/networking/vsftpd.nix b/modules/services/networking/vsftpd.nix index 753fde465d7..5f8a06cbbb5 100644 --- a/modules/services/networking/vsftpd.nix +++ b/modules/services/networking/vsftpd.nix @@ -95,13 +95,13 @@ mkIf config.services.vsftpd.enable { users = { extraUsers = [ { name = "vsftpd"; - uid = (import ../../../system/ids.nix).uids.vsftpd; + uid = config.ids.uids.vsftpd; description = "VSFTPD user"; home = "/homeless-shelter"; } ] ++ pkgs.lib.optional anonymousUser { name = "ftp"; - uid = (import ../../../system/ids.nix).uids.ftp; + uid = config.ids.uids.ftp; group = "ftp"; description = "Anonymous ftp user"; home = "/home/ftp"; @@ -109,7 +109,7 @@ mkIf config.services.vsftpd.enable { extraGroups = [ { name = "ftp"; - gid = (import ../../../system/ids.nix).gids.ftp; + gid = config.ids.gids.ftp; } ]; diff --git a/modules/services/scheduling/atd.nix b/modules/services/scheduling/atd.nix index bf5861d8e4f..bb85c5994be 100644 --- a/modules/services/scheduling/atd.nix +++ b/modules/services/scheduling/atd.nix @@ -37,14 +37,14 @@ let user = { name = "atd"; - uid = (import ../../../system/ids.nix).uids.atd; + uid = config.ids.uids.atd; description = "atd user"; home = "/var/empty"; }; group = { name = "atd"; - gid = (import ../../../system/ids.nix).gids.atd; + gid = config.ids.gids.atd; }; job = '' diff --git a/modules/services/system/dbus.nix b/modules/services/system/dbus.nix index b277a5e95c1..f3d56e9239c 100644 --- a/modules/services/system/dbus.nix +++ b/modules/services/system/dbus.nix @@ -55,7 +55,7 @@ let user = { name = "messagebus"; - uid = (import ../../../system/ids.nix).uids.messagebus; + uid = config.ids.uids.messagebus; description = "D-Bus system message bus daemon user"; home = homeDir; }; diff --git a/modules/services/system/nscd.nix b/modules/services/system/nscd.nix index d2b01876e85..da1e5bec2bc 100644 --- a/modules/services/system/nscd.nix +++ b/modules/services/system/nscd.nix @@ -13,7 +13,7 @@ in users = [ { name = "nscd"; - uid = (import ../../../system/ids.nix).uids.nscd; + uid = config.ids.uids.nscd; description = "Name service cache daemon user"; } ]; diff --git a/modules/services/web-servers/tomcat.nix b/modules/services/web-servers/tomcat.nix index 592fd0fcbf5..e873c1cf4a2 100644 --- a/modules/services/web-servers/tomcat.nix +++ b/modules/services/web-servers/tomcat.nix @@ -73,13 +73,13 @@ mkIf config.services.tomcat.enable { groups = [ { name = "tomcat"; - gid = (import ../../../system/ids.nix).gids.tomcat; + gid = config.ids.gids.tomcat; } ]; users = [ { name = "tomcat"; - uid = (import ../../../system/ids.nix).uids.tomcat; + uid = config.ids.uids.tomcat; description = "Tomcat user"; home = "/homeless-shelter"; }