From 44b15ba8ede750e99676a899432d09abd96f9fd6 Mon Sep 17 00:00:00 2001 From: Colin Date: Fri, 14 Jul 2023 23:56:01 +0000 Subject: [PATCH] users: apply default permissions to any user who goes through the sane.users module --- hosts/common/users/colin.nix | 7 ------- hosts/common/users/guest.nix | 4 ++-- modules/users.nix | 7 ++++++- 3 files changed, 8 insertions(+), 10 deletions(-) diff --git a/hosts/common/users/colin.nix b/hosts/common/users/colin.nix index 955aa8b8..f5448c23 100644 --- a/hosts/common/users/colin.nix +++ b/hosts/common/users/colin.nix @@ -52,13 +52,6 @@ sane.users.colin = { default = true; - # ensure ~ perms are known to sane.fs module. - # TODO: this is generic enough to be lifted up into sane.fs itself. - fs."/".dir.acl = { - user = "colin"; - group = config.users.users.colin.group; - mode = config.users.users.colin.homeMode; - }; persist.plaintext = [ "archive" diff --git a/hosts/common/users/guest.nix b/hosts/common/users/guest.nix index cdbaccde..c14fec01 100644 --- a/hosts/common/users/guest.nix +++ b/hosts/common/users/guest.nix @@ -11,8 +11,8 @@ in }; }; - config = { - users.users.guest = lib.mkIf cfg.enable { + config = lib.mkIf cfg.enable { + users.users.guest = { isNormalUser = true; home = "/home/guest"; subUidRanges = [ diff --git a/modules/users.nix b/modules/users.nix index a1110c1d..9ccfa606 100644 --- a/modules/users.nix +++ b/modules/users.nix @@ -40,7 +40,7 @@ let }; }; }; - userModule = types.submodule ({ name, config, ... }: { + userModule = let nixConfig = config; in types.submodule ({ name, config, ... }: { options = userOptions.options // { default = mkOption { type = types.bool; @@ -63,6 +63,11 @@ let # if we're the default user, inherit whatever settings were routed to the default user (mkIf config.default sane-user-cfg) { + fs."/".dir.acl = { + user = name; + group = nixConfig.users.users."${name}".group; + mode = nixConfig.users.users."${name}".homeMode; + }; fs.".profile".symlink.text = let env = lib.mapAttrsToList