users: apply default permissions to any user who goes through the sane.users module

This commit is contained in:
Colin 2023-07-14 23:56:01 +00:00
parent ab7068c819
commit 44b15ba8ed
3 changed files with 8 additions and 10 deletions

View File

@ -52,13 +52,6 @@
sane.users.colin = { sane.users.colin = {
default = true; default = true;
# ensure ~ perms are known to sane.fs module.
# TODO: this is generic enough to be lifted up into sane.fs itself.
fs."/".dir.acl = {
user = "colin";
group = config.users.users.colin.group;
mode = config.users.users.colin.homeMode;
};
persist.plaintext = [ persist.plaintext = [
"archive" "archive"

View File

@ -11,8 +11,8 @@ in
}; };
}; };
config = { config = lib.mkIf cfg.enable {
users.users.guest = lib.mkIf cfg.enable { users.users.guest = {
isNormalUser = true; isNormalUser = true;
home = "/home/guest"; home = "/home/guest";
subUidRanges = [ subUidRanges = [

View File

@ -40,7 +40,7 @@ let
}; };
}; };
}; };
userModule = types.submodule ({ name, config, ... }: { userModule = let nixConfig = config; in types.submodule ({ name, config, ... }: {
options = userOptions.options // { options = userOptions.options // {
default = mkOption { default = mkOption {
type = types.bool; type = types.bool;
@ -63,6 +63,11 @@ let
# if we're the default user, inherit whatever settings were routed to the default user # if we're the default user, inherit whatever settings were routed to the default user
(mkIf config.default sane-user-cfg) (mkIf config.default sane-user-cfg)
{ {
fs."/".dir.acl = {
user = name;
group = nixConfig.users.users."${name}".group;
mode = nixConfig.users.users."${name}".homeMode;
};
fs.".profile".symlink.text = fs.".profile".symlink.text =
let let
env = lib.mapAttrsToList env = lib.mapAttrsToList