colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

desko: eliminate the non-determinism in /var/lib/nixos/auto-subuid-map

Browse Source
This commit is contained in:
colin
2022-07-14 22:00:53 -07:00
parent 3773aebac0
commit a380e300bc
1 changed files with 12 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
modules/universal/env/users.nix vendored
View File

@@ -12,6 +12,11 @@
isNormalUser = true; isNormalUser = true;
home = "/home/colin"; home = "/home/colin";
uid = 1000; uid = 1000;
# i don't get exactly what this is, but nixos defaults to this non-deterministically
# in /var/lib/nixos/auto-subuid-map and i don't want that.
subUidRanges = [
{ startUid=100000; count=1; }
];
group = "users"; group = "users";
extraGroups = [ extraGroups = [
"wheel" "wheel"
@@ -67,12 +72,16 @@
assertions = let assertions = let
uidAssertions = builtins.attrValues (builtins.mapAttrs (name: user: { uidAssertions = builtins.attrValues (builtins.mapAttrs (name: user: {
assertion = user.uid != null; assertion = user.uid != null;
message = "non-deterministic user config detected: ${name}"; message = "non-deterministic uid detected for: ${name}";
}) config.users.users); }) config.users.users);
gidAssertions = builtins.attrValues (builtins.mapAttrs (name: group: { gidAssertions = builtins.attrValues (builtins.mapAttrs (name: group: {
assertion = group.gid != null; assertion = group.gid != null;
message = "non-deterministic group config detected: ${name}"; message = "non-deterministic gid detected for: ${name}";
}) config.users.groups); }) config.users.groups);
in uidAssertions ++ gidAssertions; autoSubAssertions = builtins.attrValues (builtins.mapAttrs (name: user: {
assertion = !user.autoSubUidGidRange;
message = "non-deterministic subUids/Guids detected for: ${name}";
}) config.users.users);
in uidAssertions ++ gidAssertions ++ autoSubAssertions;
} }