diff --git a/helpers/create-users-groups.sh b/helpers/create-users-groups.sh index da168650897..cb68d23cb59 100644 --- a/helpers/create-users-groups.sh +++ b/helpers/create-users-groups.sh @@ -26,6 +26,7 @@ cat "$1" | while true; do read extraGroups read home read shell + read createHome if ! curEnt=$(getent passwd "$name"); then echo "creating user $name..." @@ -36,7 +37,8 @@ cat "$1" | while true; do --gid "$group" \ --groups "$extraGroups" \ --home "$home" \ - --shell "$shell" + --shell "$shell" \ + ${createHome:+--create-home} else echo "updating user $name..." oldIFS="$IFS"; IFS=:; set -- $curEnt; IFS="$oldIFS" diff --git a/system/options.nix b/system/options.nix index 6d5a0c967a0..9fe8aaa577e 100644 --- a/system/options.nix +++ b/system/options.nix @@ -1388,6 +1388,35 @@ root ALL=(ALL) SETENV: ALL users = { + extraUsers = mkOption { + default = []; + example = [ + { name = "alice"; + uid = 1234; + description = "Alice"; + home = "/home/alice"; + createHome = true; + group = "users"; + extraGroups = ["wheel"]; + } + ]; + description = " + Additional user accounts to be created automatically by the system. + "; + }; + + extraGroups = mkOption { + default = []; + example = [ + { name = "students"; + gid = 1001; + } + ]; + description = " + Additional groups to be created automatically by the system. + "; + }; + ldap = { enable = mkOption { diff --git a/system/system.nix b/system/system.nix index b07636e7347..9e67236522d 100644 --- a/system/system.nix +++ b/system/system.nix @@ -262,7 +262,7 @@ rec { }; - usersGroups = import ./users-groups.nix { inherit pkgs upstartJobs defaultShell; }; + usersGroups = import ./users-groups.nix { inherit pkgs config upstartJobs defaultShell; }; defaultShell = "/var/run/current-system/sw/bin/bash"; diff --git a/system/users-groups.nix b/system/users-groups.nix index b156ac5591e..9235fe11c18 100644 --- a/system/users-groups.nix +++ b/system/users-groups.nix @@ -1,11 +1,11 @@ -{pkgs, upstartJobs, defaultShell}: +{pkgs, config, upstartJobs, defaultShell}: let ids = import ./ids.nix; in rec { - # System user accounts. - systemUsers = + # User accounts to be created/updated by NixOS. + users = let jobUsers = pkgs.lib.concatLists (map (job: job.users) upstartJobs.jobs); @@ -40,15 +40,17 @@ rec { , group ? "nogroup" , extraGroups ? [] , home ? "/var/empty" - , shell ? "/noshell" + , shell ? (if useDefaultShell then defaultShell else "/noshell") + , createHome ? false + , useDefaultShell ? false }: - { inherit name description uid group extraGroups home shell; }; + { inherit name description uid group extraGroups home shell createHome; }; - in map addAttrs (defaultUsers ++ jobUsers ++ nixBuildUsers); + in map addAttrs (defaultUsers ++ jobUsers ++ nixBuildUsers ++ config.users.extraUsers); - # System groups. - systemGroups = + # Groups to be created/updated by NixOS. + groups = let jobGroups = pkgs.lib.concatLists (map (job: job.groups) upstartJobs.jobs); @@ -75,12 +77,12 @@ rec { { name, gid ? "" }: { inherit name gid; }; - in map addAttrs (defaultGroups ++ jobGroups); + in map addAttrs (defaultGroups ++ jobGroups ++ config.users.extraGroups); # Awful hackery necessary to pass the users/groups to the activation script. createUsersGroups = ../helpers/create-users-groups.sh; - usersList = pkgs.writeText "users" (pkgs.lib.concatStrings (map (u: "${u.name}\n${u.description}\n${toString u.uid}\n${u.group}\n${toString u.extraGroups}\n${u.home}\n${u.shell}\n") systemUsers)); - groupsList = pkgs.writeText "groups" (pkgs.lib.concatStrings (map (g: "${g.name}\n${toString g.gid}\n") systemGroups)); + usersList = pkgs.writeText "users" (pkgs.lib.concatStrings (map (u: "${u.name}\n${u.description}\n${toString u.uid}\n${u.group}\n${toString u.extraGroups}\n${u.home}\n${u.shell}\n${toString u.createHome}\n") users)); + groupsList = pkgs.writeText "groups" (pkgs.lib.concatStrings (map (g: "${g.name}\n${toString g.gid}\n") groups)); }