Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Uid gid for templates #715

Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions checks/nixos-test.nix
Original file line number Diff line number Diff line change
Expand Up @@ -321,6 +321,14 @@ in
path = "/etc/externally/linked";
};

sops.templates.test_uid_gid = {
uid = 420;
gid = 420;
content = ''
Test value: ${config.sops.placeholder.test_key}
'';
};

users.groups.somegroup = { };
users.users.someuser = {
isSystemUser = true;
Expand All @@ -339,6 +347,8 @@ in
machine.succeed("[ $(stat -c%G /run/secrets/rendered/test_template) = 'somegroup' ]")
machine.succeed("[ $(stat -c%U /run/secrets/rendered/test_default) = 'root' ]")
machine.succeed("[ $(stat -c%G /run/secrets/rendered/test_default) = 'root' ]")
machine.succeed("[ $(stat -c%u /run/secrets/rendered/test_uid_gid) = '420' ]")
machine.succeed("[ $(stat -c%g /run/secrets/rendered/test_uid_gid) = '420' ]")

expected = """\
This line is not modified.
Expand Down
26 changes: 20 additions & 6 deletions modules/nix-darwin/templates/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -49,18 +49,32 @@ in
'';
};
owner = mkOption {
type = types.singleLineStr;
default = "root";
type = with lib.types; nullOr singleLineStr;
default = null;
description = ''
User of the file. Can only be set if uid is 0;
'';
};
uid = mkOption {
type = with lib.types; nullOr int;
default = 0;
description = ''
User of the file.
UID of the template, only applied with owner is null. the UID will be applied even if the corresponding user doesn't exist.
'';
};
group = mkOption {
type = types.singleLineStr;
default = "staff";
type = with lib.types; nullOr singleLineStr;
default = if config.owner != null then "staff" else null;
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I assume you have not tested this on macOS yet?
I just need to know if I need to give this a try before merging.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That is correct, I do not have an OSX I can test it with.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, just in case you didn't see it, I still haven't figured out how to add assertions, if you could offer a bit of advice there, I'd appreciate it :D

defaultText = "staff";
description = ''
Group of the file. Default on darwin in staff.
Group of the file. Can only be set if gid is 0. Default on darwin to 'staff'
'';
};
gid = mkOption {
type = with lib.types; nullOr int;
default = 0;
description = ''
GID of the template, only applied when group is null. The GID will be applied even if the corresponding group doesn't exist.
'';
};
file = mkOption {
Expand Down
26 changes: 20 additions & 6 deletions modules/sops/templates/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -52,18 +52,32 @@ in
'';
};
owner = mkOption {
type = types.singleLineStr;
default = "root";
type = with lib.types; nullOr singleLineStr;
default = null;
description = ''
User of the file. Can only be set if uid is 0;
'';
};
uid = mkOption {
dkowis marked this conversation as resolved.
Show resolved Hide resolved
type = with lib.types; nullOr int;
default = 0;
description = ''
User of the file.
UID of the template, only applied with owner is null. the UID will be applied even if the corresponding user doesn't exist.
'';
};
group = mkOption {
type = types.singleLineStr;
default = users.${config.owner}.group;
type = with lib.types; nullOr singleLineStr;
default = if config.owner != null then users.${config.owner}.group else null;
defaultText = lib.literalExpression ''config.users.users.''${cfg.owner}.group'';
description = ''
Group of the file.
Group of the file. Can only be set if gid is 0.
'';
};
gid = mkOption {
type = with lib.types; nullOr int;
default = 0;
description = ''
GID of the template, only applied when group is null. The GID will be applied even if the corresponding group doesn't exist.
'';
};
file = mkOption {
Expand Down
Loading