nixos/display-manager: Support configurable hidden users

9 years ago · 4940e643cc
parent 66bfdf6eb0
commit 4940e643cc
4 changed files with 26 additions and 2 deletions
--- a/nixos/modules/services/misc/nix-daemon.nix
+++ b/nixos/modules/services/misc/nix-daemon.nix
@ -20,6 +20,8 @@ let
      extraGroups = [ "nixbld" ];
    };

+  nixbldUsers = map makeNixBuildUser (range 1 cfg.nrBuildUsers);
+
  nixConf =
    let
      # If we're using a chroot for builds, then provide /bin/sh in
@ -357,7 +359,9 @@ in

    nix.nrBuildUsers = mkDefault (lib.max 10 cfg.maxJobs);

-    users.extraUsers = map makeNixBuildUser (range 1 cfg.nrBuildUsers);
+    users.extraUsers = nixbldUsers;
+
+    services.xserver.displayManager.hiddenUsers = map ({ name, ... }: name) nixbldUsers;

    system.activationScripts.nix = stringAfter [ "etc" "users" ]
      ''
--- a/nixos/modules/services/x11/display-managers/default.nix
+++ b/nixos/modules/services/x11/display-managers/default.nix
@ -208,6 +208,14 @@ in
        description = "Shell commands executed just before the window or desktop manager is started.";
      };

+      hiddenUsers = mkOption {
+        type = types.listOf types.str;
+        default = [ "nobody" ];
+        description = ''
+          A list of users which will not be shown in the display manager.
+        '';
+      };
+
      desktopManagerHandlesLidAndPower = mkOption {
        type = types.bool;
        default = true;
--- a/nixos/modules/services/x11/display-managers/kdm.nix
+++ b/nixos/modules/services/x11/display-managers/kdm.nix
@ -38,7 +38,7 @@ let
      ''} 

      [X-*-Greeter]
-      HiddenUsers=root,nixbld1,nixbld2,nixbld3,nixbld4,nixbld5,nixbld6,nixbld7,nixbld8,nixbld9,nixbld10
+      HiddenUsers=root,${concatStringsSep "," dmcfg.hiddenUsers}
      PluginsLogin=${kdebase_workspace}/lib/kde4/kgreet_classic.so
      ${optionalString (cfg.themeDirectory != null)
      ''
--- a/nixos/modules/services/x11/display-managers/lightdm.nix
+++ b/nixos/modules/services/x11/display-managers/lightdm.nix
@ -50,6 +50,16 @@ let
    '';
  };

+  hiddenUsers = config.services.xserver.displayManager.hiddenUsers;
+
+  usersConf = writeText "users.conf"
+    ''
+      [UserList]
+      minimum-uid=500
+      hidden-users=${concatStringsSep " " hiddenUsers}
+      hidden-shells=/run/current-system/sw/sbin/nologin
+    '';
+
  lightdmConf = writeText "lightdm.conf"
    ''
      [LightDM]
@ -84,6 +94,7 @@ in
          package = wrappedGtkGreeter;
        };
      };
+
    };
  };

@ -102,6 +113,7 @@ in
    };

    environment.etc."lightdm/lightdm.conf".source = lightdmConf;
+    environment.etc."lightdm/users.conf".source = usersConf;

    services.dbus.enable = true;
    services.dbus.packages = [ lightdm ];