* Move the uid/gid mappings into a module. This allows other modules

to use it through config.ids.{uids,gids} rather than `import relative-path/ids.nix'. svn path=/nixos/branches/modular-nixos/; revision=15796
15 years ago · dba1d48b78
parent c4f50d85cb
commit dba1d48b78
22 changed files with 82 additions and 63 deletions
--- a/modules/config/users-groups.nix
+++ b/modules/config/users-groups.nix
@ -41,7 +41,7 @@ in

 ###### implementation
 let
-  ids = import ../../system/ids.nix;
+  ids = config.ids;

  # User accounts to be created/updated by NixOS.
  users =
--- a/modules/misc/ids.nix
+++ b/modules/misc/ids.nix
@ -1,6 +1,32 @@
+# This module defines the global list of uids and gids.  We keep a
+# central list to prevent id collissions.
+
+{config, pkgs, ...}:
+
+let
+
+  options = {
+
+    ids.uids = pkgs.lib.mkOption {
+      description = ''
+        The user IDs used in NixOS.
+      '';
+    };
+
+    ids.gids = pkgs.lib.mkOption {
+      description = ''
+        The group IDs used in NixOS.
+      '';
+    };
+
+  };
+
+in
+  
 {
+  require = options;

-  uids = {
+  ids.uids = {
    root = 0;
    nscd = 1;
    sshd = 2;
@ -25,7 +51,7 @@
    nobody = 65534;
  };

-  gids = {
+  ids.gids = {
    root = 0;
    wheel = 1;
    kmem = 2;
--- a/modules/module-list.nix
+++ b/modules/module-list.nix
@ -14,6 +14,7 @@
  ./installer/tools/nixos-checkout.nix
  ./installer/tools/tools.nix
  ./misc/assertions.nix
+  ./misc/ids.nix
  ./misc/locate.nix
  ./programs/bash/bash.nix
  ./programs/info.nix
--- a/modules/services/audio/alsa.nix
+++ b/modules/services/audio/alsa.nix
@ -34,7 +34,7 @@ let
  # not used (e.g., doesn't own any devices).
  group = {
    name = "audio";
-    gid = (import ../../../system/ids.nix).gids.audio;
+    gid = config.ids.gids.audio;
  };

  job = {
--- a/modules/services/audio/pulseaudio.nix
+++ b/modules/services/audio/pulseaudio.nix
@ -4,8 +4,8 @@
 let
  inherit (pkgs.lib) mkOption mkIf;

-  uid = (import ../../../system/ids.nix).uids.pulseaudio;
-  gid = (import ../../../system/ids.nix).gids.pulseaudio;
+  uid = config.ids.uids.pulseaudio;
+  gid = config.ids.gids.pulseaudio;

  options = {
    services = {
@ -36,8 +36,6 @@ in

 ###### implementation

-# For some reason, PulseAudio wants UID == GID.
-assert uid == gid;

 mkIf config.services.pulseaudio.enable {
  require = [
@ -51,7 +49,8 @@ mkIf config.services.pulseaudio.enable {
  users = {
    extraUsers = [
      { name = "pulse";
-        inherit uid;
+        # For some reason, PulseAudio wants UID == GID.
+        uid = assert uid == gid; uid;
        group = "pulse";
        description = "PulseAudio system-wide daemon";
        home = "/var/run/pulse";
--- a/modules/services/hardware/hal.nix
+++ b/modules/services/hardware/hal.nix
@ -36,13 +36,13 @@ let

  user = {
    name = "haldaemon";
-    uid = (import ../../../system/ids.nix).uids.haldaemon;
+    uid = config.ids.uids.haldaemon;
    description = "HAL daemon user";
  };

  group = {
    name = "haldaemon";
-    gid = (import ../../../system/ids.nix).gids.haldaemon;
+    gid = config.ids.gids.haldaemon;
  };

  fdi =
--- a/modules/services/mail/dovecot.nix
+++ b/modules/services/mail/dovecot.nix
@ -44,7 +44,6 @@ let
  startingDependency = if config.services.gw6c.enable then "gw6c" else "network-interfaces";

  cfg = config.services.dovecot;
-  idList = import ../../../system/ids.nix;

  dovecotConf = 
  ''
@ -112,13 +111,13 @@ mkIf config.services.dovecot.enable {
  users = {
    extraUsers = [{
      name = cfg.user;
-      uid = idList.uids.dovecot;
+      uid = config.ids.uids.dovecot;
      description = "Dovecot user";
      group = cfg.group;
    }];
    extraGroups = [{
      name = cfg.group;
-      gid = idList.gids.dovecot;
+      gid = config.ids.gids.dovecot;
    }];
  };

--- a/modules/services/mail/postfix.nix
+++ b/modules/services/mail/postfix.nix
@ -156,7 +156,6 @@ let
  user = cfg.user;
  group = cfg.group;
  setgidGroup = cfg.setgidGroup;
-  idList = import ../../../system/ids.nix;

  optionalString = pkgs.lib.optionalString;
  concatStringsSep = pkgs.lib.concatStringsSep;
@ -270,17 +269,17 @@ mkIf config.services.postfix.enable {
    extraUsers = [
      { name = user;
        description = "Postfix mail server user";
-        uid = idList.uids.postfix;
+        uid = config.ids.uids.postfix;
        group = group;
      }
    ];

    extraGroups = [
      { name = group; 
-        gid = idList.gids.postfix;
+        gid = config.ids.gids.postfix;
      }
      { name = setgidGroup; 
-        gid = idList.gids.postdrop;
+        gid = config.ids.gids.postdrop;
      }
    ];
  };
--- a/modules/services/monitoring/nagios/default.nix
+++ b/modules/services/monitoring/nagios/default.nix
@ -137,7 +137,7 @@ let

  user = {
    name = nagiosUser;
-    uid = (import ../../../../system/ids.nix).uids.nagios;
+    uid = config.ids.uids.nagios;
    description = "Nagios monitoring daemon";
    home = nagiosState;
  };
--- a/modules/services/monitoring/zabbix-agent.nix
+++ b/modules/services/monitoring/zabbix-agent.nix
@ -52,7 +52,7 @@ let

  user = {
    name = "zabbix";
-    uid = (import ../../../system/ids.nix).uids.zabbix;
+    uid = config.ids.uids.zabbix;
    description = "Zabbix daemon user";
  };

--- a/modules/services/monitoring/zabbix-server.nix
+++ b/modules/services/monitoring/zabbix-server.nix
@ -42,7 +42,7 @@ let

  user = {
    name = "zabbix";
-    uid = (import ../../../system/ids.nix).uids.zabbix;
+    uid = config.ids.uids.zabbix;
    description = "Zabbix daemon user";
  };

--- a/modules/services/networking/avahi-daemon.nix
+++ b/modules/services/networking/avahi-daemon.nix
@ -93,14 +93,14 @@ let

  user = {
    name = "avahi";
-    uid = (import ../system/ids.nix).uids.avahi;
+    uid = config.ids.uids.avahi;
    description = "`avahi-daemon' privilege separation user";
    home = "/var/empty";
  };

  group = {
    name = "avahi";
-    gid = (import ../system/ids.nix).gids.avahi;
+    gid = config.ids.gids.avahi;
  };

  job = {
--- a/modules/services/networking/bitlbee.nix
+++ b/modules/services/networking/bitlbee.nix
@ -41,15 +41,13 @@ in
 ###### implementation

 let
-  bitlbeeUid = (import ../system/ids.nix).uids.bitlbee;
+  bitlbeeUid = config.ids.uids.bitlbee;
  inherit (config.services.bitlbee) portNumber interface;
 in

 mkIf config.services.bitlbee.enable {

-  require = [ 
-    options
-  ];
+  require = options;

  users = {
    extraUsers = [
@ -62,32 +60,31 @@ mkIf config.services.bitlbee.enable {
    
    extraGroups = [
      { name = "bitlbee";
-        gid = (import ../system/ids.nix).gids.bitlbee;
+        gid = config.ids.gids.bitlbee;
      }
    ];
  };

-  services = {
-    extraJobs = [{
-      name = "bitlbee";
+  services.extraJobs = [{
+    name = "bitlbee";

-      job = ''
-    description "BitlBee IRC to other chat networks gateway"
+    job = ''
+      description "BitlBee IRC to other chat networks gateway"

-    start on network-interfaces/started
-    stop on network-interfaces/stop
+      start on network-interfaces/started
+      stop on network-interfaces/stop

-    start script
-        if ! test -d /var/lib/bitlbee
-        then
-            mkdir -p /var/lib/bitlbee
-        fi
-    end script
+      start script
+          if ! test -d /var/lib/bitlbee
+          then
+              mkdir -p /var/lib/bitlbee
+          fi
+      end script

-    respawn ${pkgs.bitlbee}/sbin/bitlbee -F -p ${toString portNumber} \
-            -i ${interface} -u bitlbee
-      '';
-  
-    }];
-  };
+      respawn ${pkgs.bitlbee}/sbin/bitlbee -F -p ${toString portNumber} \
+              -i ${interface} -u bitlbee
+    '';
+  }];
+
+  environment.systemPackages = pkgs.bitlbee;  
 }
--- a/modules/services/networking/gnunet.nix
+++ b/modules/services/networking/gnunet.nix
@ -154,7 +154,7 @@ mkIf config.services.gnunet.enable {
  users = {
    extraUsers = [
      { name = "gnunetd";
-        uid = (import ../system/ids.nix).uids.gnunetd;
+        uid = config.ids.uids.gnunetd;
        description = "GNUnet Daemon User";
        home = "/var/empty";
      }
--- a/modules/services/networking/ntpd.nix
+++ b/modules/services/networking/ntpd.nix
@ -72,7 +72,7 @@ mkIf config.services.ntp.enable {
      
      users = [
        { name = ntpUser;
-          uid = (import ../../../system/ids.nix).uids.ntp;
+          uid = config.ids.uids.ntp;
          description = "NTP daemon user";
          home = stateDir;
        }
--- a/modules/services/networking/portmap.nix
+++ b/modules/services/networking/portmap.nix
@ -37,8 +37,8 @@ in

 ###### implementation

-let uid = (import ../../../system/ids.nix).uids.portmap;
-    gid = (import ../../../system/ids.nix).gids.portmap;
+let uid = config.ids.uids.portmap;
+    gid = config.ids.gids.portmap;
 in

 mkIf config.services.portmap.enable {
--- a/modules/services/networking/ssh/sshd.nix
+++ b/modules/services/networking/ssh/sshd.nix
@ -85,8 +85,6 @@ let
    
  '';

-  sshdUid = (import ../../../../system/ids.nix).uids.sshd;
-
  # !!! is this assertion evaluated anywhere???
  assertion = cfg.permitRootLogin == "yes" ||
       cfg.permitRootLogin == "without-password" ||
@ -104,7 +102,7 @@ mkIf config.services.sshd.enable {
  users = {
    extraUsers = [
      { name = "sshd";
-        uid = (import ../../../../system/ids.nix).uids.sshd;
+        uid = config.ids.uids.sshd;
        description = "SSH privilege separation user";
        home = "/var/empty";
      }
--- a/modules/services/networking/vsftpd.nix
+++ b/modules/services/networking/vsftpd.nix
@ -95,13 +95,13 @@ mkIf config.services.vsftpd.enable {
  users = {
    extraUsers = [
        { name = "vsftpd";
-          uid = (import ../../../system/ids.nix).uids.vsftpd;
+          uid = config.ids.uids.vsftpd;
          description = "VSFTPD user";
          home = "/homeless-shelter";
        }
      ] ++ pkgs.lib.optional anonymousUser
        { name = "ftp";
-          uid = (import ../../../system/ids.nix).uids.ftp;
+          uid = config.ids.uids.ftp;
          group = "ftp";
          description = "Anonymous ftp user";
          home = "/home/ftp";
@ -109,7 +109,7 @@ mkIf config.services.vsftpd.enable {

    extraGroups = [
      { name = "ftp";
-        gid = (import ../../../system/ids.nix).gids.ftp;
+        gid = config.ids.gids.ftp;
      }
    ];
      
--- a/modules/services/scheduling/atd.nix
+++ b/modules/services/scheduling/atd.nix
@ -37,14 +37,14 @@ let

  user = {
    name = "atd";
-    uid = (import ../../../system/ids.nix).uids.atd;
+    uid = config.ids.uids.atd;
    description = "atd user";
    home = "/var/empty";
  };

  group = {
    name = "atd";
-    gid = (import ../../../system/ids.nix).gids.atd;
+    gid = config.ids.gids.atd;
  };

  job = ''
--- a/modules/services/system/dbus.nix
+++ b/modules/services/system/dbus.nix
@ -55,7 +55,7 @@ let

  user = {
    name = "messagebus";
-    uid = (import ../../../system/ids.nix).uids.messagebus;
+    uid = config.ids.uids.messagebus;
    description = "D-Bus system message bus daemon user";
    home = homeDir;
  };
--- a/modules/services/system/nscd.nix
+++ b/modules/services/system/nscd.nix
@ -13,7 +13,7 @@ in
        
        users = [
          { name = "nscd";
-            uid = (import ../../../system/ids.nix).uids.nscd;
+            uid = config.ids.uids.nscd;
            description = "Name service cache daemon user";
          }
        ];
--- a/modules/services/web-servers/tomcat.nix
+++ b/modules/services/web-servers/tomcat.nix
@ -73,13 +73,13 @@ mkIf config.services.tomcat.enable {
      
      groups = [
        { name = "tomcat";
-          gid = (import ../../../system/ids.nix).gids.tomcat;
+          gid = config.ids.gids.tomcat;
        }
      ];
      
      users = [
        { name = "tomcat";
-          uid = (import ../../../system/ids.nix).uids.tomcat;
+          uid = config.ids.uids.tomcat;
          description = "Tomcat user";
          home = "/homeless-shelter";
        }