* Allow jobs to specify groups.

svn path=/nixos/trunk/; revision=8862
This commit is contained in:
Eelco Dolstra 2007-06-10 20:13:12 +00:00
parent 1f1db4c48f
commit 4d4387a70e
10 changed files with 54 additions and 39 deletions

View File

@ -13,6 +13,7 @@
gids = {
root = 0;
haldaemon = 5;
users = 100;
nixbld = 30000;
nogroup = 65534;

View File

@ -48,20 +48,30 @@ rec {
# System groups.
systemGroups =
[
{ name = "root";
gid = ids.gids.root;
}
{ name = "nogroup";
gid = ids.gids.nogroup;
}
{ name = "users";
gid = ids.gids.users;
}
{ name = "nixbld";
gid = ids.gids.nixbld;
}
];
let
jobGroups = pkgs.lib.concatLists (map (job: job.groups) upstartJobs.jobs);
defaultGroups =
[
{ name = "root";
gid = ids.gids.root;
}
{ name = "nogroup";
gid = ids.gids.nogroup;
}
{ name = "users";
gid = ids.gids.users;
}
{ name = "nixbld";
gid = ids.gids.nixbld;
}
];
addAttrs =
{ name, gid ? "" }:
{ inherit name gid; };
in map addAttrs (defaultGroups ++ jobGroups);
# Awful hackery necessary to pass the users/groups to the activation script.

View File

@ -87,7 +87,7 @@ import ../upstart-jobs/gather.nix {
# Name service cache daemon.
(import ../upstart-jobs/nscd.nix {
inherit (pkgs) glibc pwdutils;
inherit (pkgs) glibc;
inherit nssModulesPath;
})
@ -128,7 +128,7 @@ import ../upstart-jobs/gather.nix {
# SSH daemon.
++ optional ["services" "sshd" "enable"]
(import ../upstart-jobs/sshd.nix {
inherit (pkgs) writeText openssh glibc pwdutils;
inherit (pkgs) writeText openssh glibc;
inherit (pkgs.xorg) xauth;
inherit nssModulesPath;
forwardX11 = config.get ["services" "sshd" "forwardX11"];
@ -139,7 +139,7 @@ import ../upstart-jobs/gather.nix {
++ optional ["services" "ntp" "enable"]
(import ../upstart-jobs/ntpd.nix {
inherit modprobe;
inherit (pkgs) ntp glibc pwdutils writeText;
inherit (pkgs) ntp glibc writeText;
servers = config.get ["services" "ntp" "servers"];
})
@ -159,14 +159,14 @@ import ../upstart-jobs/gather.nix {
++ optional ["services" "httpd" "enable"]
(import ../upstart-jobs/httpd.nix {
inherit config pkgs;
inherit (pkgs) glibc pwdutils;
inherit (pkgs) glibc;
})
# Samba service.
++ optional ["services" "samba" "enable"]
(import ../upstart-jobs/samba.nix {
inherit pkgs;
inherit (pkgs) glibc pwdutils samba;
inherit (pkgs) glibc samba;
})
# CUPS (printing) daemon.

View File

@ -1,11 +1,5 @@
{stdenv, hal}:
let
homeDir = "/var/run/dbus";
in
{
name = "hal";
@ -13,7 +7,12 @@ in
{ name = "haldaemon";
uid = (import ../system/ids.nix).uids.haldaemon;
description = "HAL daemon user";
# home = homeDir;
}
];
groups = [
{ name = "haldaemon";
gid = (import ../system/ids.nix).gids.haldaemon;
}
];

View File

@ -1,4 +1,4 @@
{config, pkgs, glibc, pwdutils}:
{config, pkgs, glibc}:
let
@ -86,6 +86,11 @@ in
description = "Apache httpd user";
}
];
groups = [
{ name = group;
}
];
job = "
description \"Apache HTTPD\"
@ -94,10 +99,6 @@ start on network-interfaces/started
stop on network-interfaces/stop
start script
if ! ${glibc}/bin/getent group ${group} > /dev/null; then
${pwdutils}/sbin/groupadd ${group}
fi
${webServer}/bin/control prepare
end script

View File

@ -22,4 +22,7 @@
# Allow jobs to declare user accounts that should be created.
users = if job ? users then job.users else [];
# Allow jobs to declare groups that should be created.
groups = if job ? groups then job.groups else [];
}

View File

@ -1,4 +1,4 @@
{glibc, pwdutils, nssModulesPath}:
{glibc, nssModulesPath}:
{
name = "nscd";

View File

@ -1,4 +1,4 @@
{ntp, modprobe, glibc, pwdutils, writeText, servers}:
{ntp, modprobe, glibc, writeText, servers}:
let

View File

@ -1,4 +1,4 @@
{pkgs, samba, glibc, pwdutils}:
{pkgs, samba, glibc}:
let
@ -17,6 +17,11 @@ in
}
];
groups = [
{ name = group;
}
];
job = "
description \"Samba Service\"
@ -26,10 +31,6 @@ stop on network-interfaces/stop
start script
if ! ${glibc}/bin/getent group ${group} > /dev/null; then
${pwdutils}/sbin/groupadd ${group}
fi
${samba}/sbin/nmbd -D &
${samba}/sbin/smbd -D &
${samba}/sbin/winbindd -B &

View File

@ -1,4 +1,4 @@
{ writeText, openssh, glibc, pwdutils, xauth
{ writeText, openssh, glibc, xauth
, nssModulesPath
, forwardX11, allowSFTP
}: