pyrox.dev / nixpkgs
lol
fork atom

Remove Some Static IDs (#367563)

Ramses 4af8ef3c 631ac7fa

options
unified split
Changed files
+13 -12
ci
OWNERS
nixos
modules
hardware
uinput.nix
misc
ids.nix
services
misc
whisparr.nix
+1
ci/OWNERS 
···

       
102

       
102

       
 

       
/nixos/default.nix                                    @infinisil


     

       
103

       
103

       
 

       
/nixos/lib/from-env.nix                               @infinisil


     

       
104

       
104

       
 

       
/nixos/lib/eval-config.nix                            @infinisil


     

       

       
105

       
+

       
/nixos/modules/misc/ids.nix                           @R-VdP


     

       
105

       
106

       
 

       
/nixos/modules/system/activation/bootspec.nix         @grahamc @cole-h @raitobezarius


     

       
106

       
107

       
 

       
/nixos/modules/system/activation/bootspec.cue         @grahamc @cole-h @raitobezarius


     

       
107

       
108
+1 -1
nixos/modules/hardware/uinput.nix 
···

       
11

       
11

       
 

       
  config = lib.mkIf cfg.enable {


     

       
12

       
12

       
 

       
    boot.kernelModules = [ "uinput" ];


     

       
13

       
13

       
 

       



     

       
14

       

       
-

       
    users.groups.uinput.gid = config.ids.gids.uinput;


     

       

       
14

       
+

       
    users.groups.uinput = { };


     

       
15

       
15

       
 

       



     

       
16

       
16

       
 

       
    services.udev.extraRules = ''


     

       
17

       
17

       
 

       
      SUBSYSTEM=="misc", KERNEL=="uinput", MODE="0660", GROUP="uinput", OPTIONS+="static_node=uinput"
+9 -9
nixos/modules/misc/ids.nix 
···

       
2

       
2

       
 

       
# central list to prevent id collisions.


     

       
3

       
3

       
 

       



     

       
4

       
4

       
 

       
# IMPORTANT!


     

       
5

       

       
-

       
# We only add static uids and gids for services where it is not feasible


     

       
6

       

       
-

       
# to change uids/gids on service start, for example a service with a lot of


     

       
7

       

       
-

       
# files. Please also check if the service is applicable for systemd's


     

       
8

       

       
-

       
# DynamicUser option and does not need a uid/gid allocation at all.


     

       
9

       

       
-

       
# Systemd can also change ownership of service directories using the


     

       
10

       

       
-

       
# RuntimeDirectory/StateDirectory options.


     

       

       
5

       
+

       
#


     

       

       
6

       
+

       
# https://github.com/NixOS/rfcs/blob/master/rfcs/0052-dynamic-ids.md


     

       

       
7

       
+

       
#


     

       

       
8

       
+

       
# Use of static ids is deprecated within NixOS. Dynamic allocation is


     

       

       
9

       
+

       
# required, barring special circumstacnes. Please check if the service


     

       

       
10

       
+

       
# is applicable for systemd's DynamicUser option and does not need a


     

       

       
11

       
+

       
# uid/gid allocation at all.  Systemd can also change ownership of


     

       

       
12

       
+

       
# service directories using the RuntimeDirectory/StateDirectory


     

       

       
13

       
+

       
# options.


     

       
11

       
14

       
 

       



     

       
12

       
15

       
 

       
{ lib, ... }:


     

       
13

       
16

       
 

       



     
···

       
355

       
358

       
 

       
      rstudio-server = 324;


     

       
356

       
359

       
 

       
      localtimed = 325;


     

       
357

       
360

       
 

       
      automatic-timezoned = 326;


     

       
358

       

       
-

       
      whisparr = 328;


     

       
359

       
361

       
 

       



     

       
360

       
362

       
 

       
      # When adding a uid, make sure it doesn't match an existing gid.


     

       
361

       
363

       
 

       
      #


     
···

       
683

       
685

       
 

       
      rstudio-server = 324;


     

       
684

       
686

       
 

       
      localtimed = 325;


     

       
685

       
687

       
 

       
      automatic-timezoned = 326;


     

       
686

       

       
-

       
      uinput = 327;


     

       
687

       

       
-

       
      whisparr = 328;


     

       
688

       
688

       
 

       



     

       
689

       
689

       
 

       
      # When adding a gid, make sure it doesn't match an existing


     

       
690

       
690

       
 

       
      # uid. Users and groups with the same name should have equal
+2 -2
nixos/modules/services/misc/whisparr.nix 
···

       
64

       
64

       
 

       
      whisparr = {


     

       
65

       
65

       
 

       
        group = cfg.group;


     

       
66

       
66

       
 

       
        home = cfg.dataDir;


     

       
67

       

       
-

       
        uid = config.ids.uids.whisparr;


     

       

       
67

       
+

       
        isSystemUser = true;


     

       
68

       
68

       
 

       
      };


     

       
69

       
69

       
 

       
    };


     

       
70

       
70

       
 

       



     

       
71

       

       
-

       
    users.groups = lib.mkIf (cfg.group == "whisparr") { whisparr.gid = config.ids.gids.whisparr; };


     

       

       
71

       
+

       
    users.groups.whisparr = lib.mkIf (cfg.group == "whisparr") { };


     

       
72

       
72

       
 

       
  };


     

       
73

       
73

       
 

       
}