nix: add sharefs supplementary group
All checks were successful
Test / Sandbox (push) Successful in 1m1s
Test / Sandbox (race detector) (push) Successful in 1m2s
Test / Hakurei (push) Successful in 1m5s
Test / Hakurei (race detector) (push) Successful in 1m10s
Test / Create distribution (push) Successful in 1m19s
Test / ShareFS (push) Successful in 3m6s
Test / Flake checks (push) Successful in 1m33s
All checks were successful
Test / Sandbox (push) Successful in 1m1s
Test / Sandbox (race detector) (push) Successful in 1m2s
Test / Hakurei (push) Successful in 1m5s
Test / Hakurei (race detector) (push) Successful in 1m10s
Test / Create distribution (push) Successful in 1m19s
Test / ShareFS (push) Successful in 3m6s
Test / Flake checks (push) Successful in 1m33s
This works around vfs inode file attribute race. Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
63
nixos.nix
63
nixos.nix
@@ -136,11 +136,12 @@ in
|
||||
|
||||
conf = {
|
||||
inherit id;
|
||||
inherit (app) identity groups enablements;
|
||||
inherit (app) identity enablements;
|
||||
inherit (dbusConfig) session_bus system_bus;
|
||||
direct_wayland = app.insecureWayland;
|
||||
sched_policy = app.schedPolicy;
|
||||
sched_priority = app.schedPriority;
|
||||
groups = app.groups ++ optional (cfg.sharefs.source != null) cfg.sharefs.group;
|
||||
|
||||
container = {
|
||||
inherit (app)
|
||||
@@ -357,29 +358,30 @@ in
|
||||
users = mkMerge (
|
||||
foldlAttrs
|
||||
(
|
||||
acc: _: fid:
|
||||
acc: username: fid:
|
||||
acc
|
||||
++ foldlAttrs (
|
||||
acc': _: app:
|
||||
acc' ++ [ { ${getsubname fid app.identity} = getuser fid app.identity; } ]
|
||||
) [ { ${getsubname fid 0} = getuser fid 0; } ] cfg.apps
|
||||
)
|
||||
(
|
||||
if (cfg.sharefs.source != null) then
|
||||
[
|
||||
{
|
||||
${cfg.sharefs.user} = {
|
||||
uid = lib.mkDefault 1023;
|
||||
inherit (cfg.sharefs) group;
|
||||
isSystemUser = true;
|
||||
home = cfg.sharefs.source;
|
||||
};
|
||||
|
||||
}
|
||||
]
|
||||
else
|
||||
[ ]
|
||||
++
|
||||
foldlAttrs
|
||||
(
|
||||
acc': _: app:
|
||||
acc' ++ [ { ${getsubname fid app.identity} = getuser fid app.identity; } ]
|
||||
)
|
||||
[
|
||||
{
|
||||
${getsubname fid 0} = getuser fid 0;
|
||||
${username}.extraGroups = [ cfg.sharefs.group ];
|
||||
}
|
||||
]
|
||||
cfg.apps
|
||||
)
|
||||
(optional (cfg.sharefs.source != null) {
|
||||
${cfg.sharefs.user} = {
|
||||
uid = lib.mkDefault 1023;
|
||||
inherit (cfg.sharefs) group;
|
||||
isSystemUser = true;
|
||||
home = cfg.sharefs.source;
|
||||
};
|
||||
})
|
||||
cfg.users
|
||||
);
|
||||
|
||||
@@ -393,18 +395,11 @@ in
|
||||
acc' ++ [ { ${getsubname fid app.identity} = getgroup fid app.identity; } ]
|
||||
) [ { ${getsubname fid 0} = getgroup fid 0; } ] cfg.apps
|
||||
)
|
||||
(
|
||||
if (cfg.sharefs.source != null) then
|
||||
[
|
||||
{
|
||||
${cfg.sharefs.group} = {
|
||||
gid = lib.mkDefault 1023;
|
||||
};
|
||||
}
|
||||
]
|
||||
else
|
||||
[ ]
|
||||
)
|
||||
(optional (cfg.sharefs.source != null) {
|
||||
${cfg.sharefs.group} = {
|
||||
gid = lib.mkDefault 1023;
|
||||
};
|
||||
})
|
||||
cfg.users
|
||||
);
|
||||
};
|
||||
|
||||
@@ -8,10 +8,7 @@
|
||||
description = "Alice Foobar";
|
||||
password = "foobar";
|
||||
uid = 1000;
|
||||
extraGroups = [
|
||||
"wheel"
|
||||
"sharefs"
|
||||
];
|
||||
extraGroups = [ "wheel" ];
|
||||
};
|
||||
untrusted = {
|
||||
isNormalUser = true;
|
||||
|
||||
Reference in New Issue
Block a user