-
-
Notifications
You must be signed in to change notification settings - Fork 14.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/users: Allow mutable shells for declarative users #41966
nixos/users: Allow mutable shells for declarative users #41966
Conversation
This allows non-declarative users to change their login shells. NixOS#41966 will make this possible for declarative users as well if the system config explicitly allows it.
I want to manage users centrally via declarativeUsers, but allow users to change their shell as they please, similar to how they can change passwords at will if none of the password-related NixOS settings are set for their user.
f465eea
to
a709b1a
Compare
This only works together with #51270 ? I assume, I can get both behaviours? Declarative users, who can't change their login shell and declarative users, who can change their login shell? How to select between those behaviours (if both are present.) |
Thank you for your contributions.
|
@@ -119,7 +119,7 @@ let | |||
}; | |||
|
|||
shell = mkOption { | |||
type = types.either types.shellPackage types.path; | |||
type = types.nullOr (types.either types.shellPackage types.path); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Question: If I set a shell in nixos, does this override the user shell on every update?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My understanding of nixos/modules/config/update-users-groups.pl is that:
- it always sets the
shell
- if a given user has a shell set in the NixOS config, that will always be used, overwriting any existing shell
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For what it's worth, this isn't changing the existing behaviour at all, right? It just allows you to additionally explicitly set a user's shell to null which then means NixOS won't touch it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep, that's correct!
@typetetris #51270 was mainly for non-declarative users. You can get both behaviors:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LG.
@@ -119,7 +119,7 @@ let | |||
}; | |||
|
|||
shell = mkOption { | |||
type = types.either types.shellPackage types.path; | |||
type = types.nullOr (types.either types.shellPackage types.path); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For what it's worth, this isn't changing the existing behaviour at all, right? It just allows you to additionally explicitly set a user's shell to null which then means NixOS won't touch it.
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: |
Merging based on multiple reviews. |
Motivation for this change
I want to manage users centrally via declarativeUsers,
but allow users to change their shell as they please,
similar to how they can change passwords at will
if none of the password-related NixOS settings are set for their user.
Things done
sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)