Merge pull request #172058 from midchildan/improvement/1pw-gid
nixos/_1password{,-gui}: use a static gid
This commit is contained in:
commit
769329f5f8
3 changed files with 35 additions and 20 deletions
|
@ -667,6 +667,27 @@ in
|
|||
# uid. Users and groups with the same name should have equal
|
||||
# uids and gids. Also, don't use gids above 399!
|
||||
|
||||
# For exceptional cases where you really need a gid above 399, leave a
|
||||
# comment stating why.
|
||||
#
|
||||
# Also, avoid the following GID ranges:
|
||||
#
|
||||
# 1000 - 29999: user accounts (see ../config/update-users-groups.pl)
|
||||
# 30000 - 31000: nixbld users (the upper limit is arbitrarily chosen)
|
||||
# 61184 - 65519: systemd DynamicUser (see systemd.exec(5))
|
||||
# 65535: the error return sentinel value when uid_t was 16 bits
|
||||
#
|
||||
# 100000 - 6653600: subgid allocated for user namespaces
|
||||
# (see ../config/update-users-groups.pl)
|
||||
# 4294967294: unauthenticated user in some NFS implementations
|
||||
# 4294967295: error return sentinel value
|
||||
#
|
||||
# References:
|
||||
# https://www.debian.org/doc/debian-policy/ch-opersys.html#uid-and-gid-classes
|
||||
|
||||
onepassword = 31001; # 1Password requires that its GID be larger than 1000
|
||||
onepassword-cli = 31002; # 1Password requires that its GID be larger than 1000
|
||||
|
||||
users = 100;
|
||||
nixbld = 30000;
|
||||
nogroup = 65534;
|
||||
|
|
|
@ -8,19 +8,16 @@ let
|
|||
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
(mkRemovedOptionModule [ "programs" "_1password-gui" "gid" ] ''
|
||||
A preallocated GID will be used instead.
|
||||
'')
|
||||
];
|
||||
|
||||
options = {
|
||||
programs._1password-gui = {
|
||||
enable = mkEnableOption "the 1Password GUI application";
|
||||
|
||||
gid = mkOption {
|
||||
type = types.addCheck types.int (x: x >= 1000);
|
||||
example = literalExpression "5000";
|
||||
description = ''
|
||||
The gid to assign to the onepassword group, which is needed for browser integration.
|
||||
It must be 1000 or greater.
|
||||
'';
|
||||
};
|
||||
|
||||
polkitPolicyOwners = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [ ];
|
||||
|
@ -44,7 +41,7 @@ in
|
|||
in
|
||||
mkIf cfg.enable {
|
||||
environment.systemPackages = [ package ];
|
||||
users.groups.onepassword.gid = cfg.gid;
|
||||
users.groups.onepassword.gid = config.ids.gids.onepassword;
|
||||
|
||||
security.wrappers = {
|
||||
"1Password-BrowserSupport" = {
|
||||
|
|
|
@ -8,19 +8,16 @@ let
|
|||
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
(mkRemovedOptionModule [ "programs" "_1password" "gid" ] ''
|
||||
A preallocated GID will be used instead.
|
||||
'')
|
||||
];
|
||||
|
||||
options = {
|
||||
programs._1password = {
|
||||
enable = mkEnableOption "the 1Password CLI tool";
|
||||
|
||||
gid = mkOption {
|
||||
type = types.addCheck types.int (x: x >= 1000);
|
||||
example = literalExpression "5001";
|
||||
description = ''
|
||||
The gid to assign to the onepassword-cli group, which is needed for integration with the 1Password GUI.
|
||||
It must be 1000 or greater.
|
||||
'';
|
||||
};
|
||||
|
||||
package = mkPackageOption pkgs "1Password CLI" {
|
||||
default = [ "_1password" ];
|
||||
};
|
||||
|
@ -29,7 +26,7 @@ in
|
|||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
users.groups.onepassword-cli.gid = cfg.gid;
|
||||
users.groups.onepassword-cli.gid = config.ids.gids.onepassword-cli;
|
||||
|
||||
security.wrappers = {
|
||||
"op" = {
|
||||
|
|
Loading…
Reference in a new issue