;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
+;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
+;;; Copyright © 2020 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
#:use-module (guix records)
#:use-module (guix gexp)
#:use-module (guix store)
+ #:use-module (guix modules)
#:use-module (guix sets)
#:use-module (guix ui)
+ #:use-module (gnu system accounts)
#:use-module (gnu services)
+ #:use-module (gnu services shepherd)
#:use-module ((gnu system file-systems)
#:select (%tty-gid))
#:use-module ((gnu packages admin)
#:select (shadow))
#:use-module (gnu packages bash)
- #:use-module (gnu packages guile-wm)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-26)
#:use-module (srfi srfi-34)
#:use-module (srfi srfi-35)
- #:export (user-account
- user-account?
- user-account-name
- user-account-password
- user-account-uid
- user-account-group
- user-account-supplementary-groups
- user-account-comment
- user-account-home-directory
- user-account-shell
- user-account-system?
-
- user-group
- user-group?
- user-group-name
- user-group-password
- user-group-id
- user-group-system?
-
- default-skeletons
+
+ ;; Re-export these bindings for backward compatibility.
+ #:re-export (user-account
+ user-account?
+ user-account-name
+ user-account-password
+ user-account-uid
+ user-account-group
+ user-account-supplementary-groups
+ user-account-comment
+ user-account-home-directory
+ user-account-create-home-directory?
+ user-account-shell
+ user-account-system?
+
+ user-group
+ user-group?
+ user-group-name
+ user-group-password
+ user-group-id
+ user-group-system?)
+
+ #:export (default-skeletons
skeleton-directory
%base-groups
%base-user-accounts
;;;
;;; Code:
-(define-record-type* <user-account>
- user-account make-user-account
- user-account?
- (name user-account-name)
- (password user-account-password (default #f))
- (uid user-account-uid (default #f))
- (group user-account-group) ; number | string
- (supplementary-groups user-account-supplementary-groups
- (default '())) ; list of strings
- (comment user-account-comment (default ""))
- (home-directory user-account-home-directory)
- (create-home-directory? user-account-create-home-directory? ;Boolean
- (default #t))
- (shell user-account-shell ; gexp
- (default #~(string-append #$bash "/bin/bash")))
- (system? user-account-system? ; Boolean
- (default #f)))
-
-(define-record-type* <user-group>
- user-group make-user-group
- user-group?
- (name user-group-name)
- (password user-group-password (default #f))
- (id user-group-id (default #f))
- (system? user-group-system? ; Boolean
- (default #f)))
-
+;; Change the default shell used by new <user-account> records.
+(default-shell (file-append bash "/bin/bash"))
(define %base-groups
;; Default set of groups.
(name "nobody")
(uid 65534)
(group "nogroup")
- (shell #~(string-append #$shadow "/sbin/nologin"))
+ (shell (file-append shadow "/sbin/nologin"))
(home-directory "/nonexistent")
(create-home-directory? #f)
(system? #t))))
(define (default-skeletons)
"Return the default skeleton files for /etc/skel. These files are copied by
'useradd' in the home directory of newly created user accounts."
- (define copy-guile-wm
- (with-imported-modules '((guix build utils))
- #~(begin
- (use-modules (guix build utils))
- (copy-file (car (find-files #$guile-wm "wm-init-sample.scm"))
- #$output))))
(let ((profile (plain-file "bash_profile" "\
# Honor per-interactive-shell startup file
# honor it and otherwise use /bin/sh.
export SHELL
-if [ -n \"$SSH_CLIENT\" -a -z \"`type -P cat`\" ]
+if [[ $- != *i* ]]
then
- # We are being invoked from a non-interactive SSH session
- # (as in \"ssh host command\") but 'cat' cannot be found
- # in $PATH. Source /etc/profile so we get $PATH and other
- # essential variables.
- source /etc/profile
+ # We are being invoked from a non-interactive shell. If this
+ # is an SSH session (as in \"ssh host command\"), source
+ # /etc/profile so we get PATH and other essential variables.
+ [[ -n \"$SSH_CLIENT\" ]] && source /etc/profile
+
+ # Don't do anything else.
+ return
fi
+# Source the system-wide file.
+source /etc/bashrc
+
# Adjust the prompt depending on whether we're in 'guix environment'.
if [ -n \"$GUIX_ENVIRONMENT\" ]
then
else
PS1='\\u@\\h \\w\\$ '
fi
-alias ls='ls -p --color'
-alias ll='ls -l'\n"))
- (zlogin (plain-file "zlogin" "\
+alias ls='ls -p --color=auto'
+alias ll='ls -l'
+alias grep='grep --color=auto'\n"))
+ (zprofile (plain-file "zprofile" "\
# Honor system-wide environment variables
source /etc/profile\n"))
- (guile-wm (computed-file "guile-wm" copy-guile-wm))
(xdefaults (plain-file "Xdefaults" "\
XTerm*utf8: always
XTerm*metaSendsEscape: true\n"))
(gdbinit (plain-file "gdbinit" "\
# Tell GDB where to look for separate debugging files.
-set debug-file-directory ~/.guix-profile/lib/debug\n")))
+set debug-file-directory ~/.guix-profile/lib/debug
+
+# Authorize extensions found in the store, such as the
+# pretty-printers of libstdc++.
+set auto-load safe-path /gnu/store/*/lib\n")))
`((".bash_profile" ,profile)
(".bashrc" ,bashrc)
- (".zlogin" ,zlogin)
+ ;; Zsh sources ~/.zprofile before ~/.zshrc, and it sources ~/.zlogin
+ ;; after ~/.zshrc. To avoid interfering with any customizations a user
+ ;; may have made in their ~/.zshrc, put this in .zprofile, not .zlogin.
+ (".zprofile" ,zprofile)
+ (".nanorc" ,(plain-file "nanorc" "\
+# Include all the syntax highlighting modules.
+include /run/current-system/profile/share/nano/*.nanorc\n"))
(".Xdefaults" ,xdefaults)
- (".guile-wm" ,guile-wm)
+ (".guile" ,(plain-file "dot-guile"
+ "(cond ((false-if-exception (resolve-interface '(ice-9 readline)))
+ =>
+ (lambda (module)
+ ;; Enable completion and input history at the REPL.
+ ((module-ref module 'activate-readline))))
+ (else
+ (display \"Consider installing the 'guile-readline' package for
+convenient interactive line editing and input history.\\n\\n\")))
+
+ (unless (getenv \"INSIDE_EMACS\")
+ (cond ((false-if-exception (resolve-interface '(ice-9 colorized)))
+ =>
+ (lambda (module)
+ ;; Enable completion and input history at the REPL.
+ ((module-ref module 'activate-colorized))))
+ (else
+ (display \"Consider installing the 'guile-colorized' package
+for a colorful Guile experience.\\n\\n\"))))\n"))
(".gdbinit" ,gdbinit))))
(define (skeleton-directory skeletons)
((target source)
(copy-recursively source target)))
'#$skeletons)
+ ;; Make nanorc respect XDG_CONFIG_HOME.
+ (when (file-exists? ".nanorc")
+ (mkdir-p ".config/nano")
+ (rename-file ".nanorc" ".config/nano/nanorc"))
#t))))
(define (assert-valid-users/groups users groups)
(raise (condition
(&message
(message
- (format #f (_ "supplementary group '~a' \
+ (format #f (G_ "supplementary group '~a' \
of user '~a' is undeclared")
group
(user-account-name user))))))))
(raise (condition
(&message
(message
- (format #f (_ "primary group '~a' \
+ (format #f (G_ "primary group '~a' \
of user '~a' is undeclared")
(user-account-group user)
(user-account-name user)))))))
(assert-valid-users/groups accounts groups)
;; Add users and user groups.
- #~(begin
- (setenv "PATH"
- (string-append #$(@ (gnu packages admin) shadow) "/sbin"))
- (activate-users+groups (list #$@user-specs)
- (list #$@group-specs))))
+ (with-imported-modules (source-module-closure '((gnu system accounts)))
+ #~(begin
+ (use-modules (gnu system accounts))
+
+ (activate-users+groups (map sexp->user-account (list #$@user-specs))
+ (map sexp->user-group (list #$@group-specs))))))
+
+(define (account-shepherd-service accounts+groups)
+ "Return a Shepherd service that creates the home directories for the user
+accounts among ACCOUNTS+GROUPS."
+ (define accounts
+ (filter user-account? accounts+groups))
+
+ ;; Create home directories only once 'file-systems' is up. This makes sure
+ ;; they are created in the right place if /home lives on a separate
+ ;; partition.
+ ;;
+ ;; XXX: We arrange for this service to stop right after it's done its job so
+ ;; that 'guix system reconfigure' knows that it can reload it fearlessly
+ ;; (and thus create new home directories).
+ (list (shepherd-service
+ (requirement '(file-systems))
+ (provision '(user-homes))
+ (one-shot? #t)
+ (modules '((gnu build activation)
+ (gnu system accounts)))
+ (start (with-imported-modules (source-module-closure
+ '((gnu build activation)
+ (gnu system accounts)))
+ #~(lambda ()
+ (activate-user-home
+ (map sexp->user-account
+ (list #$@(map user-account->gexp accounts))))
+ #t))) ;success
+ (documentation "Create user home directories."))))
(define (shells-file shells)
"Return a file-like object that builds a shell list for use as /etc/shells
(extensions
(list (service-extension activation-service-type
account-activation)
+ (service-extension shepherd-root-service-type
+ account-shepherd-service)
+ ;; Have 'user-processes' depend on 'user-homes' so that
+ ;; daemons start after their home directory has been
+ ;; created.
+ (service-extension user-processes-service-type
+ (const '(user-homes)))
(service-extension etc-service-type
- etc-files)))))
+ etc-files)))
+ (description
+ "Ensure the specified user accounts and groups exist, as well
+as each account home directory.")))
(define (account-service accounts+groups skeletons)
"Return a <service> that takes care of user accounts and user groups, with