gnu: vm: Add build users.
* gnu/system/shadow.scm (guix-build-accounts): New procedure. * gnu/system/vm.scm (system-qemu-image): Use it. Add the "guixbuild" group. * gnu/system/dmd.scm (guix-service): Add 'builder-group' parameter. Pass 'guix-daemon' the '--build-users-group' option.master
parent
3abf9b440b
commit
d0c66871b1
|
@ -146,14 +146,16 @@
|
|||
(inputs `(("inetutils" ,inetutils)
|
||||
("syslog.conf" ,syslog.conf))))))
|
||||
|
||||
(define* (guix-service store #:key (guix guix))
|
||||
(define* (guix-service store #:key (guix guix) (builder-group "guixbuild"))
|
||||
"Return a service that runs the build daemon from GUIX."
|
||||
(let* ((drv (package-derivation store guix))
|
||||
(daemon (string-append (derivation->output-path drv)
|
||||
"/bin/guix-daemon")))
|
||||
(service
|
||||
(provision '(guix-daemon))
|
||||
(start `(make-forkexec-constructor ,daemon))
|
||||
(start `(make-forkexec-constructor ,daemon
|
||||
"--build-users-group"
|
||||
,builder-group))
|
||||
(inputs `(("guix" ,guix))))))
|
||||
|
||||
(define* (static-networking-service store interface ip
|
||||
|
|
|
@ -18,8 +18,14 @@
|
|||
|
||||
(define-module (gnu system shadow)
|
||||
#:use-module (guix store)
|
||||
#:use-module (ice-9 match)
|
||||
#:use-module (guix records)
|
||||
#:use-module (guix packages)
|
||||
#:use-module ((gnu packages system)
|
||||
#:select (shadow))
|
||||
#:use-module (srfi srfi-1)
|
||||
#:use-module (srfi srfi-26)
|
||||
#:use-module (ice-9 match)
|
||||
#:use-module (ice-9 format)
|
||||
#:export (user-account
|
||||
user-account?
|
||||
user-account-name
|
||||
|
@ -38,7 +44,8 @@
|
|||
user-group-members
|
||||
|
||||
passwd-file
|
||||
group-file))
|
||||
group-file
|
||||
guix-build-accounts))
|
||||
|
||||
;;; Commentary:
|
||||
;;;
|
||||
|
@ -110,4 +117,25 @@ file."
|
|||
(add-text-to-store store (if shadow? "shadow" "passwd")
|
||||
contents '()))
|
||||
|
||||
(define* (guix-build-accounts store count #:key
|
||||
(first-uid 30001)
|
||||
(gid 30000)
|
||||
(shadow shadow))
|
||||
"Return a list of COUNT user accounts for Guix build users, with UIDs
|
||||
starting at FIRST-UID, and under GID."
|
||||
(let* ((gid* gid)
|
||||
(no-login (string-append (package-output store shadow) "/sbin/nologin")))
|
||||
(unfold (cut > <> count)
|
||||
(lambda (n)
|
||||
(user-account
|
||||
(name (format #f "guixbuilder~2,'0d" n))
|
||||
(password "!")
|
||||
(uid (+ first-uid n -1))
|
||||
(gid gid*)
|
||||
(comment (format #f "Guix Build User ~2d" n))
|
||||
(home-directory "/var/empty")
|
||||
(shell no-login)))
|
||||
1+
|
||||
1)))
|
||||
|
||||
;;; shadow.scm ends here
|
||||
|
|
|
@ -462,6 +462,9 @@ Happy birthday, GNU! http://www.gnu.org/gnu30
|
|||
(static-networking-service store "eth0" "10.0.2.10"
|
||||
#:gateway "10.0.2.2")))
|
||||
|
||||
(define build-accounts
|
||||
(guix-build-accounts store 10))
|
||||
|
||||
(define resolv.conf
|
||||
;; Name resolution for default QEMU settings.
|
||||
(add-text-to-store store "resolv.conf"
|
||||
|
@ -482,7 +485,7 @@ Happy birthday, GNU! http://www.gnu.org/gnu30
|
|||
(dmd-file (string-append (derivation->output-path dmd-drv)
|
||||
"/bin/dmd"))
|
||||
(dmd-conf (dmd-configuration-file store %dmd-services))
|
||||
(accounts (list (user-account
|
||||
(accounts (cons* (user-account
|
||||
(name "root")
|
||||
(password "")
|
||||
(uid 0) (gid 0)
|
||||
|
@ -495,7 +498,8 @@ Happy birthday, GNU! http://www.gnu.org/gnu30
|
|||
(uid 1000) (gid 100)
|
||||
(comment "Guest of GNU")
|
||||
(home-directory "/home/guest")
|
||||
(shell bash-file))))
|
||||
(shell bash-file))
|
||||
build-accounts))
|
||||
(passwd (passwd-file store accounts))
|
||||
(shadow (passwd-file store accounts #:shadow? #t))
|
||||
(group (group-file store
|
||||
|
@ -505,7 +509,12 @@ Happy birthday, GNU! http://www.gnu.org/gnu30
|
|||
(user-group
|
||||
(name "users")
|
||||
(id 100)
|
||||
(members '("guest"))))))
|
||||
(members '("guest")))
|
||||
(user-group
|
||||
(name "guixbuild")
|
||||
(id 30000)
|
||||
(members (map user-account-name
|
||||
build-accounts))))))
|
||||
(pam.d-drv (pam-services->directory store %pam-services))
|
||||
(pam.d (derivation->output-path pam.d-drv))
|
||||
|
||||
|
|
Reference in New Issue