nixos: Add assertion for persisting UIDs/GIDs

Fixes #178
2024-11-10 05:44:17 +00:00 · 2024-06-05 16:50:55 +02:00 · 2024-06-05 16:50:55 +02:00 · 213f8050c9
commit 213f8050c9
parent a33ef102a0
1 changed files with 15 additions and 0 deletions
--- a/nixos.nix
+++ b/nixos.nix
@ -687,6 +687,9 @@ in
        homeDirOffenders =
          filterAttrs
            (n: v: (v.home != config.users.users.${n}.home));
+        usersWithoutUid = attrNames (filterAttrs (n: u: u.uid == null) config.users.users);
+        groupsWithoutGid = attrNames (filterAttrs (n: g: g.gid == null) config.users.groups);
+        varLibNixosPersisted = elem "/var/lib/nixos" (catAttrs "dirPath" directories);
      in
      [
        {
@ -758,6 +761,18 @@ in
                    ${concatStringsSep "\n      " offenders}
            '';
        }
+        {
+          assertion = varLibNixosPersisted || (usersWithoutUid == [ ] && groupsWithoutGid == [ ]);
+          message = ''
+            environment.persistence:
+                Either "/var/lib/nixos" has to be persisted, or all users and
+                groups must have a uid/gid specified. The following users are
+                missing a uid:
+                  ${concatStringsSep "\n      " usersWithoutUid}
+                The following groups are missing a gid:
+                  ${concatStringsSep "\n      " groupsWithoutGid}
+          '';
+        }
      ];
  };