Open dlubawy opened 2 months ago
Thanks for this. Your changes absolutely seem directionally correct and I think we’re basically in complete agreement on what the ideal end‐state for nix-darwin looks like.
However, there are considerations to make in terms of the migration path for the inevitable breaking changes it would involve, and the best way to move things over smoothly without disrupting users’ setups multiple times along the way. I’ve been meaning to start tackling this for a long while now and it’s on me for not having written down my thoughts and plans in details, so I’m sorry about that! I really appreciate you taking the initiative on this work and it would be great to work with you on gradually moving towards a setup where nix-darwin exclusively manages the system, darwin-rebuild
is always run as root, multiple‐user setups work in a reasonable way, we don’t duplicate work that better belongs in Home Manager, and so on.
I have a lot on my stack right now and my availability isn’t perfect, but if I don’t get around to replying again with my blueprint for what I think we should do here in a couple days please feel free to ping me.
@emilazy if you can manage it, I would love to hear the blueprint and maybe help out to achieve a better experience in this space. No worries if you are still too busy.
Sorry for the delayed reply; I will try to get back to this ASAP.
I’ve replied in https://github.com/LnL7/nix-darwin/pull/1016 instead as it is more directly related to what I talk about there. This PR actually seems like it probably has no conflicts with any of that work and might just be totally fine as‐is; thank you for doing the work! I’ll have to give it a proper review some other time, though, since I just spent like five years writing up the big plan :)
I responded in #1016 and closed it as a PR. That was a great comment, and I'm looking forward to those changes!
Back on this PR. This is definitely a separate topic, but it is in the same spirit of improving multi-user support on nix-darwin. I would greatly appreciate a good review on the changes and ideas I propose here. Ultimately my intention is to bring some parity to user management between nix-darwin and NixOS. I think I was pretty heavy handed in some aspects here so a review by someone more seasoned in nix-darwin is highly valuable, especially to determine better approaches for backwards compatibility. I would also greatly appreciate some feedback on the ideas I put out around the notion of admins, token users, and removal of knownUsers.
Sorry for the delay; I’ve been busy lately but I’ll try to get around to reviewing this soon because we are going to need to do stuff with user management within the next couple weeks to handle the _nixbld*
UID clashes in the upcoming macOS Sequoia upgrade.
Do you know if this will handle, or could easily be made to handle, changing the UID and GID of existing users and groups? I am hoping we can effectively implement https://github.com/NixOS/nix/pull/11075 just by changing the IDs we assign for those users.
This PR is related to issues #554 and #96. I've opened this more as discussion around possibilities rather than as a request to actually merge the code. There are a few problems I see with nix-darwin around user management. Using numbers for reference later, these problems are:
dscl
user management does not work for this as new users created will not be able to use FDE and so will be unable to login on rebootdscl
is an older (maybe arguably deprecated) tool for creating new users. New users created this way will lack specific metadata that prevents certain user management actions in System Settings such as profile picture selection and other odd behaviordscl
requires careful tracking of reserved UIDs/GIDs which can change between OS upgrades or other operationsknownUsers
/knownGroups
in order to actually be managed by nix-darwinThe edits I made tackled these problems in the following manner (each numbered point corresponding to the problem with the same number):
dscl
tosysadminctl
commandsisNormalUser
: normal user according to macOS (i.e.UID > 500
)isAdminUser
: adds the user to theadmin
groupisSystemUser
: configure system user according to macOS (i.e.200 <= UID <= 400
)isTokenUser
: configure the user for FDE by having an admin with a secure token add a token to this usersysadminctl
to perform user changespassword
: behaves like NixOS option; password is only changes when users are immutableinitialPassword
: equivalent topassword
when users are immutable; otherwise sets the initial password when a user is first createdknownUsers
/knownGroups
in favor of NixOSusers.mutableUsers
flagNixDeclarative
attribute withdscl
to track which users/groups are managedNixDeclarative
attribute are modified according to configsThis isn't a perfect approach to things as
isTokenUser
needs an admin user with a secure token to be able to enter their password as well as the user requiring the change to do the same, but in combination with themutableUsers
andpassword
options this could be mitigated on new system builds by pulling the password from the config.It's my intention with these changes to have a system whereby I can more easily manage an admin user (which runs nix-darwin and manages homebrew through it) and a normal user (for daily use) that can run
sudo -Hu admin darwin-rebuild
(because running as root is broken right now). This is typically how systems should be configured in macOS where running admin as a daily user goes against best practices according to Apple. I've been using this code in my personal system configuration and it has achieved that for me. Hopefully, this can be of use to others as well.