shlevy/multi-user-linux.diff

## multi-user-linux.diff
--- scripts/install-darwin-multi-user.sh	2018-03-16 18:22:40.297097664 -0400
+++ install-multi-user.sh	2018-03-29 15:50:21.041138715 -0400
@@ -23,7 +23,6 @@
 readonly YELLOW='\033[38;33m'
 readonly YELLOW_UL='\033[38;4;33m'

-readonly CORES=$(sysctl -n hw.ncpu)
 readonly NIX_USER_COUNT="32"
 readonly NIX_BUILD_GROUP_ID="30000"
 readonly NIX_BUILD_GROUP_NAME="nixbld"
@@ -31,9 +30,8 @@
 # Please don't change this. We don't support it, because the
 # default shell profile that comes with Nix doesn't support it.
 readonly NIX_ROOT="/nix"
-readonly PLIST_DEST=/Library/LaunchDaemons/org.nixos.nix-daemon.plist

-readonly PROFILE_TARGETS=("/etc/bashrc" "/etc/zshrc")
+readonly PROFILE_TARGETS=("/etc/bashrc" "/etc/profile.d/nix.sh" "/etc/zshrc")
 readonly PROFILE_BACKUP_SUFFIX=".backup-before-nix"
 readonly PROFILE_NIX_FILE="$NIX_ROOT/var/nix/profiles/default/etc/profile.d/nix-daemon.sh"

@@ -41,7 +39,7 @@
 readonly NIX_INSTALLED_CACERT="@cacert@"
 readonly EXTRACTED_NIX_PATH="$(dirname "$0")"

-readonly ROOT_HOME="/var/root"
+readonly ROOT_HOME=$(echo ~root)

 if [ -t 0 ]; then
     readonly IS_HEADLESS='no'
@@ -71,15 +69,9 @@
     subheader "Uninstalling nix:"
     local step=0

-    if [ -e "$PLIST_DEST" ]; then
+    if poly_service_installed_check; then
         step=$((step + 1))
-        cat <<EOF
-$step. Delete $PLIST_DEST
-
-  sudo launchctl unload $PLIST_DEST
-  sudo rm $PLIST_DEST
-
-EOF
+        poly_service_uninstall_directions "$step"
     fi

     for profile_target in "${PROFILE_TARGETS[@]}"; do
@@ -117,11 +109,6 @@
     echo $((NIX_FIRST_BUILD_UID + $1 - 1))
 }

-dsclattr() {
-    /usr/bin/dscl . -read "$1" \
-        | awk "/$2/ { print \$2 }"
-}
-
 _textout() {
     echo -en "$1"
     shift
@@ -275,9 +262,7 @@


 validate_starting_assumptions() {
-    if [ "$(uname -s)" != "Darwin" ]; then
-        failure "This script is for use with macOS!"
-    fi
+    poly_validate_assumptions

     if [ $EUID -eq 0 ]; then
         failure <<EOF
@@ -408,9 +393,6 @@
 }

 setup_report() {
-    header "hardware report"
-    row "           Cores" "$CORES"
-
     header "Nix config report"
     row "        Temp Dir" "$SCRATCH"
     row "        Nix Root" "$NIX_ROOT"
@@ -434,15 +416,11 @@
     local primary_group_id

     task "Setting up the build group $NIX_BUILD_GROUP_NAME"
-    if ! /usr/bin/dscl . -read "/Groups/$NIX_BUILD_GROUP_NAME" > /dev/null 2>&1; then
-        _sudo "Create the Nix build group, $NIX_BUILD_GROUP_NAME" \
-              /usr/sbin/dseditgroup -o create \
-              -r "Nix build group for nix-daemon" \
-              -i "$NIX_BUILD_GROUP_ID" \
-              "$NIX_BUILD_GROUP_NAME" >&2
+    if ! poly_group_exists "$NIX_BUILD_GROUP_NAME"; then
+        poly_create_build_group
         row "            Created" "Yes"
     else
-        primary_group_id=$(dsclattr "/Groups/$NIX_BUILD_GROUP_NAME" "PrimaryGroupID")
+        primary_group_id=$(poly_group_id_get "$NIX_BUILD_GROUP_NAME")
         if [ "$primary_group_id" -ne "$NIX_BUILD_GROUP_ID" ]; then
             failure <<EOF
 It seems the build group $NIX_BUILD_GROUP_NAME already exists, but
@@ -467,17 +445,14 @@
     coreid="$1"
     username=$(nix_user_for_core "$coreid")
     uid=$(nix_uid_for_core "$coreid")
-    dsclpath="/Users/$username"

     task "Setting up the build user $username"

-    if ! /usr/bin/dscl . -read "$dsclpath" > /dev/null 2>&1; then
-        _sudo "Creating the Nix build user, $username" \
-              /usr/bin/dscl . create "$dsclpath" \
-              UniqueID "${uid}"
+    if ! poly_user_exists "$username"; then
+        poly_create_build_user "$username" "$uid" "$coreid"
         row "           Created" "Yes"
     else
-        actual_uid=$(dsclattr "$dsclpath" "UniqueID")
+        actual_uid=$(poly_user_id_get "$username")
         if [ "$actual_uid" -ne "$uid" ]; then
             failure <<EOF
 It seems the build user $username already exists, but with the UID
@@ -494,54 +469,46 @@
         fi
     fi

-    if [ "$(dsclattr "$dsclpath" "IsHidden")" = "1" ]; then
-        row "          IsHidden" "Yes"
+    if [ "$(poly_user_hidden_get "$username")" = "1" ]; then
+        row "            Hidden" "Yes"
     else
-        _sudo "in order to make $username a hidden user" \
-              /usr/bin/dscl . -create "$dsclpath" "IsHidden" "1"
-        row "          IsHidden" "Yes"
+        poly_user_hidden_set "$username"
+        row "            Hidden" "Yes"
     fi

-    if [ "$(dsclattr "$dsclpath" "NFSHomeDirectory")" = "/var/empty" ]; then
-        row "          NFSHomeDirectory" "/var/empty"
+    if [ "$(poly_user_home_get "$username")" = "/var/empty" ]; then
+        row "    Home Directory" "/var/empty"
     else
-        _sudo "in order to give $username a safe home directory" \
-              /usr/bin/dscl . -create "$dsclpath" "NFSHomeDirectory" "/var/empty"
-        row "          NFSHomeDirectory" "/var/empty"
+        poly_user_home_set "$username" "/var/empty"
+        row "    Home Directory" "/var/empty"
     fi

-    if [ "$(dsclattr "$dsclpath" "RealName")" = "Nix build user $coreid" ]; then
-        row "          RealName" "Nix build user $coreid"
+    if [ "$(poly_user_note_get "$username")" = "Nix build user $coreid" ]; then
+        row "              Note" "Nix build user $coreid"
     else
-        _sudo "in order to give $username a useful name" \
-              /usr/bin/dscl . -create "$dsclpath" "RealName" "Nix build user $coreid"
-        row "          RealName" "Nix build user $coreid"
+        poly_user_note_set "$username" "Nix build user $2"
+        row "              Note" "Nix build user $coreid"
     fi

-    if [ "$(dsclattr "$dsclpath" "UserShell")" = "/sbin/nologin" ]; then
+    if [ "$(poly_user_shell_get "$username")" = "/sbin/nologin" ]; then
         row "   Logins Disabled" "Yes"
     else
-        _sudo "in order to prevent $username from logging in" \
-              /usr/bin/dscl . -create "$dsclpath" "UserShell" "/sbin/nologin"
+        poly_user_shell_set "$username" "/sbin/nologin"
         row "   Logins Disabled" "Yes"
     fi

-    if dseditgroup -o checkmember -m "$username" "$NIX_BUILD_GROUP_NAME" > /dev/null 2>&1 ; then
+    if poly_user_in_group_check "$username" "$NIX_BUILD_GROUP_NAME"; then
         row "  Member of $NIX_BUILD_GROUP_NAME" "Yes"
     else
-        _sudo "Add $username to the $NIX_BUILD_GROUP_NAME group"\
-            /usr/sbin/dseditgroup -o edit -t user \
-            -a "$username" "$NIX_BUILD_GROUP_NAME"
+        poly_user_in_group_set "$username" "$NIX_BUILD_GROUP_NAME"
         row "  Member of $NIX_BUILD_GROUP_NAME" "Yes"
     fi

-    if [ "$(dsclattr "$dsclpath" "PrimaryGroupID")" = "$NIX_BUILD_GROUP_ID" ]; then
+    if [ "$(poly_user_primary_group_get "$username")" = "$NIX_BUILD_GROUP_ID" ]; then
         row "    PrimaryGroupID" "$NIX_BUILD_GROUP_ID"
     else
-        _sudo "to let the nix daemon use this user for builds (this might seem redundant, but there are two concepts of group membership)" \
-              /usr/bin/dscl . -create "$dsclpath" "PrimaryGroupID" "$NIX_BUILD_GROUP_ID"
+        poly_user_primary_group_set "$username" "$NIX_BUILD_GROUP_ID"
         row "    PrimaryGroupID" "$NIX_BUILD_GROUP_ID"
-
     fi
 }

@@ -628,10 +595,7 @@
 EOF
             fi
         done
-        cat <<EOF
- - load and start a LaunchDaemon (at $PLIST_DEST) for nix-daemon
-
-EOF
+        poly_service_setup_note
         if ! ui_confirm "Ready to continue?"; then
             failure <<EOF
 Okay, maybe you would like to talk to the team.
@@ -744,13 +708,13 @@

 setup_default_profile() {
     _sudo "to installing a bootstrapping Nix in to the default Profile" \
-          HOME=$ROOT_HOME "$NIX_INSTALLED_NIX/bin/nix-env" -i "$NIX_INSTALLED_NIX"
+          HOME="$ROOT_HOME" "$NIX_INSTALLED_NIX/bin/nix-env" -i "$NIX_INSTALLED_NIX"

     _sudo "to installing a bootstrapping SSL certificate just for Nix in to the default Profile" \
-          HOME=$ROOT_HOME "$NIX_INSTALLED_NIX/bin/nix-env" -i "$NIX_INSTALLED_CACERT"
+          HOME="$ROOT_HOME" "$NIX_INSTALLED_NIX/bin/nix-env" -i "$NIX_INSTALLED_CACERT"

     _sudo "to update the default channel in the default profile" \
-          HOME=$ROOT_HOME NIX_SSL_CERT_FILE=/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt "$NIX_INSTALLED_NIX/bin/nix-channel" --update nixpkgs
+          HOME="$ROOT_HOME" NIX_SSL_CERT_FILE=/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt "$NIX_INSTALLED_NIX/bin/nix-channel" --update nixpkgs
 }


@@ -766,20 +730,17 @@
           install -m 0664 "$SCRATCH/nix.conf" /etc/nix/nix.conf
 }

-configure_nix_daemon_plist() {
-    _sudo "to set up the nix-daemon as a LaunchDaemon" \
-          ln -sfn "/nix/var/nix/profiles/default$PLIST_DEST" "$PLIST_DEST"
-
-    _sudo "to load the LaunchDaemon plist for nix-daemon" \
-          launchctl load /Library/LaunchDaemons/org.nixos.nix-daemon.plist
-
-    _sudo "to start the nix-daemon" \
-          launchctl start org.nixos.nix-daemon
-
-}
-
-
 main() {
+    if [ "$(uname -s)" = "Darwin" ]; then
+        # shellcheck source=./install-darwin-multi-user.sh
+        . "$EXTRACTED_NIX_PATH/install-darwin-multi-user.sh"
+    elif [ "$(uname -s)" = "Linux" ] && [ -e /run/systemd/system ]; then
+        # shellcheck source=./install-systemd-multi-user.sh
+        . "$EXTRACTED_NIX_PATH/install-systemd-multi-user.sh"
+    else
+        failure "Sorry, I don't know what to do on $(uname)"
+    fi
+
     welcome_to_nix
     chat_about_sudo

@@ -810,7 +771,7 @@

     setup_default_profile
     place_nix_configuration
-    configure_nix_daemon_plist
+    poly_configure_nix_daemon_service

     trap finish_success EXIT
 }
	--- scripts/install-darwin-multi-user.sh 2018-03-16 18:22:40.297097664 -0400
	+++ install-multi-user.sh 2018-03-29 15:50:21.041138715 -0400
	@@ -23,7 +23,6 @@
	readonly YELLOW='\033[38;33m'
	readonly YELLOW_UL='\033[38;4;33m'

	-readonly CORES=$(sysctl -n hw.ncpu)
	readonly NIX_USER_COUNT="32"
	readonly NIX_BUILD_GROUP_ID="30000"
	readonly NIX_BUILD_GROUP_NAME="nixbld"
	@@ -31,9 +30,8 @@
	# Please don't change this. We don't support it, because the
	# default shell profile that comes with Nix doesn't support it.
	readonly NIX_ROOT="/nix"
	-readonly PLIST_DEST=/Library/LaunchDaemons/org.nixos.nix-daemon.plist

	-readonly PROFILE_TARGETS=("/etc/bashrc" "/etc/zshrc")
	+readonly PROFILE_TARGETS=("/etc/bashrc" "/etc/profile.d/nix.sh" "/etc/zshrc")
	readonly PROFILE_BACKUP_SUFFIX=".backup-before-nix"
	readonly PROFILE_NIX_FILE="$NIX_ROOT/var/nix/profiles/default/etc/profile.d/nix-daemon.sh"

	@@ -41,7 +39,7 @@
	readonly NIX_INSTALLED_CACERT="@cacert@"
	readonly EXTRACTED_NIX_PATH="$(dirname "$0")"

	-readonly ROOT_HOME="/var/root"
	+readonly ROOT_HOME=$(echo ~root)

	if [ -t 0 ]; then
	readonly IS_HEADLESS='no'
	@@ -71,15 +69,9 @@
	subheader "Uninstalling nix:"
	local step=0

	- if [ -e "$PLIST_DEST" ]; then
	+ if poly_service_installed_check; then
	step=$((step + 1))
	- cat <<EOF
	-$step. Delete $PLIST_DEST
	-
	- sudo launchctl unload $PLIST_DEST
	- sudo rm $PLIST_DEST
	-
	-EOF
	+ poly_service_uninstall_directions "$step"
	fi

	for profile_target in "${PROFILE_TARGETS[@]}"; do
	@@ -117,11 +109,6 @@
	echo $((NIX_FIRST_BUILD_UID + $1 - 1))
	}

	-dsclattr() {
	- /usr/bin/dscl . -read "$1" \
	- \| awk "/$2/ { print \$2 }"
	-}
	-
	_textout() {
	echo -en "$1"
	shift
	@@ -275,9 +262,7 @@


	validate_starting_assumptions() {
	- if [ "$(uname -s)" != "Darwin" ]; then
	- failure "This script is for use with macOS!"
	- fi
	+ poly_validate_assumptions

	if [ $EUID -eq 0 ]; then
	failure <<EOF
	@@ -408,9 +393,6 @@
	}

	setup_report() {
	- header "hardware report"
	- row " Cores" "$CORES"
	-
	header "Nix config report"
	row " Temp Dir" "$SCRATCH"
	row " Nix Root" "$NIX_ROOT"
	@@ -434,15 +416,11 @@
	local primary_group_id

	task "Setting up the build group $NIX_BUILD_GROUP_NAME"
	- if ! /usr/bin/dscl . -read "/Groups/$NIX_BUILD_GROUP_NAME" > /dev/null 2>&1; then
	- _sudo "Create the Nix build group, $NIX_BUILD_GROUP_NAME" \
	- /usr/sbin/dseditgroup -o create \
	- -r "Nix build group for nix-daemon" \
	- -i "$NIX_BUILD_GROUP_ID" \
	- "$NIX_BUILD_GROUP_NAME" >&2
	+ if ! poly_group_exists "$NIX_BUILD_GROUP_NAME"; then
	+ poly_create_build_group
	row " Created" "Yes"
	else
	- primary_group_id=$(dsclattr "/Groups/$NIX_BUILD_GROUP_NAME" "PrimaryGroupID")
	+ primary_group_id=$(poly_group_id_get "$NIX_BUILD_GROUP_NAME")
	if [ "$primary_group_id" -ne "$NIX_BUILD_GROUP_ID" ]; then
	failure <<EOF
	It seems the build group $NIX_BUILD_GROUP_NAME already exists, but
	@@ -467,17 +445,14 @@
	coreid="$1"
	username=$(nix_user_for_core "$coreid")
	uid=$(nix_uid_for_core "$coreid")
	- dsclpath="/Users/$username"

	task "Setting up the build user $username"

	- if ! /usr/bin/dscl . -read "$dsclpath" > /dev/null 2>&1; then
	- _sudo "Creating the Nix build user, $username" \
	- /usr/bin/dscl . create "$dsclpath" \
	- UniqueID "${uid}"
	+ if ! poly_user_exists "$username"; then
	+ poly_create_build_user "$username" "$uid" "$coreid"
	row " Created" "Yes"
	else
	- actual_uid=$(dsclattr "$dsclpath" "UniqueID")
	+ actual_uid=$(poly_user_id_get "$username")
	if [ "$actual_uid" -ne "$uid" ]; then
	failure <<EOF
	It seems the build user $username already exists, but with the UID
	@@ -494,54 +469,46 @@
	fi
	fi

	- if [ "$(dsclattr "$dsclpath" "IsHidden")" = "1" ]; then
	- row " IsHidden" "Yes"
	+ if [ "$(poly_user_hidden_get "$username")" = "1" ]; then
	+ row " Hidden" "Yes"
	else
	- _sudo "in order to make $username a hidden user" \
	- /usr/bin/dscl . -create "$dsclpath" "IsHidden" "1"
	- row " IsHidden" "Yes"
	+ poly_user_hidden_set "$username"
	+ row " Hidden" "Yes"
	fi

	- if [ "$(dsclattr "$dsclpath" "NFSHomeDirectory")" = "/var/empty" ]; then
	- row " NFSHomeDirectory" "/var/empty"
	+ if [ "$(poly_user_home_get "$username")" = "/var/empty" ]; then
	+ row " Home Directory" "/var/empty"
	else
	- _sudo "in order to give $username a safe home directory" \
	- /usr/bin/dscl . -create "$dsclpath" "NFSHomeDirectory" "/var/empty"
	- row " NFSHomeDirectory" "/var/empty"
	+ poly_user_home_set "$username" "/var/empty"
	+ row " Home Directory" "/var/empty"
	fi

	- if [ "$(dsclattr "$dsclpath" "RealName")" = "Nix build user $coreid" ]; then
	- row " RealName" "Nix build user $coreid"
	+ if [ "$(poly_user_note_get "$username")" = "Nix build user $coreid" ]; then
	+ row " Note" "Nix build user $coreid"
	else
	- _sudo "in order to give $username a useful name" \
	- /usr/bin/dscl . -create "$dsclpath" "RealName" "Nix build user $coreid"
	- row " RealName" "Nix build user $coreid"
	+ poly_user_note_set "$username" "Nix build user $2"
	+ row " Note" "Nix build user $coreid"
	fi

	- if [ "$(dsclattr "$dsclpath" "UserShell")" = "/sbin/nologin" ]; then
	+ if [ "$(poly_user_shell_get "$username")" = "/sbin/nologin" ]; then
	row " Logins Disabled" "Yes"
	else
	- _sudo "in order to prevent $username from logging in" \
	- /usr/bin/dscl . -create "$dsclpath" "UserShell" "/sbin/nologin"
	+ poly_user_shell_set "$username" "/sbin/nologin"
	row " Logins Disabled" "Yes"
	fi

	- if dseditgroup -o checkmember -m "$username" "$NIX_BUILD_GROUP_NAME" > /dev/null 2>&1 ; then
	+ if poly_user_in_group_check "$username" "$NIX_BUILD_GROUP_NAME"; then
	row " Member of $NIX_BUILD_GROUP_NAME" "Yes"
	else
	- _sudo "Add $username to the $NIX_BUILD_GROUP_NAME group"\
	- /usr/sbin/dseditgroup -o edit -t user \
	- -a "$username" "$NIX_BUILD_GROUP_NAME"
	+ poly_user_in_group_set "$username" "$NIX_BUILD_GROUP_NAME"
	row " Member of $NIX_BUILD_GROUP_NAME" "Yes"
	fi

	- if [ "$(dsclattr "$dsclpath" "PrimaryGroupID")" = "$NIX_BUILD_GROUP_ID" ]; then
	+ if [ "$(poly_user_primary_group_get "$username")" = "$NIX_BUILD_GROUP_ID" ]; then
	row " PrimaryGroupID" "$NIX_BUILD_GROUP_ID"
	else
	- _sudo "to let the nix daemon use this user for builds (this might seem redundant, but there are two concepts of group membership)" \
	- /usr/bin/dscl . -create "$dsclpath" "PrimaryGroupID" "$NIX_BUILD_GROUP_ID"
	+ poly_user_primary_group_set "$username" "$NIX_BUILD_GROUP_ID"
	row " PrimaryGroupID" "$NIX_BUILD_GROUP_ID"
	-
	fi
	}

	@@ -628,10 +595,7 @@
	EOF
	fi
	done
	- cat <<EOF
	- - load and start a LaunchDaemon (at $PLIST_DEST) for nix-daemon
	-
	-EOF
	+ poly_service_setup_note
	if ! ui_confirm "Ready to continue?"; then
	failure <<EOF
	Okay, maybe you would like to talk to the team.
	@@ -744,13 +708,13 @@

	setup_default_profile() {
	_sudo "to installing a bootstrapping Nix in to the default Profile" \
	- HOME=$ROOT_HOME "$NIX_INSTALLED_NIX/bin/nix-env" -i "$NIX_INSTALLED_NIX"
	+ HOME="$ROOT_HOME" "$NIX_INSTALLED_NIX/bin/nix-env" -i "$NIX_INSTALLED_NIX"

	_sudo "to installing a bootstrapping SSL certificate just for Nix in to the default Profile" \
	- HOME=$ROOT_HOME "$NIX_INSTALLED_NIX/bin/nix-env" -i "$NIX_INSTALLED_CACERT"
	+ HOME="$ROOT_HOME" "$NIX_INSTALLED_NIX/bin/nix-env" -i "$NIX_INSTALLED_CACERT"

	_sudo "to update the default channel in the default profile" \
	- HOME=$ROOT_HOME NIX_SSL_CERT_FILE=/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt "$NIX_INSTALLED_NIX/bin/nix-channel" --update nixpkgs
	+ HOME="$ROOT_HOME" NIX_SSL_CERT_FILE=/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt "$NIX_INSTALLED_NIX/bin/nix-channel" --update nixpkgs
	}


	@@ -766,20 +730,17 @@
	install -m 0664 "$SCRATCH/nix.conf" /etc/nix/nix.conf
	}

	-configure_nix_daemon_plist() {
	- _sudo "to set up the nix-daemon as a LaunchDaemon" \
	- ln -sfn "/nix/var/nix/profiles/default$PLIST_DEST" "$PLIST_DEST"
	-
	- _sudo "to load the LaunchDaemon plist for nix-daemon" \
	- launchctl load /Library/LaunchDaemons/org.nixos.nix-daemon.plist
	-
	- _sudo "to start the nix-daemon" \
	- launchctl start org.nixos.nix-daemon
	-
	-}
	-
	-
	main() {
	+ if [ "$(uname -s)" = "Darwin" ]; then
	+ # shellcheck source=./install-darwin-multi-user.sh
	+ . "$EXTRACTED_NIX_PATH/install-darwin-multi-user.sh"
	+ elif [ "$(uname -s)" = "Linux" ] && [ -e /run/systemd/system ]; then
	+ # shellcheck source=./install-systemd-multi-user.sh
	+ . "$EXTRACTED_NIX_PATH/install-systemd-multi-user.sh"
	+ else
	+ failure "Sorry, I don't know what to do on $(uname)"
	+ fi
	+
	welcome_to_nix
	chat_about_sudo

	@@ -810,7 +771,7 @@

	setup_default_profile
	place_nix_configuration
	- configure_nix_daemon_plist
	+ poly_configure_nix_daemon_service

	trap finish_success EXIT
	}