Created
March 29, 2018 19:51
-
-
Save shlevy/b07809061307f0b93170fcbe11aea352 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- scripts/install-darwin-multi-user.sh 2018-03-16 18:22:40.297097664 -0400 | |
| +++ install-multi-user.sh 2018-03-29 15:50:21.041138715 -0400 | |
| @@ -23,7 +23,6 @@ | |
| readonly YELLOW='\033[38;33m' | |
| readonly YELLOW_UL='\033[38;4;33m' | |
| -readonly CORES=$(sysctl -n hw.ncpu) | |
| readonly NIX_USER_COUNT="32" | |
| readonly NIX_BUILD_GROUP_ID="30000" | |
| readonly NIX_BUILD_GROUP_NAME="nixbld" | |
| @@ -31,9 +30,8 @@ | |
| # Please don't change this. We don't support it, because the | |
| # default shell profile that comes with Nix doesn't support it. | |
| readonly NIX_ROOT="/nix" | |
| -readonly PLIST_DEST=/Library/LaunchDaemons/org.nixos.nix-daemon.plist | |
| -readonly PROFILE_TARGETS=("/etc/bashrc" "/etc/zshrc") | |
| +readonly PROFILE_TARGETS=("/etc/bashrc" "/etc/profile.d/nix.sh" "/etc/zshrc") | |
| readonly PROFILE_BACKUP_SUFFIX=".backup-before-nix" | |
| readonly PROFILE_NIX_FILE="$NIX_ROOT/var/nix/profiles/default/etc/profile.d/nix-daemon.sh" | |
| @@ -41,7 +39,7 @@ | |
| readonly NIX_INSTALLED_CACERT="@cacert@" | |
| readonly EXTRACTED_NIX_PATH="$(dirname "$0")" | |
| -readonly ROOT_HOME="/var/root" | |
| +readonly ROOT_HOME=$(echo ~root) | |
| if [ -t 0 ]; then | |
| readonly IS_HEADLESS='no' | |
| @@ -71,15 +69,9 @@ | |
| subheader "Uninstalling nix:" | |
| local step=0 | |
| - if [ -e "$PLIST_DEST" ]; then | |
| + if poly_service_installed_check; then | |
| step=$((step + 1)) | |
| - cat <<EOF | |
| -$step. Delete $PLIST_DEST | |
| - | |
| - sudo launchctl unload $PLIST_DEST | |
| - sudo rm $PLIST_DEST | |
| - | |
| -EOF | |
| + poly_service_uninstall_directions "$step" | |
| fi | |
| for profile_target in "${PROFILE_TARGETS[@]}"; do | |
| @@ -117,11 +109,6 @@ | |
| echo $((NIX_FIRST_BUILD_UID + $1 - 1)) | |
| } | |
| -dsclattr() { | |
| - /usr/bin/dscl . -read "$1" \ | |
| - | awk "/$2/ { print \$2 }" | |
| -} | |
| - | |
| _textout() { | |
| echo -en "$1" | |
| shift | |
| @@ -275,9 +262,7 @@ | |
| validate_starting_assumptions() { | |
| - if [ "$(uname -s)" != "Darwin" ]; then | |
| - failure "This script is for use with macOS!" | |
| - fi | |
| + poly_validate_assumptions | |
| if [ $EUID -eq 0 ]; then | |
| failure <<EOF | |
| @@ -408,9 +393,6 @@ | |
| } | |
| setup_report() { | |
| - header "hardware report" | |
| - row " Cores" "$CORES" | |
| - | |
| header "Nix config report" | |
| row " Temp Dir" "$SCRATCH" | |
| row " Nix Root" "$NIX_ROOT" | |
| @@ -434,15 +416,11 @@ | |
| local primary_group_id | |
| task "Setting up the build group $NIX_BUILD_GROUP_NAME" | |
| - if ! /usr/bin/dscl . -read "/Groups/$NIX_BUILD_GROUP_NAME" > /dev/null 2>&1; then | |
| - _sudo "Create the Nix build group, $NIX_BUILD_GROUP_NAME" \ | |
| - /usr/sbin/dseditgroup -o create \ | |
| - -r "Nix build group for nix-daemon" \ | |
| - -i "$NIX_BUILD_GROUP_ID" \ | |
| - "$NIX_BUILD_GROUP_NAME" >&2 | |
| + if ! poly_group_exists "$NIX_BUILD_GROUP_NAME"; then | |
| + poly_create_build_group | |
| row " Created" "Yes" | |
| else | |
| - primary_group_id=$(dsclattr "/Groups/$NIX_BUILD_GROUP_NAME" "PrimaryGroupID") | |
| + primary_group_id=$(poly_group_id_get "$NIX_BUILD_GROUP_NAME") | |
| if [ "$primary_group_id" -ne "$NIX_BUILD_GROUP_ID" ]; then | |
| failure <<EOF | |
| It seems the build group $NIX_BUILD_GROUP_NAME already exists, but | |
| @@ -467,17 +445,14 @@ | |
| coreid="$1" | |
| username=$(nix_user_for_core "$coreid") | |
| uid=$(nix_uid_for_core "$coreid") | |
| - dsclpath="/Users/$username" | |
| task "Setting up the build user $username" | |
| - if ! /usr/bin/dscl . -read "$dsclpath" > /dev/null 2>&1; then | |
| - _sudo "Creating the Nix build user, $username" \ | |
| - /usr/bin/dscl . create "$dsclpath" \ | |
| - UniqueID "${uid}" | |
| + if ! poly_user_exists "$username"; then | |
| + poly_create_build_user "$username" "$uid" "$coreid" | |
| row " Created" "Yes" | |
| else | |
| - actual_uid=$(dsclattr "$dsclpath" "UniqueID") | |
| + actual_uid=$(poly_user_id_get "$username") | |
| if [ "$actual_uid" -ne "$uid" ]; then | |
| failure <<EOF | |
| It seems the build user $username already exists, but with the UID | |
| @@ -494,54 +469,46 @@ | |
| fi | |
| fi | |
| - if [ "$(dsclattr "$dsclpath" "IsHidden")" = "1" ]; then | |
| - row " IsHidden" "Yes" | |
| + if [ "$(poly_user_hidden_get "$username")" = "1" ]; then | |
| + row " Hidden" "Yes" | |
| else | |
| - _sudo "in order to make $username a hidden user" \ | |
| - /usr/bin/dscl . -create "$dsclpath" "IsHidden" "1" | |
| - row " IsHidden" "Yes" | |
| + poly_user_hidden_set "$username" | |
| + row " Hidden" "Yes" | |
| fi | |
| - if [ "$(dsclattr "$dsclpath" "NFSHomeDirectory")" = "/var/empty" ]; then | |
| - row " NFSHomeDirectory" "/var/empty" | |
| + if [ "$(poly_user_home_get "$username")" = "/var/empty" ]; then | |
| + row " Home Directory" "/var/empty" | |
| else | |
| - _sudo "in order to give $username a safe home directory" \ | |
| - /usr/bin/dscl . -create "$dsclpath" "NFSHomeDirectory" "/var/empty" | |
| - row " NFSHomeDirectory" "/var/empty" | |
| + poly_user_home_set "$username" "/var/empty" | |
| + row " Home Directory" "/var/empty" | |
| fi | |
| - if [ "$(dsclattr "$dsclpath" "RealName")" = "Nix build user $coreid" ]; then | |
| - row " RealName" "Nix build user $coreid" | |
| + if [ "$(poly_user_note_get "$username")" = "Nix build user $coreid" ]; then | |
| + row " Note" "Nix build user $coreid" | |
| else | |
| - _sudo "in order to give $username a useful name" \ | |
| - /usr/bin/dscl . -create "$dsclpath" "RealName" "Nix build user $coreid" | |
| - row " RealName" "Nix build user $coreid" | |
| + poly_user_note_set "$username" "Nix build user $2" | |
| + row " Note" "Nix build user $coreid" | |
| fi | |
| - if [ "$(dsclattr "$dsclpath" "UserShell")" = "/sbin/nologin" ]; then | |
| + if [ "$(poly_user_shell_get "$username")" = "/sbin/nologin" ]; then | |
| row " Logins Disabled" "Yes" | |
| else | |
| - _sudo "in order to prevent $username from logging in" \ | |
| - /usr/bin/dscl . -create "$dsclpath" "UserShell" "/sbin/nologin" | |
| + poly_user_shell_set "$username" "/sbin/nologin" | |
| row " Logins Disabled" "Yes" | |
| fi | |
| - if dseditgroup -o checkmember -m "$username" "$NIX_BUILD_GROUP_NAME" > /dev/null 2>&1 ; then | |
| + if poly_user_in_group_check "$username" "$NIX_BUILD_GROUP_NAME"; then | |
| row " Member of $NIX_BUILD_GROUP_NAME" "Yes" | |
| else | |
| - _sudo "Add $username to the $NIX_BUILD_GROUP_NAME group"\ | |
| - /usr/sbin/dseditgroup -o edit -t user \ | |
| - -a "$username" "$NIX_BUILD_GROUP_NAME" | |
| + poly_user_in_group_set "$username" "$NIX_BUILD_GROUP_NAME" | |
| row " Member of $NIX_BUILD_GROUP_NAME" "Yes" | |
| fi | |
| - if [ "$(dsclattr "$dsclpath" "PrimaryGroupID")" = "$NIX_BUILD_GROUP_ID" ]; then | |
| + if [ "$(poly_user_primary_group_get "$username")" = "$NIX_BUILD_GROUP_ID" ]; then | |
| row " PrimaryGroupID" "$NIX_BUILD_GROUP_ID" | |
| else | |
| - _sudo "to let the nix daemon use this user for builds (this might seem redundant, but there are two concepts of group membership)" \ | |
| - /usr/bin/dscl . -create "$dsclpath" "PrimaryGroupID" "$NIX_BUILD_GROUP_ID" | |
| + poly_user_primary_group_set "$username" "$NIX_BUILD_GROUP_ID" | |
| row " PrimaryGroupID" "$NIX_BUILD_GROUP_ID" | |
| - | |
| fi | |
| } | |
| @@ -628,10 +595,7 @@ | |
| EOF | |
| fi | |
| done | |
| - cat <<EOF | |
| - - load and start a LaunchDaemon (at $PLIST_DEST) for nix-daemon | |
| - | |
| -EOF | |
| + poly_service_setup_note | |
| if ! ui_confirm "Ready to continue?"; then | |
| failure <<EOF | |
| Okay, maybe you would like to talk to the team. | |
| @@ -744,13 +708,13 @@ | |
| setup_default_profile() { | |
| _sudo "to installing a bootstrapping Nix in to the default Profile" \ | |
| - HOME=$ROOT_HOME "$NIX_INSTALLED_NIX/bin/nix-env" -i "$NIX_INSTALLED_NIX" | |
| + HOME="$ROOT_HOME" "$NIX_INSTALLED_NIX/bin/nix-env" -i "$NIX_INSTALLED_NIX" | |
| _sudo "to installing a bootstrapping SSL certificate just for Nix in to the default Profile" \ | |
| - HOME=$ROOT_HOME "$NIX_INSTALLED_NIX/bin/nix-env" -i "$NIX_INSTALLED_CACERT" | |
| + HOME="$ROOT_HOME" "$NIX_INSTALLED_NIX/bin/nix-env" -i "$NIX_INSTALLED_CACERT" | |
| _sudo "to update the default channel in the default profile" \ | |
| - HOME=$ROOT_HOME NIX_SSL_CERT_FILE=/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt "$NIX_INSTALLED_NIX/bin/nix-channel" --update nixpkgs | |
| + HOME="$ROOT_HOME" NIX_SSL_CERT_FILE=/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt "$NIX_INSTALLED_NIX/bin/nix-channel" --update nixpkgs | |
| } | |
| @@ -766,20 +730,17 @@ | |
| install -m 0664 "$SCRATCH/nix.conf" /etc/nix/nix.conf | |
| } | |
| -configure_nix_daemon_plist() { | |
| - _sudo "to set up the nix-daemon as a LaunchDaemon" \ | |
| - ln -sfn "/nix/var/nix/profiles/default$PLIST_DEST" "$PLIST_DEST" | |
| - | |
| - _sudo "to load the LaunchDaemon plist for nix-daemon" \ | |
| - launchctl load /Library/LaunchDaemons/org.nixos.nix-daemon.plist | |
| - | |
| - _sudo "to start the nix-daemon" \ | |
| - launchctl start org.nixos.nix-daemon | |
| - | |
| -} | |
| - | |
| - | |
| main() { | |
| + if [ "$(uname -s)" = "Darwin" ]; then | |
| + # shellcheck source=./install-darwin-multi-user.sh | |
| + . "$EXTRACTED_NIX_PATH/install-darwin-multi-user.sh" | |
| + elif [ "$(uname -s)" = "Linux" ] && [ -e /run/systemd/system ]; then | |
| + # shellcheck source=./install-systemd-multi-user.sh | |
| + . "$EXTRACTED_NIX_PATH/install-systemd-multi-user.sh" | |
| + else | |
| + failure "Sorry, I don't know what to do on $(uname)" | |
| + fi | |
| + | |
| welcome_to_nix | |
| chat_about_sudo | |
| @@ -810,7 +771,7 @@ | |
| setup_default_profile | |
| place_nix_configuration | |
| - configure_nix_daemon_plist | |
| + poly_configure_nix_daemon_service | |
| trap finish_success EXIT | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment