From 40d82a0fd82a621d67acebbf49a0283b50f0a429 Mon Sep 17 00:00:00 2001 From: Val Packett Date: Thu, 29 Jan 2026 23:26:36 -0300 Subject: [PATCH] nix: use static userborn as it's upstream now --- nixosModules/default.nix | 41 +--------------------------------------- 1 file changed, 1 insertion(+), 40 deletions(-) diff --git a/nixosModules/default.nix b/nixosModules/default.nix index 9fb752c..78c7238 100644 --- a/nixosModules/default.nix +++ b/nixosModules/default.nix @@ -18,31 +18,6 @@ let StandardError = "tty"; }; runtimeDir = "/run/vm-user"; - userbornConfig = { - groups = lib.mapAttrsToList (username: opts: { - inherit (opts) name gid members; - }) config.users.groups; - users = lib.mapAttrsToList (username: opts: { - inherit (opts) - name - uid - group - description - home - password - hashedPassword - hashedPasswordFile - initialPassword - initialHashedPassword - ; - isNormal = opts.isNormalUser; - shell = utils.toShellPath opts.shell; - }) (lib.filterAttrs (_: u: u.enable) config.users.users); - }; - userbornConfigJson = pkgs.writeText "userborn.json" (builtins.toJSON userbornConfig); - userbornResults = - pkgs.runCommand "baked userborn" { } - "mkdir -p $out; ${lib.getExe pkgs.userborn} ${userbornConfigJson} $out"; system = pkgs.stdenv.hostPlatform.system; in { @@ -166,23 +141,9 @@ in }; # Configure user accounts - # The immutable overlay wants userborn or sysusers.. we just want baked-in files w/o running a service. - # So we can just run userborn at system closure build time! systemd.sysusers.enable = false; services.userborn.enable = true; - systemd.services.userborn.enable = false; - environment.etc."passwd" = lib.mkForce { - source = "${userbornResults}/passwd"; - mode = "0444"; - }; - environment.etc."group" = lib.mkForce { - source = "${userbornResults}/group"; - mode = "0444"; - }; - environment.etc."shadow" = lib.mkForce { - source = "${userbornResults}/shadow"; - mode = "0440"; - }; + services.userborn.static = true; users.mutableUsers = false; users.users.appvm = { uid = 1337;