nixos/userborn: introduce config.services.userborn.static mode #465906
Conversation
nixpkgs-ci
bot
added
10.rebuild-linux: 1-10
nixpkgs-ci
bot
added
the
12.approvals: 1
nikstur
left a comment
nikstur
left a comment
There was a problem hiding this comment.
This is generally a bad idea.
You can only sensible allocated UIDs impurely, i.e. when the system is running because you always need to have the state of the password files (i.e. from users changing between generations).
The only situation where this mode is acceptable is if you never change users during the entire lifetime of the system, i.e. when you do not switch generations but delete and re-create the entire image for an update.
Otherwise it's potentially dangerous because of UID/GID re-use. Please see this part of the Userborn readme for an example of why UID/GID re-use is bad.
If you're thinking of the acceptable use-case describe above, we need to make this very clear and point out the pitfalls in the docs. I'd also prefer if this mode was called static because baked is not very descriptive IMO.
|
Yes, by "embedded appliance-style applications" I mean systems that don't use NixOS generations at all. We're currently doing this for application VMs that are built with raw What would be a good assertion for "generations / typical nixos management aren't used"? Yeah, I thought about |
Assert that |
You could do that via EDIT: Please note, however, that this doesn't solve all cases. When you build an image based system and update it with |
valpackett
force-pushed
the
val/tzpploqoquqx
branch
from
8e154dc to
2bc519c
Compare
valpackett
changed the title
nikstur
left a comment
nikstur
left a comment
There was a problem hiding this comment.
Please add test for this. Otherwise it's very hard to maintain long-term.
For embedded appliance-style applications, we would like to avoid the ~100ms boot time hit that comes from running userborn or sysusers by pre-baking the final password files directly into the system closure. Turns out, userborn is trivial to run at build time instead of boot time, so let's introduce a new "baked" static mode that directly places the files into an immutable /etc.
valpackett
force-pushed
the
val/tzpploqoquqx
branch
from
2bc519c to
66285bc
Compare
|
Is one test sufficient or should there be variants for mutable/immutable /etc and users? |
nikstur
left a comment
nikstur
left a comment
There was a problem hiding this comment.
Is one test sufficient or should there be variants for mutable/immutable /etc and users?
One is fine for now.
Thank you for the work! Definitely an interesting use case. I appreciate the benchmarking that you have done beforehand.
|
|
||
| name = "userborn-static"; | ||
|
|
||
| meta.maintainers = with lib.maintainers; [ nikstur ]; |
There was a problem hiding this comment.
Do you want to add yourself here?
There was a problem hiding this comment.
eh, don't think it would necessary..
nixpkgs-ci
bot
added
12.approvals: 2
3 participants
For embedded appliance-style applications, we would like to avoid the ~100ms boot time hit that comes from running userborn or sysusers by pre-baking the final password files directly into the system closure.
Turns out, userborn is trivial to run at build time instead of boot time, so let's introduce a new "baked" mode that directly places the files into an immutable /etc.
Things done
passthru.tests.nixpkgs-reviewon this PR. See nixpkgs-review usage../result/bin/.Add a 👍 reaction to pull requests you find important.