Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WIP: login user setup #827

Draft
wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

WIP: login user setup #827

wants to merge 3 commits into from

Conversation

mbssrc
Copy link
Collaborator

@mbssrc mbssrc commented Oct 7, 2024

Description of changes

WIP to create login user account.

Checklist for things done

  • Summary of the proposed changes in the PR description
  • More detailed description in the commit message(s)
  • Commits are squashed into relevant entities - avoid a lot of minimal dev time commits in the PR
  • Contribution guidelines followed
  • Ghaf documentation updated with the commit - https://tiiuae.github.io/ghaf/
  • PR linked to architecture documentation and requirement(s) (ticket id)
  • Test procedure described (or includes tests). Select one or more:
    • Tested on Lenovo X1 x86_64
    • Tested on Jetson Orin NX or AGX aarch64
    • Tested on Polarfire riscv64
  • Author has run make-checks and it passes
  • All automatic Github Action checks pass - see actions
  • Author has added reviewers and removed PR draft status
  • Change requires full re-installation
  • Change can be updated with nixos-rebuild ... switch

Instructions for Testing

  • List all targets that this applies to:
  • Is this a new feature
    • List the test steps to verify:
  • If it is an improvement how does it impact existing functionality?

@mbssrc mbssrc temporarily deployed to internal-build-workflow October 7, 2024 16:45 — with GitHub Actions Inactive
@mbssrc mbssrc temporarily deployed to internal-build-workflow October 7, 2024 21:51 — with GitHub Actions Inactive
brianmcgillion
brianmcgillion reviewed Oct 8, 2024
View reviewed changes
modules/microvm/virtualization/microvm/audiovm.nix Outdated
@@ -72,6 +72,17 @@ let
] ++ lib.optional config.ghaf.development.debug.tools.enable pkgs.alsa-utils;
};

users.users."proxy-user-audio" = {
isNormalUser = true;
uid = config.ghaf.users.accounts.loginuid;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why?

modules/microvm/virtualization/microvm/netvm.nix Outdated
users.users."proxy-user-network" = {
isNormalUser = true;
createHome = false;
uid = config.ghaf.users.accounts.loginuid;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

again, why can it not be unique service account?

@mbssrc mbssrc temporarily deployed to internal-build-workflow October 18, 2024 00:50 — with GitHub Actions Inactive
@mbssrc
Switch vm boot to systemd in initrd
3f08d1c 
- enable systemd boot in initrd by default
- add systemd verbosity flag
- add device path in storagevm to allow impermanence to mount fs

Signed-off-by: Manuel Bluhm <[email protected]>
@mbssrc
Login user setup
b54e20c 
Signed-off-by: Manuel Bluhm <[email protected]>
@mbssrc
WIP:
41acb1a 
- removes userborn for gui-vm, allowing name change would require
  significant changes. "/etc" persisted without restrictions atm.
  password change alone works fine with userborn
- userborn enabled for all vms except gui

- USERS: admin (ghaf) user, proxy user (audio/net vms), app user (app vms),
  and loginuser (guivm)
- proxy/app users allow unprivileged application/service

- Login user name and password can be set at first (gui-vm) boot
- Additional script required to adjust home (impermanence name
  'hardcoded' in nix store)
- Password can be changed anytime using passwd
- Name can be changed by admin/root removing the lock file

Signed-off-by: Manuel Bluhm <[email protected]>
@mbssrc mbssrc temporarily deployed to internal-build-workflow October 22, 2024 19:06 — with GitHub Actions Inactive
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brianmcgillion brianmcgillion brianmcgillion left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mbssrc @brianmcgillion