Merge remote-tracking branch 'felix/system-group'

1 files changed, 18 insertions, 7 deletions

diff --git a/src/Propellor/Property/User.hs b/src/Propellor/Property/User.hs
index ce2611bc..0b5bdddc 100644
--- a/src/Propellor/Property/User.hs
+++ b/src/Propellor/Property/User.hs
@@ -22,17 +22,18 @@ systemAccountFor :: User -> Property DebianLike
 systemAccountFor user@(User u) = systemAccountFor' user Nothing (Just (Group u))
 
 systemAccountFor' :: User -> Maybe FilePath -> Maybe Group -> Property DebianLike
-systemAccountFor' (User u) mhome mgroup = tightenTargets $ check nouser go
+systemAccountFor' (User u) mhome mgroup = case mgroup of
+	Nothing -> prop
+	Just g -> prop
+		`requires` systemGroup g
 	`describe` ("system account for " ++ u)
   where
+	prop = tightenTargets $ check nouser go
 	nouser = isNothing <$> catchMaybeIO (getUserEntryForName u)
 	go = cmdProperty "adduser" $
-		[ "--system" ]
+		[ "--system", "--home" ]
 		++
-		"--home" : maybe
-			["/nonexistent", "--no-create-home"]
-			( \h -> [ h ] )
-			mhome
+		maybe ["/nonexistent", "--no-create-home"] ( \h -> [h] ) mhome
 		++
 		maybe [] ( \(Group g) -> ["--ingroup", g] ) mgroup
 		++
@@ -42,6 +43,16 @@ systemAccountFor' (User u) mhome mgroup = tightenTargets $ check nouser go
 		, u
 		]
 
+systemGroup :: Group -> Property UnixLike
+systemGroup (Group g) = check nogroup go
+	`describe` ("system account for " ++ g)
+  where
+	nogroup = isNothing <$> catchMaybeIO (getGroupEntryForName g)
+	go = cmdProperty "addgroup"
+		[ "--system"
+		, g
+		]
+
 -- | Removes user home directory!! Use with caution.
 nuked :: User -> Eep -> Property Linux
 nuked user@(User u) _ = tightenTargets $ check hashomedir go
@@ -111,7 +122,7 @@ chpasswd (User user) v ps = makeChange $ withHandle StdinHandle createProcessSuc
 		hClose h
 
 lockedPassword :: User -> Property DebianLike
-lockedPassword user@(User u) = tightenTargets $ 
+lockedPassword user@(User u) = tightenTargets $
 	check (not <$> isLockedPassword user) go
 		`describe` ("locked " ++ u ++ " password")
   where