From 5c0a0c784791d3cfe781e3be3de6afdae0b84665 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Tue, 2 Jan 2024 10:48:01 -0500 Subject: [PATCH] feat(dx): Add wheel users to docker,incus-admin,lxd groups Run a onetime service to add members of the wheel group to docker, incus-admin, lxd , and libvirt groups. Removed just docker and replaced with just dx-groups to add the current user to docker, incus-admin, lxd, libvirt groups --- Containerfile | 1 + dx/usr/bin/bluefin-dx-groups | 26 +++++++++++++++++++ .../systemd/system/bluefin-dx-groups.service | 12 +++++++++ just/custom.just | 9 ++++--- 4 files changed, 45 insertions(+), 3 deletions(-) create mode 100755 dx/usr/bin/bluefin-dx-groups create mode 100644 dx/usr/lib/systemd/system/bluefin-dx-groups.service diff --git a/Containerfile b/Containerfile index 447f50ebc5f..2c0d50b0917 100644 --- a/Containerfile +++ b/Containerfile @@ -159,6 +159,7 @@ RUN wget https://raw.githubusercontent.com/ahmetb/kubectx/master/kubectx -O /usr RUN systemctl enable docker.socket && \ systemctl enable podman.socket && \ systemctl enable swtpm-workaround.service && \ + systemctl enable bluefin-dx-groups.service && \ systemctl enable --global bluefin-dx-user-vscode.service && \ systemctl disable pmie.service && \ systemctl disable pmlogger.service diff --git a/dx/usr/bin/bluefin-dx-groups b/dx/usr/bin/bluefin-dx-groups new file mode 100755 index 00000000000..964dc9cb0f6 --- /dev/null +++ b/dx/usr/bin/bluefin-dx-groups @@ -0,0 +1,26 @@ +#!/usr/bin/env bash + +# SCRIPT VERSION +GROUP_SETUP_VER=1 +GROUP_SETUP_VER_FILE="/etc/ublue/dx-groups" +GROUP_SETUP_VER_RAN=$(cat "$GROUP_SETUP_VER_FILE") + +# Run script if updated +if [[ -f $GROUP_SETUP_VER_FILE && "$GROUP_SETUP_VER" = "$GROUP_SETUP_VER_RAN" ]]; then + echo "Group setup has already run. Exiting..." + exit 0 +fi + +# Setup Groups +wheelarray=($(getent group wheel | cut -d ":" -f 4 | tr ',' '\n')) +for user in $wheelarray +do + usermod -aG docker $user + usermod -aG incus-admin $user + usermod -aG lxd $user + usermod -aG libvirt $user +done + +# Prevent future executions +echo "Writing state file" +echo "$GROUP_SETUP_VER" > "$GROUP_SETUP_VER_FILE" diff --git a/dx/usr/lib/systemd/system/bluefin-dx-groups.service b/dx/usr/lib/systemd/system/bluefin-dx-groups.service new file mode 100644 index 00000000000..d025a7b5733 --- /dev/null +++ b/dx/usr/lib/systemd/system/bluefin-dx-groups.service @@ -0,0 +1,12 @@ +[Unit] +Description=Add wheel members to docker,incus-admin, and lxd groups + +[Service] +Type=oneshot +ExecStart=/usr/bin/bluefin-dx-groups +Restart=on-failure +RestartSec=30 +StartLimitInterval=0 + +[Install] +WantedBy=default.target \ No newline at end of file diff --git a/just/custom.just b/just/custom.just index ceef537cab8..dab9f3136eb 100644 --- a/just/custom.just +++ b/just/custom.just @@ -305,7 +305,10 @@ zsh: sudo usermod $USER --shell /usr/bin/zsh printf "${USER}'s shell is now %s." "$(cat /etc/passwd | grep ":$UID:" | cut '-d:' '-f7')" -# Configure Docker user permissions -docker: +# Configure docker,incus-admin,lxd,libvirt container manager permissions +dx-group: sudo usermod -aG docker $USER - newgrp docker + sudo usermod -aG incus-admin $USER + sudo usermod -aG lxd $USER + sudo usermod -aG libvirt $USER + @echo "Logout to use docker, incus-admin, lxd, libvirt"