diff options
author | rnhmjoj <rnhmjoj@inventati.org> | 2023-09-08 21:13:31 +0200 |
---|---|---|
committer | rnhmjoj <rnhmjoj@inventati.org> | 2023-09-08 21:19:40 +0200 |
commit | 5666a378cb3cafbeb075740244b7a316d0ba9f7a (patch) | |
tree | 5633b87bea1fc86d397b34bc7bc82754fac9e2f7 /nixos/modules/config | |
parent | ef14cdd5b929963d9117def6cc888a1444de5541 (diff) | |
download | nixpkgs-5666a378cb3cafbeb075740244b7a316d0ba9f7a.tar nixpkgs-5666a378cb3cafbeb075740244b7a316d0ba9f7a.tar.gz nixpkgs-5666a378cb3cafbeb075740244b7a316d0ba9f7a.tar.bz2 nixpkgs-5666a378cb3cafbeb075740244b7a316d0ba9f7a.tar.lz nixpkgs-5666a378cb3cafbeb075740244b7a316d0ba9f7a.tar.xz nixpkgs-5666a378cb3cafbeb075740244b7a316d0ba9f7a.tar.zst nixpkgs-5666a378cb3cafbeb075740244b7a316d0ba9f7a.zip |
nixos/users-groups: rename passwordFile in hashedPasswordFile
This avoids the possible confusion with `passwordFile` being the file version of `password`, while it should contain the password hash. Fixes issue #165858.
Diffstat (limited to 'nixos/modules/config')
-rw-r--r-- | nixos/modules/config/users-groups.nix | 40 |
1 files changed, 26 insertions, 14 deletions
diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index 684b4bc8fbc..4893d28924e 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -18,11 +18,11 @@ let passwordDescription = '' The options {option}`hashedPassword`, - {option}`password` and {option}`passwordFile` + {option}`password` and {option}`hashedPasswordFile` controls what password is set for the user. {option}`hashedPassword` overrides both - {option}`password` and {option}`passwordFile`. - {option}`password` overrides {option}`passwordFile`. + {option}`password` and {option}`hashedPasswordFile`. + {option}`password` overrides {option}`hashedPasswordFile`. If none of these three options are set, no password is assigned to the user, and the user will not be able to do password logins. If the option {option}`users.mutableUsers` is true, the @@ -250,18 +250,26 @@ let ''; }; - passwordFile = mkOption { + hashedPasswordFile = mkOption { type = with types; nullOr str; - default = null; + default = cfg.users.${name}.passwordFile; + defaultText = literalExpression "null"; description = lib.mdDoc '' - The full path to a file that contains the user's password. The password - file is read on each system activation. The file should contain - exactly one line, which should be the password in an encrypted form - that is suitable for the `chpasswd -e` command. + The full path to a file that contains the hash of the user's + password. The password file is read on each system activation. The + file should contain exactly one line, which should be the password in + an encrypted form that is suitable for the `chpasswd -e` command. ${passwordDescription} ''; }; + passwordFile = mkOption { + type = with types; nullOr (passwdEntry str); + default = null; + visible = false; + description = lib.mdDoc "Deprecated alias of hashedPasswordFile"; + }; + initialHashedPassword = mkOption { type = with types; nullOr (passwdEntry str); default = null; @@ -447,7 +455,7 @@ let users = mapAttrsToList (_: u: { inherit (u) name uid group description home homeMode createHome isSystemUser - password passwordFile hashedPassword + password hashedPasswordFile hashedPassword autoSubUidGidRange subUidRanges subGidRanges initialPassword initialHashedPassword expires; shell = utils.toShellPath u.shell; @@ -756,7 +764,7 @@ in { && (allowsLogin cfg.hashedPassword || cfg.password != null - || cfg.passwordFile != null + || cfg.hashedPasswordFile != null || cfg.openssh.authorizedKeys.keys != [] || cfg.openssh.authorizedKeys.keyFiles != []) ) cfg.users ++ [ @@ -845,9 +853,13 @@ in { The password hash of user "${user.name}" may be invalid. You must set a valid hash or the user will be locked out of their account. Please check the value of option `users.users."${user.name}".hashedPassword`.'' - else null - )); - + else null) + ++ flip mapAttrsToList cfg.users (name: user: + if user.passwordFile != null then + ''The option `users.users."${name}".passwordFile' has been renamed '' + + ''to `users.users."${name}".hashedPasswordFile'.'' + else null) + ); }; } |