diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2014-11-03 12:30:54 +0100 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2014-11-03 12:36:56 +0100 |
commit | f496c3cbe4a6a2db88892d14609618e449744ed6 (patch) | |
tree | 3de8462dc48e7825a86bff29cd1d2897fcba7cc2 /nixos/modules | |
parent | f8f787b800dce2a2402a0cb693e9fe0b6895c4a7 (diff) | |
download | nixpkgs-f496c3cbe4a6a2db88892d14609618e449744ed6.tar nixpkgs-f496c3cbe4a6a2db88892d14609618e449744ed6.tar.gz nixpkgs-f496c3cbe4a6a2db88892d14609618e449744ed6.tar.bz2 nixpkgs-f496c3cbe4a6a2db88892d14609618e449744ed6.tar.lz nixpkgs-f496c3cbe4a6a2db88892d14609618e449744ed6.tar.xz nixpkgs-f496c3cbe4a6a2db88892d14609618e449744ed6.tar.zst nixpkgs-f496c3cbe4a6a2db88892d14609618e449744ed6.zip |
Obsolete security.initialPassword
You can now set users.extraUsers.root.initialHashedPassword instead.
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/config/users-groups.nix | 18 | ||||
-rw-r--r-- | nixos/modules/installer/cd-dvd/installation-cd-base.nix | 2 | ||||
-rw-r--r-- | nixos/modules/testing/test-instrumentation.nix | 2 | ||||
-rw-r--r-- | nixos/modules/virtualisation/amazon-image.nix | 5 | ||||
-rw-r--r-- | nixos/modules/virtualisation/docker-image.nix | 12 |
5 files changed, 11 insertions, 28 deletions
diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index 60906d48ff0..256c5888cb9 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -426,24 +426,12 @@ in { options = [ groupOpts ]; }; + # FIXME: obsolete - will remove. security.initialRootPassword = mkOption { type = types.str; default = "!"; example = ""; - description = '' - The (hashed) password for the root account set on initial - installation. The empty string denotes that root can login - locally without a password (but not via remote services such - as SSH, or indirectly via <command>su</command> or - <command>sudo</command>). The string <literal>!</literal> - prevents root from logging in using a password. - Note that setting this option sets - <literal>users.extraUsers.root.hashedPassword</literal>. - Also, if <literal>users.mutableUsers</literal> is false - you cannot change the root password manually, so in that case - the name of this option is a bit misleading, since it will define - the root password beyond the user initialisation phase. - ''; + visible = false; }; }; @@ -461,7 +449,7 @@ in { shell = mkDefault cfg.defaultUserShell; group = "root"; extraGroups = [ "grsecurity" ]; - hashedPassword = mkDefault config.security.initialRootPassword; + initialHashedPassword = mkDefault config.security.initialRootPassword; }; nobody = { uid = ids.uids.nobody; diff --git a/nixos/modules/installer/cd-dvd/installation-cd-base.nix b/nixos/modules/installer/cd-dvd/installation-cd-base.nix index f2a90e8d2ec..a68581c113f 100644 --- a/nixos/modules/installer/cd-dvd/installation-cd-base.nix +++ b/nixos/modules/installer/cd-dvd/installation-cd-base.nix @@ -49,5 +49,5 @@ with lib; boot.supportedFilesystems = [ "zfs" "btrfs" ]; # Allow the user to log in as root without a password. - security.initialRootPassword = ""; + users.extraUsers.root.initialHashedPassword = ""; } diff --git a/nixos/modules/testing/test-instrumentation.nix b/nixos/modules/testing/test-instrumentation.nix index 54a376c9560..2de978ca101 100644 --- a/nixos/modules/testing/test-instrumentation.nix +++ b/nixos/modules/testing/test-instrumentation.nix @@ -98,7 +98,7 @@ let kernel = config.boot.kernelPackages.kernel; in networking.usePredictableInterfaceNames = false; # Make it easy to log in as root when running the test interactively. - security.initialRootPassword = mkDefault ""; + users.extraUsers.root.initialHashedPassword = mkDefault ""; }; diff --git a/nixos/modules/virtualisation/amazon-image.nix b/nixos/modules/virtualisation/amazon-image.nix index 552d787b447..d175bac3074 100644 --- a/nixos/modules/virtualisation/amazon-image.nix +++ b/nixos/modules/virtualisation/amazon-image.nix @@ -191,10 +191,5 @@ in environment.systemPackages = [ pkgs.cryptsetup ]; boot.initrd.supportedFilesystems = [ "unionfs-fuse" ]; - - # Prevent logging in as root without a password. This doesn't really matter, - # since the only PAM services that allow logging in with a null - # password are local ones that are inaccessible on EC2 machines. - security.initialRootPassword = mkDefault "!"; }; } diff --git a/nixos/modules/virtualisation/docker-image.nix b/nixos/modules/virtualisation/docker-image.nix index 13b861dc988..ff276fc86a8 100644 --- a/nixos/modules/virtualisation/docker-image.nix +++ b/nixos/modules/virtualisation/docker-image.nix @@ -38,8 +38,8 @@ in { ''; - # docker image config - require = [ + # Docker image config. + imports = [ ../installer/cd-dvd/channel.nix ../profiles/minimal.nix ../profiles/clone-config.nix @@ -47,16 +47,16 @@ in { boot.isContainer = true; - # Iptables do not work in docker + # Iptables do not work in Docker. networking.firewall.enable = false; services.openssh.enable = true; - # Socket activated ssh presents problem in docker + # Socket activated ssh presents problem in Docker. services.openssh.startWhenNeeded = false; - # Allow the user to login as root without password - security.initialRootPassword = ""; + # Allow the user to login as root without password. + users.extraUsers.root.initialHashedPassword = mkDefault ""; # Some more help text. services.mingetty.helpLine = |