diff options
author | edef <edef@edef.eu> | 2020-07-19 00:24:00 +0000 |
---|---|---|
committer | edef <edef@edef.eu> | 2020-07-19 00:28:02 +0000 |
commit | 2e4fb5cf4cb50870f93669a119b6b9d645c21b00 (patch) | |
tree | 5689c2a524388bc77c6ddaac0d4ddd3d8df71284 /nixos | |
parent | 903a0cac04a10ca50ca461e2fad127d05b7f1419 (diff) | |
download | nixpkgs-2e4fb5cf4cb50870f93669a119b6b9d645c21b00.tar nixpkgs-2e4fb5cf4cb50870f93669a119b6b9d645c21b00.tar.gz nixpkgs-2e4fb5cf4cb50870f93669a119b6b9d645c21b00.tar.bz2 nixpkgs-2e4fb5cf4cb50870f93669a119b6b9d645c21b00.tar.lz nixpkgs-2e4fb5cf4cb50870f93669a119b6b9d645c21b00.tar.xz nixpkgs-2e4fb5cf4cb50870f93669a119b6b9d645c21b00.tar.zst nixpkgs-2e4fb5cf4cb50870f93669a119b6b9d645c21b00.zip |
nixos/users-groups: don't consider a system with Google OS Login inaccessible
This allows disabling users.mutableUsers without configuring any authentication mechanisms (passwords, authorized SSH keys) other than Google OS Login.
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/config/users-groups.nix | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index ee64f785f5b..56b7af98b61 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -581,7 +581,7 @@ in { # password or an SSH authorized key. Privileged accounts are # root and users in the wheel group. assertion = !cfg.mutableUsers -> - any id (mapAttrsToList (name: cfg: + any id ((mapAttrsToList (name: cfg: (name == "root" || cfg.group == "wheel" || elem "wheel" cfg.extraGroups) @@ -591,7 +591,9 @@ in { || cfg.passwordFile != null || cfg.openssh.authorizedKeys.keys != [] || cfg.openssh.authorizedKeys.keyFiles != []) - ) cfg.users); + ) cfg.users) ++ [ + config.security.googleOsLogin.enable + ]); message = '' Neither the root account nor any wheel user has a password or SSH authorized key. You must set one to prevent being locked out of your system.''; |