diff options
| author | Will Fancher <elvishjerricco@gmail.com> | 2023-10-29 13:22:47 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-10-29 13:22:47 -0400 |
| commit | 5cea7ee4527d3bbe2ba9675f9fb24c69d22c044d (patch) | |
| tree | 9a91e2ca468a3119997c11b581f5919aaa48177a /nixos | |
| parent | b9d8a730e36e688df855c40c39498b658b46955f (diff) | |
| parent | 22325ce016eeb59be10ce964e106549ac95c1896 (diff) | |
| download | nixpkgs-5cea7ee4527d3bbe2ba9675f9fb24c69d22c044d.tar nixpkgs-5cea7ee4527d3bbe2ba9675f9fb24c69d22c044d.tar.gz nixpkgs-5cea7ee4527d3bbe2ba9675f9fb24c69d22c044d.tar.bz2 nixpkgs-5cea7ee4527d3bbe2ba9675f9fb24c69d22c044d.tar.lz nixpkgs-5cea7ee4527d3bbe2ba9675f9fb24c69d22c044d.tar.xz nixpkgs-5cea7ee4527d3bbe2ba9675f9fb24c69d22c044d.tar.zst nixpkgs-5cea7ee4527d3bbe2ba9675f9fb24c69d22c044d.zip | |
Merge pull request #262583 from ElvishJerricco/systemd-stage-1-shells
systemd-stage-1: Support for user shells
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/config/users-groups.nix | 17 | ||||
| -rw-r--r-- | nixos/modules/system/boot/initrd-ssh.nix | 11 |
2 files changed, 20 insertions, 8 deletions
diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index 97268a8d83e..b4251214876 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -606,6 +606,14 @@ in { defaultText = literalExpression "config.users.users.\${name}.group"; default = cfg.users.${name}.group; }; + options.shell = mkOption { + type = types.passwdEntry types.path; + description = '' + The path to the user's shell in initrd. + ''; + default = "${pkgs.shadow}/bin/nologin"; + defaultText = literalExpression "\${pkgs.shadow}/bin/nologin"; + }; })); }; @@ -750,17 +758,20 @@ in { boot.initrd.systemd = lib.mkIf config.boot.initrd.systemd.enable { contents = { "/etc/passwd".text = '' - ${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: { uid, group }: let + ${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: { uid, group, shell }: let g = config.boot.initrd.systemd.groups.${group}; - in "${n}:x:${toString uid}:${toString g.gid}::/var/empty:") config.boot.initrd.systemd.users)} + in "${n}:x:${toString uid}:${toString g.gid}::/var/empty:${shell}") config.boot.initrd.systemd.users)} ''; "/etc/group".text = '' ${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: { gid }: "${n}:x:${toString gid}:") config.boot.initrd.systemd.groups)} ''; + "/etc/shells".text = lib.concatStringsSep "\n" (lib.unique (lib.mapAttrsToList (_: u: u.shell) config.boot.initrd.systemd.users)) + "\n"; }; + storePaths = [ "${pkgs.shadow}/bin/nologin" ]; + users = { - root = {}; + root = { shell = lib.mkDefault "/bin/bash"; }; nobody = {}; }; diff --git a/nixos/modules/system/boot/initrd-ssh.nix b/nixos/modules/system/boot/initrd-ssh.nix index 60c5ff62fff..3df14030ab6 100644 --- a/nixos/modules/system/boot/initrd-ssh.nix +++ b/nixos/modules/system/boot/initrd-ssh.nix @@ -164,13 +164,12 @@ in for instructions. ''; } - - { - assertion = config.boot.initrd.systemd.enable -> cfg.shell == null; - message = "systemd stage 1 does not support boot.initrd.network.ssh.shell"; - } ]; + warnings = lib.optional (config.boot.initrd.systemd.enable -> cfg.shell != null) '' + Please set 'boot.initrd.systemd.users.root.shell' instead of 'boot.initrd.network.ssh.shell' + ''; + boot.initrd.extraUtilsCommands = mkIf (!config.boot.initrd.systemd.enable) '' copy_bin_and_libs ${package}/bin/sshd cp -pv ${pkgs.glibc.out}/lib/libnss_files.so.* $out/lib @@ -235,6 +234,8 @@ in users.sshd = { uid = 1; group = "sshd"; }; groups.sshd = { gid = 1; }; + users.root.shell = mkIf (config.boot.initrd.network.ssh.shell != null) config.boot.initrd.network.ssh.shell; + contents."/etc/ssh/authorized_keys.d/root".text = concatStringsSep "\n" config.boot.initrd.network.ssh.authorizedKeys; contents."/etc/ssh/sshd_config".text = sshdConfig; |