diff options
Diffstat (limited to 'nixos/modules/config/users-groups.nix')
-rw-r--r-- | nixos/modules/config/users-groups.nix | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index b0f96c754fa..d3bdf218c33 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -48,7 +48,7 @@ let services such as SSH, or indirectly via <command>su</command> or <command>sudo</command>). This should only be used for e.g. bootable live systems. Note: this is different from setting an empty password, - which ca be achieved using <option>users.users.<name?>.password</option>. + which can be achieved using <option>users.users.<name?>.password</option>. If set to <literal>null</literal> (default) this user will not be able to log in using a password (i.e. via <command>login</command> @@ -139,6 +139,12 @@ let description = "The user's home directory."; }; + homeMode = mkOption { + type = types.strMatching "[0-7]{1,5}"; + default = "700"; + description = "The user's home directory mode in numeric format. See chmod(1). The mode is only applied if <option>users.users.<name>.createHome</option> is true."; + }; + cryptHomeLuks = mkOption { type = with types; nullOr str; default = null; @@ -319,6 +325,7 @@ let group = mkDefault "users"; createHome = mkDefault true; home = mkDefault "/home/${config.name}"; + homeMode = mkDefault "700"; useDefaultShell = mkDefault true; isSystemUser = mkDefault false; }) @@ -430,7 +437,7 @@ let inherit (cfg) mutableUsers; users = mapAttrsToList (_: u: { inherit (u) - name uid group description home createHome isSystemUser + name uid group description home homeMode createHome isSystemUser password passwordFile hashedPassword autoSubUidGidRange subUidRanges subGidRanges initialPassword initialHashedPassword; |