nixos/users-groups: don't consider a system with Google OS Login inaccessible
This allows disabling users.mutableUsers without configuring any authentication mechanisms (passwords, authorized SSH keys) other than Google OS Login.
This commit is contained in:
parent
903a0cac04
commit
2e4fb5cf4c
@ -581,7 +581,7 @@ in {
|
||||
# password or an SSH authorized key. Privileged accounts are
|
||||
# root and users in the wheel group.
|
||||
assertion = !cfg.mutableUsers ->
|
||||
any id (mapAttrsToList (name: cfg:
|
||||
any id ((mapAttrsToList (name: cfg:
|
||||
(name == "root"
|
||||
|| cfg.group == "wheel"
|
||||
|| elem "wheel" cfg.extraGroups)
|
||||
@ -591,7 +591,9 @@ in {
|
||||
|| cfg.passwordFile != null
|
||||
|| cfg.openssh.authorizedKeys.keys != []
|
||||
|| cfg.openssh.authorizedKeys.keyFiles != [])
|
||||
) cfg.users);
|
||||
) cfg.users) ++ [
|
||||
config.security.googleOsLogin.enable
|
||||
]);
|
||||
message = ''
|
||||
Neither the root account nor any wheel user has a password or SSH authorized key.
|
||||
You must set one to prevent being locked out of your system.'';
|
||||
|
Loading…
Reference in New Issue
Block a user