* Fold the functionality of guest-users.nix into users-groups.nix by
adding an attribute "password" that defines the default password for an account. The default (null, as opposed to the empty string) means not to set a password. svn path=/nixos/trunk/; revision=16937
This commit is contained in:
parent
a186b5e4b4
commit
331bee12a4
@ -1,73 +0,0 @@
|
||||
{pkgs, config, ...}:
|
||||
|
||||
let
|
||||
inherit (pkgs.lib) mkOption;
|
||||
|
||||
options = {
|
||||
services = {
|
||||
guestUsers = {
|
||||
enable = mkOption {
|
||||
default = false;
|
||||
description = "
|
||||
Whether to enable automatic addition of users with empty passwords
|
||||
";
|
||||
};
|
||||
users = mkOption {
|
||||
default = ["guest"];
|
||||
description = "
|
||||
List of usernames to add
|
||||
";
|
||||
};
|
||||
includeRoot = mkOption {
|
||||
default = false;
|
||||
description = "
|
||||
LEAVE THAT ALONE; whether to reset root password
|
||||
";
|
||||
};
|
||||
extraGroups = mkOption {
|
||||
default = ["audio"];
|
||||
description = "
|
||||
Extra groups to grant
|
||||
";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
inherit (pkgs.lib) concatStringsSep optionalString;
|
||||
|
||||
cfg = config.services.guestUsers;
|
||||
|
||||
userEntry = user:
|
||||
{
|
||||
name = user;
|
||||
description = "NixOS guest user";
|
||||
home = "/home/${user}";
|
||||
createHome = true;
|
||||
group = "users";
|
||||
extraGroups = cfg.extraGroups;
|
||||
shell = "/bin/sh";
|
||||
};
|
||||
|
||||
nameString = (concatStringsSep " " cfg.users) + optionalString cfg.includeRoot " root";
|
||||
|
||||
in
|
||||
|
||||
pkgs.lib.mkIf cfg.enable {
|
||||
require = options;
|
||||
|
||||
system.activationScripts = {
|
||||
|
||||
clearPasswords = pkgs.lib.fullDepEntry
|
||||
''
|
||||
for i in ${nameString}; do
|
||||
echo | ${pkgs.pwdutils}/bin/passwd --stdin $i
|
||||
done
|
||||
'' ["defaultPath" "users" "groups"];
|
||||
|
||||
};
|
||||
|
||||
services.mingetty.helpLine = "\nThese users have empty passwords: ${nameString}";
|
||||
|
||||
users.extraUsers = map userEntry cfg.users;
|
||||
}
|
@ -1,54 +1,17 @@
|
||||
{pkgs, config, ...}:
|
||||
|
||||
###### interface
|
||||
with pkgs.lib;
|
||||
|
||||
let
|
||||
inherit (pkgs.lib) mkOption;
|
||||
|
||||
options = {
|
||||
users = {
|
||||
extraUsers = mkOption {
|
||||
default = [];
|
||||
example = [
|
||||
{ name = "alice";
|
||||
uid = 1234;
|
||||
description = "Alice";
|
||||
home = "/home/alice";
|
||||
createHome = true;
|
||||
group = "users";
|
||||
extraGroups = ["wheel"];
|
||||
shell = "/bin/sh";
|
||||
}
|
||||
];
|
||||
description = "
|
||||
Additional user accounts to be created automatically by the system.
|
||||
";
|
||||
};
|
||||
|
||||
extraGroups = mkOption {
|
||||
default = [];
|
||||
example = [
|
||||
{ name = "students";
|
||||
gid = 1001;
|
||||
}
|
||||
];
|
||||
description = "
|
||||
Additional groups to be created automatically by the system.
|
||||
";
|
||||
};
|
||||
};
|
||||
};
|
||||
in
|
||||
|
||||
###### implementation
|
||||
let
|
||||
ids = config.ids;
|
||||
|
||||
|
||||
# User accounts to be created/updated by NixOS.
|
||||
users =
|
||||
let
|
||||
defaultUsers =
|
||||
[
|
||||
{ name = "root";
|
||||
[ { name = "root";
|
||||
uid = ids.uids.root;
|
||||
description = "System administrator";
|
||||
home = "/root";
|
||||
@ -80,8 +43,9 @@ let
|
||||
, shell ? (if useDefaultShell then config.users.defaultUserShell else "/noshell")
|
||||
, createHome ? false
|
||||
, useDefaultShell ? false
|
||||
, password ? null
|
||||
}:
|
||||
{ inherit name description uid group extraGroups home shell createHome; };
|
||||
{ inherit name description uid group extraGroups home shell createHome password; };
|
||||
|
||||
in map addAttrs (defaultUsers ++ nixBuildUsers ++ config.users.extraUsers);
|
||||
|
||||
@ -90,8 +54,7 @@ let
|
||||
groups =
|
||||
let
|
||||
defaultGroups =
|
||||
[
|
||||
{ name = "root";
|
||||
[ { name = "root";
|
||||
gid = ids.gids.root;
|
||||
}
|
||||
{ name = "wheel";
|
||||
@ -144,31 +107,63 @@ let
|
||||
|
||||
in map addAttrs (defaultGroups ++ config.users.extraGroups);
|
||||
|
||||
inherit (pkgs.lib) concatStringsSep;
|
||||
|
||||
serializedUser = u: "${u.name}\n${u.description}\n${toString u.uid}\n${u.group}\n${toString (concatStringsSep "," u.extraGroups)}\n${u.home}\n${u.shell}\n${toString u.createHome}";
|
||||
# Note: the 'X' in front of the password is to distinguish between
|
||||
# having an empty password, and not having a password.
|
||||
serializedUser = u: "${u.name}\n${u.description}\n${toString u.uid}\n${u.group}\n${toString (concatStringsSep "," u.extraGroups)}\n${u.home}\n${u.shell}\n${toString u.createHome}\n${if u.password != null then "X" + u.password else ""}\n";
|
||||
serializedGroup = g: "${g.name}\n${toString g.gid}";
|
||||
in
|
||||
|
||||
let
|
||||
inherit (pkgs.stringsWithDeps) fullDepEntry;
|
||||
|
||||
|
||||
# keep this extra file so that cat can be used to pass special chars such as "`" which is used in the avahi daemon
|
||||
usersFile = pkgs.writeText "users" (concatStringsSep "\n" (map serializedUser users));
|
||||
usersFile = pkgs.writeText "users" (concatStrings (map serializedUser users));
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
require = [
|
||||
options
|
||||
|
||||
# config.system.activationScripts
|
||||
# ../system/activate-configuration.nix
|
||||
];
|
||||
###### interface
|
||||
|
||||
system = {
|
||||
activationScripts = {
|
||||
options = {
|
||||
|
||||
users.extraUsers = mkOption {
|
||||
default = [];
|
||||
example =
|
||||
[ { name = "alice";
|
||||
uid = 1234;
|
||||
description = "Alice";
|
||||
home = "/home/alice";
|
||||
createHome = true;
|
||||
group = "users";
|
||||
extraGroups = ["wheel"];
|
||||
shell = "/bin/sh";
|
||||
password = "foobar";
|
||||
}
|
||||
];
|
||||
description = ''
|
||||
Additional user accounts to be created automatically by the system.
|
||||
'';
|
||||
};
|
||||
|
||||
users = fullDepEntry ''
|
||||
users.extraGroups = mkOption {
|
||||
default = [];
|
||||
example =
|
||||
[ { name = "students";
|
||||
gid = 1001;
|
||||
}
|
||||
];
|
||||
description = ''
|
||||
Additional groups to be created automatically by the system.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
|
||||
###### implementation
|
||||
|
||||
config = {
|
||||
|
||||
system.activationScripts.users = fullDepEntry
|
||||
''
|
||||
cat ${usersFile} | while true; do
|
||||
read name || break
|
||||
read description
|
||||
@ -178,6 +173,7 @@ in
|
||||
read home
|
||||
read shell
|
||||
read createHome
|
||||
read password
|
||||
|
||||
if ! curEnt=$(getent passwd "$name"); then
|
||||
echo "creating user $name..."
|
||||
@ -190,6 +186,9 @@ in
|
||||
--home "$home" \
|
||||
--shell "$shell" \
|
||||
''${createHome:+--create-home}
|
||||
if test "''${password:0:1}" = 'X'; then
|
||||
echo "''${password:1}" | ${pkgs.pwdutils}/bin/passwd --stdin "$name"
|
||||
fi
|
||||
else
|
||||
#echo "updating user $name..."
|
||||
oldIFS="$IFS"; IFS=:; set -- $curEnt; IFS="$oldIFS"
|
||||
@ -210,10 +209,12 @@ in
|
||||
''${home:+--home "$home"} \
|
||||
--shell "$shell"
|
||||
fi
|
||||
|
||||
done
|
||||
'' [ "groups" ];
|
||||
|
||||
groups = fullDepEntry ''
|
||||
system.activationScripts.groups = fullDepEntry
|
||||
''
|
||||
while true; do
|
||||
read name || break
|
||||
read gid
|
||||
@ -236,6 +237,6 @@ in
|
||||
EndOfGroupList
|
||||
'' [ "rootPasswd" "binsh" "etc" "var" ];
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
@ -1,5 +1,4 @@
|
||||
[ ./config/fonts.nix
|
||||
./config/guest-users.nix
|
||||
./config/i18n.nix
|
||||
./config/ldap.nix
|
||||
./config/networking.nix
|
||||
|
Loading…
Reference in New Issue
Block a user