nixos/users-groups: rename passwordFile in hashedPasswordFile
This avoids the possible confusion with `passwordFile` being the file version of `password`, while it should contain the password hash. Fixes issue #165858.
This commit is contained in:
parent
ef14cdd5b9
commit
5666a378cb
@ -87,6 +87,8 @@
|
|||||||
|
|
||||||
- `getent` has been moved from `glibc`'s `bin` output to its own dedicated output, reducing closure size for many dependents. Dependents using the `getent` alias should not be affected; others should move from using `glibc.bin` or `getBin glibc` to `getent` (which also improves compatibility with non-glibc platforms).
|
- `getent` has been moved from `glibc`'s `bin` output to its own dedicated output, reducing closure size for many dependents. Dependents using the `getent` alias should not be affected; others should move from using `glibc.bin` or `getBin glibc` to `getent` (which also improves compatibility with non-glibc platforms).
|
||||||
|
|
||||||
|
- The `users.users.<name>.passwordFile` has been renamed to `users.users.<name>.hashedPasswordFile` to avoid possible confusions. The option is in fact the file-based version of `hashedPassword`, not `password`, and expects a file containing the {manpage}`crypt(3)` hash of the user password.
|
||||||
|
|
||||||
- The `services.ananicy.extraRules` option now has the type of `listOf attrs` instead of `string`.
|
- The `services.ananicy.extraRules` option now has the type of `listOf attrs` instead of `string`.
|
||||||
|
|
||||||
- The `matrix-synapse` package & module have undergone some significant internal changes, for most setups no intervention is needed, though:
|
- The `matrix-synapse` package & module have undergone some significant internal changes, for most setups no intervention is needed, though:
|
||||||
|
@ -18,11 +18,11 @@ let
|
|||||||
|
|
||||||
passwordDescription = ''
|
passwordDescription = ''
|
||||||
The options {option}`hashedPassword`,
|
The options {option}`hashedPassword`,
|
||||||
{option}`password` and {option}`passwordFile`
|
{option}`password` and {option}`hashedPasswordFile`
|
||||||
controls what password is set for the user.
|
controls what password is set for the user.
|
||||||
{option}`hashedPassword` overrides both
|
{option}`hashedPassword` overrides both
|
||||||
{option}`password` and {option}`passwordFile`.
|
{option}`password` and {option}`hashedPasswordFile`.
|
||||||
{option}`password` overrides {option}`passwordFile`.
|
{option}`password` overrides {option}`hashedPasswordFile`.
|
||||||
If none of these three options are set, no password is assigned to
|
If none of these three options are set, no password is assigned to
|
||||||
the user, and the user will not be able to do password logins.
|
the user, and the user will not be able to do password logins.
|
||||||
If the option {option}`users.mutableUsers` is true, the
|
If the option {option}`users.mutableUsers` is true, the
|
||||||
@ -250,18 +250,26 @@ let
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
passwordFile = mkOption {
|
hashedPasswordFile = mkOption {
|
||||||
type = with types; nullOr str;
|
type = with types; nullOr str;
|
||||||
default = null;
|
default = cfg.users.${name}.passwordFile;
|
||||||
|
defaultText = literalExpression "null";
|
||||||
description = lib.mdDoc ''
|
description = lib.mdDoc ''
|
||||||
The full path to a file that contains the user's password. The password
|
The full path to a file that contains the hash of the user's
|
||||||
file is read on each system activation. The file should contain
|
password. The password file is read on each system activation. The
|
||||||
exactly one line, which should be the password in an encrypted form
|
file should contain exactly one line, which should be the password in
|
||||||
that is suitable for the `chpasswd -e` command.
|
an encrypted form that is suitable for the `chpasswd -e` command.
|
||||||
${passwordDescription}
|
${passwordDescription}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
passwordFile = mkOption {
|
||||||
|
type = with types; nullOr (passwdEntry str);
|
||||||
|
default = null;
|
||||||
|
visible = false;
|
||||||
|
description = lib.mdDoc "Deprecated alias of hashedPasswordFile";
|
||||||
|
};
|
||||||
|
|
||||||
initialHashedPassword = mkOption {
|
initialHashedPassword = mkOption {
|
||||||
type = with types; nullOr (passwdEntry str);
|
type = with types; nullOr (passwdEntry str);
|
||||||
default = null;
|
default = null;
|
||||||
@ -447,7 +455,7 @@ let
|
|||||||
users = mapAttrsToList (_: u:
|
users = mapAttrsToList (_: u:
|
||||||
{ inherit (u)
|
{ inherit (u)
|
||||||
name uid group description home homeMode createHome isSystemUser
|
name uid group description home homeMode createHome isSystemUser
|
||||||
password passwordFile hashedPassword
|
password hashedPasswordFile hashedPassword
|
||||||
autoSubUidGidRange subUidRanges subGidRanges
|
autoSubUidGidRange subUidRanges subGidRanges
|
||||||
initialPassword initialHashedPassword expires;
|
initialPassword initialHashedPassword expires;
|
||||||
shell = utils.toShellPath u.shell;
|
shell = utils.toShellPath u.shell;
|
||||||
@ -756,7 +764,7 @@ in {
|
|||||||
&&
|
&&
|
||||||
(allowsLogin cfg.hashedPassword
|
(allowsLogin cfg.hashedPassword
|
||||||
|| cfg.password != null
|
|| cfg.password != null
|
||||||
|| cfg.passwordFile != null
|
|| cfg.hashedPasswordFile != null
|
||||||
|| cfg.openssh.authorizedKeys.keys != []
|
|| cfg.openssh.authorizedKeys.keys != []
|
||||||
|| cfg.openssh.authorizedKeys.keyFiles != [])
|
|| cfg.openssh.authorizedKeys.keyFiles != [])
|
||||||
) cfg.users ++ [
|
) cfg.users ++ [
|
||||||
@ -845,9 +853,13 @@ in {
|
|||||||
The password hash of user "${user.name}" may be invalid. You must set a
|
The password hash of user "${user.name}" may be invalid. You must set a
|
||||||
valid hash or the user will be locked out of their account. Please
|
valid hash or the user will be locked out of their account. Please
|
||||||
check the value of option `users.users."${user.name}".hashedPassword`.''
|
check the value of option `users.users."${user.name}".hashedPassword`.''
|
||||||
else null
|
else null)
|
||||||
));
|
++ flip mapAttrsToList cfg.users (name: user:
|
||||||
|
if user.passwordFile != null then
|
||||||
|
''The option `users.users."${name}".passwordFile' has been renamed '' +
|
||||||
|
''to `users.users."${name}".hashedPasswordFile'.''
|
||||||
|
else null)
|
||||||
|
);
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user