From a709b1a373b4d6c183c72da1294f5cad53a4f80d Mon Sep 17 00:00:00 2001
From: Aneesh Agrawal <aneeshusa@gmail.com>
Date: Sun, 3 Jun 2018 21:01:53 -0700
Subject: [PATCH] nixos/users: Allow mutable shells for declarative users

I want to manage users centrally via declarativeUsers,
but allow users to change their shell as they please,
similar to how they can change passwords at will
if none of the password-related NixOS settings are set for their user.
---
 nixos/modules/config/update-users-groups.pl | 9 +++++++++
 nixos/modules/config/users-groups.nix       | 2 +-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/config/update-users-groups.pl b/nixos/modules/config/update-users-groups.pl
index ef5e6346f02e..57ed9b95be21 100644
--- a/nixos/modules/config/update-users-groups.pl
+++ b/nixos/modules/config/update-users-groups.pl
@@ -228,6 +228,15 @@ foreach my $u (@{$spec->{users}}) {
         $u->{hashedPassword} = hashPassword($u->{password});
     }
 
+    if (!defined $u->{shell}) {
+        if (defined $existing) {
+            $u->{shell} = $existing->{shell};
+        } else {
+            warn "warning: no declarative or previous shell for ‘$name’, setting shell to nologin\n";
+            $u->{shell} = "/run/current-system/sw/bin/nologin";
+        }
+    }
+
     $u->{fakePassword} = $existing->{fakePassword} // "x";
     $usersOut{$name} = $u;
 
diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix
index c3f228c9bcc4..c50b9829d6da 100644
--- a/nixos/modules/config/users-groups.nix
+++ b/nixos/modules/config/users-groups.nix
@@ -119,7 +119,7 @@ let
       };
 
       shell = mkOption {
-        type = types.either types.shellPackage types.path;
+        type = types.nullOr (types.either types.shellPackage types.path);
         default = pkgs.shadow;
         defaultText = "pkgs.shadow";
         example = literalExample "pkgs.bashInteractive";