From f496c3cbe4a6a2db88892d14609618e449744ed6 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 3 Nov 2014 12:30:54 +0100 Subject: [PATCH] Obsolete security.initialPassword You can now set users.extraUsers.root.initialHashedPassword instead. --- nixos/modules/config/users-groups.nix | 18 +++--------------- .../installer/cd-dvd/installation-cd-base.nix | 2 +- nixos/modules/testing/test-instrumentation.nix | 2 +- nixos/modules/virtualisation/amazon-image.nix | 5 ----- nixos/modules/virtualisation/docker-image.nix | 12 ++++++------ 5 files changed, 11 insertions(+), 28 deletions(-) diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index 60906d48ff0c..256c5888cb94 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -426,24 +426,12 @@ in { options = [ groupOpts ]; }; + # FIXME: obsolete - will remove. security.initialRootPassword = mkOption { type = types.str; default = "!"; example = ""; - description = '' - The (hashed) password for the root account set on initial - installation. The empty string denotes that root can login - locally without a password (but not via remote services such - as SSH, or indirectly via su or - sudo). The string ! - prevents root from logging in using a password. - Note that setting this option sets - users.extraUsers.root.hashedPassword. - Also, if users.mutableUsers is false - you cannot change the root password manually, so in that case - the name of this option is a bit misleading, since it will define - the root password beyond the user initialisation phase. - ''; + visible = false; }; }; @@ -461,7 +449,7 @@ in { shell = mkDefault cfg.defaultUserShell; group = "root"; extraGroups = [ "grsecurity" ]; - hashedPassword = mkDefault config.security.initialRootPassword; + initialHashedPassword = mkDefault config.security.initialRootPassword; }; nobody = { uid = ids.uids.nobody; diff --git a/nixos/modules/installer/cd-dvd/installation-cd-base.nix b/nixos/modules/installer/cd-dvd/installation-cd-base.nix index f2a90e8d2ec4..a68581c113fc 100644 --- a/nixos/modules/installer/cd-dvd/installation-cd-base.nix +++ b/nixos/modules/installer/cd-dvd/installation-cd-base.nix @@ -49,5 +49,5 @@ with lib; boot.supportedFilesystems = [ "zfs" "btrfs" ]; # Allow the user to log in as root without a password. - security.initialRootPassword = ""; + users.extraUsers.root.initialHashedPassword = ""; } diff --git a/nixos/modules/testing/test-instrumentation.nix b/nixos/modules/testing/test-instrumentation.nix index 54a376c9560e..2de978ca1018 100644 --- a/nixos/modules/testing/test-instrumentation.nix +++ b/nixos/modules/testing/test-instrumentation.nix @@ -98,7 +98,7 @@ let kernel = config.boot.kernelPackages.kernel; in networking.usePredictableInterfaceNames = false; # Make it easy to log in as root when running the test interactively. - security.initialRootPassword = mkDefault ""; + users.extraUsers.root.initialHashedPassword = mkDefault ""; }; diff --git a/nixos/modules/virtualisation/amazon-image.nix b/nixos/modules/virtualisation/amazon-image.nix index 552d787b4478..d175bac3074d 100644 --- a/nixos/modules/virtualisation/amazon-image.nix +++ b/nixos/modules/virtualisation/amazon-image.nix @@ -191,10 +191,5 @@ in environment.systemPackages = [ pkgs.cryptsetup ]; boot.initrd.supportedFilesystems = [ "unionfs-fuse" ]; - - # Prevent logging in as root without a password. This doesn't really matter, - # since the only PAM services that allow logging in with a null - # password are local ones that are inaccessible on EC2 machines. - security.initialRootPassword = mkDefault "!"; }; } diff --git a/nixos/modules/virtualisation/docker-image.nix b/nixos/modules/virtualisation/docker-image.nix index 13b861dc9884..ff276fc86a8e 100644 --- a/nixos/modules/virtualisation/docker-image.nix +++ b/nixos/modules/virtualisation/docker-image.nix @@ -38,8 +38,8 @@ in { ''; - # docker image config - require = [ + # Docker image config. + imports = [ ../installer/cd-dvd/channel.nix ../profiles/minimal.nix ../profiles/clone-config.nix @@ -47,16 +47,16 @@ in { boot.isContainer = true; - # Iptables do not work in docker + # Iptables do not work in Docker. networking.firewall.enable = false; services.openssh.enable = true; - # Socket activated ssh presents problem in docker + # Socket activated ssh presents problem in Docker. services.openssh.startWhenNeeded = false; - # Allow the user to login as root without password - security.initialRootPassword = ""; + # Allow the user to login as root without password. + users.extraUsers.root.initialHashedPassword = mkDefault ""; # Some more help text. services.mingetty.helpLine =