movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-25 18:46:32 +03:00
Code Activity

nixos/systemd-sysusers: assert against password and hashedPassword

Browse source 
Regardless of mutable or immutable users, systemd-sysupdate never
updates existing user records and thus will for example never change
passwords for you.

It only support initial passwords and now actively asserts agains other
paswords.
This commit is contained in:
nikstur 2024-07-21 16:10:50 +02:00
parent 2710a49adb
commit 2ca04530c9
1 changed files with 10 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

13
nixos/modules/system/boot/systemd/sysusers.nix
View file

@ -72,12 +72,19 @@ in
assertion = config.users.mutableUsers -> config.system.etc.overlay.enable; assertion = config.users.mutableUsers -> config.system.etc.overlay.enable;
message = "config.users.mutableUsers requires config.system.etc.overlay.enable."; message = "config.users.mutableUsers requires config.system.etc.overlay.enable.";
} }
] ++ lib.mapAttrsToList ] ++ (lib.mapAttrsToList
(username: opts: { (_username: opts: {
assertion = !opts.isNormalUser; assertion = !opts.isNormalUser;
message = "systemd-sysusers doesn't create normal users. You can currently only use it to create system users."; message = "systemd-sysusers doesn't create normal users. You can currently only use it to create system users.";
}) })
userCfg.users; userCfg.users)
++ lib.mapAttrsToList
(username: opts: {
assertion = (opts.password == opts.initialPassword || opts.password == null) &&
(opts.hashedPassword == opts.initialHashedPassword || opts.hashedPassword == null);
message = "${username} uses password or hashedPassword. systemd-sysupdate only supports initial passwords. It'll never update your passwords.";
})
systemUsers;
systemd = { systemd = {