public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add option ‘users.motd’ for setting a message of the day shown on login

Browse Source 
Note that this uses pam_motd.
This commit is contained in:
Eelco Dolstra 2012-10-23 09:10:48 -04:00
parent c980faebe2
commit 224c825a36
3 changed files with 20 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
modules/programs/shadow.nix
View File

@ -27,6 +27,7 @@ let
# Uncomment this to allow non-root users to change their account # Uncomment this to allow non-root users to change their account
#information. This should be made configurable. #information. This should be made configurable.
#CHFN_RESTRICT frwh #CHFN_RESTRICT frwh
''; '';
in in
@ -90,7 +91,7 @@ in
{ name = "groupmod"; rootOK = true; } { name = "groupmod"; rootOK = true; }
{ name = "groupmems"; rootOK = true; } { name = "groupmems"; rootOK = true; }
{ name = "groupdel"; rootOK = true; } { name = "groupdel"; rootOK = true; }
{ name = "login"; startSession = true; allowNullPassword = true; } { name = "login"; startSession = true; allowNullPassword = true; showMotd = true; }
]; ];
security.setuidPrograms = [ "passwd" "chfn" "su" "newgrp" ]; security.setuidPrograms = [ "passwd" "chfn" "su" "newgrp" ];

13
modules/security/pam.nix
View File

@ -29,6 +29,8 @@ let
concatStringsSep " " [ domain type item value ]) concatStringsSep " " [ domain type item value ])
limits)); limits));
motd = pkgs.writeText "motd" config.users.motd;
makePAMService = makePAMService =
{ name { name
, # If set, root doesn't need to authenticate (e.g. for the "chsh" , # If set, root doesn't need to authenticate (e.g. for the "chsh"
@ -58,6 +60,8 @@ let
allowNullPassword ? false allowNullPassword ? false
, # The limits, as per limits.conf(5). , # The limits, as per limits.conf(5).
limits ? config.security.pam.loginLimits limits ? config.security.pam.loginLimits
, # Whether to show the message of the day.
showMotd ? false
}: }:
{ source = pkgs.writeText "${name}.pam" { source = pkgs.writeText "${name}.pam"
@ -110,6 +114,8 @@ let
"session optional pam_xauth.so xauthpath=${pkgs.xorg.xauth}/bin/xauth systemuser=99"} "session optional pam_xauth.so xauthpath=${pkgs.xorg.xauth}/bin/xauth systemuser=99"}
${optionalString (limits != []) ${optionalString (limits != [])
"session required ${pkgs.pam}/lib/security/pam_limits.so conf=${makeLimitsConf limits}"} "session required ${pkgs.pam}/lib/security/pam_limits.so conf=${makeLimitsConf limits}"}
${optionalString (showMotd && config.users.motd != null)
"session optional ${pkgs.pam}/lib/security/pam_motd.so motd=${motd}"}
''; '';
target = "pam.d/${name}"; target = "pam.d/${name}";
}; };
@ -201,6 +207,13 @@ in
''; '';
}; };
users.motd = mkOption {
default = null;
example = "Today is Sweetmorn, the 4th day of The Aftermath in the YOLD 3178.";
type = types.nullOr types.string;
description = "Message of the day shown to users when they log in.";
};
}; };

5
modules/services/networking/ssh/sshd.nix
View File

@ -358,7 +358,7 @@ in
networking.firewall.allowedTCPPorts = cfg.ports; networking.firewall.allowedTCPPorts = cfg.ports;
security.pam.services = optional cfg.usePAM { name = "sshd"; startSession = true; }; security.pam.services = optional cfg.usePAM { name = "sshd"; startSession = true; showMotd = true; };
services.openssh.extraConfig = services.openssh.extraConfig =
'' ''
@ -390,10 +390,13 @@ in
GatewayPorts ${cfg.gatewayPorts} GatewayPorts ${cfg.gatewayPorts}
PasswordAuthentication ${if cfg.passwordAuthentication then "yes" else "no"} PasswordAuthentication ${if cfg.passwordAuthentication then "yes" else "no"}
ChallengeResponseAuthentication ${if cfg.challengeResponseAuthentication then "yes" else "no"} ChallengeResponseAuthentication ${if cfg.challengeResponseAuthentication then "yes" else "no"}
PrintMotd no # handled by pam_motd
''; '';
assertions = [{ assertion = if cfg.forwardX11 then cfgc.setXAuthLocation else true; assertions = [{ assertion = if cfg.forwardX11 then cfgc.setXAuthLocation else true;
message = "cannot enable X11 forwarding without setting xauth location";}]; message = "cannot enable X11 forwarding without setting xauth location";}];
}; };
} }