public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* Fold the functionality of guest-users.nix into users-groups.nix by

Browse Source 
adding an attribute "password" that defines the default password for
  an account.  The default (null, as opposed to the empty string)
  means not to set a password.

svn path=/nixos/trunk/; revision=16937
This commit is contained in:
Eelco Dolstra 2009-09-02 17:35:24 +00:00
parent a186b5e4b4
commit 331bee12a4
3 changed files with 63 additions and 136 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
modules/config/guest-users.nix
View File

@ -1,73 +0,0 @@
{pkgs, config, ...}:
let
inherit (pkgs.lib) mkOption;
options = {
services = {
guestUsers = {
enable = mkOption {
default = false;
description = "
Whether to enable automatic addition of users with empty passwords
";
};
users = mkOption {
default = ["guest"];
description = "
List of usernames to add
";
};
includeRoot = mkOption {
default = false;
description = "
LEAVE THAT ALONE; whether to reset root password
";
};
extraGroups = mkOption {
default = ["audio"];
description = "
Extra groups to grant
";
};
};
};
};
inherit (pkgs.lib) concatStringsSep optionalString;
cfg = config.services.guestUsers;
userEntry = user:
{
name = user;
description = "NixOS guest user";
home = "/home/${user}";
createHome = true;
group = "users";
extraGroups = cfg.extraGroups;
shell = "/bin/sh";
};
nameString = (concatStringsSep " " cfg.users) + optionalString cfg.includeRoot " root";
in
pkgs.lib.mkIf cfg.enable {
require = options;
system.activationScripts = {
clearPasswords = pkgs.lib.fullDepEntry
''
for i in ${nameString}; do
echo | ${pkgs.pwdutils}/bin/passwd --stdin $i
done
'' ["defaultPath" "users" "groups"];
};
services.mingetty.helpLine = "\nThese users have empty passwords: ${nameString}";
users.extraUsers = map userEntry cfg.users;
}

123
modules/config/users-groups.nix
View File

@ -1,54 +1,17 @@
{pkgs, config, ...}: {pkgs, config, ...}:
###### interface with pkgs.lib;
let let
inherit (pkgs.lib) mkOption;
options = {
users = {
extraUsers = mkOption {
default = [];
example = [
{ name = "alice";
uid = 1234;
description = "Alice";
home = "/home/alice";
createHome = true;
group = "users";
extraGroups = ["wheel"];
shell = "/bin/sh";
}
];
description = "
Additional user accounts to be created automatically by the system.
";
};
extraGroups = mkOption {
default = [];
example = [
{ name = "students";
gid = 1001;
}
];
description = "
Additional groups to be created automatically by the system.
";
};
};
};
in
###### implementation
let
ids = config.ids; ids = config.ids;
# User accounts to be created/updated by NixOS. # User accounts to be created/updated by NixOS.
users = users =
let let
defaultUsers = defaultUsers =
[ [ { name = "root";
{ name = "root";
uid = ids.uids.root; uid = ids.uids.root;
description = "System administrator"; description = "System administrator";
home = "/root"; home = "/root";
@ -80,8 +43,9 @@ let
, shell ? (if useDefaultShell then config.users.defaultUserShell else "/noshell") , shell ? (if useDefaultShell then config.users.defaultUserShell else "/noshell")
, createHome ? false , createHome ? false
, useDefaultShell ? false , useDefaultShell ? false
, password ? null
}: }:
{ inherit name description uid group extraGroups home shell createHome; }; { inherit name description uid group extraGroups home shell createHome password; };
in map addAttrs (defaultUsers ++ nixBuildUsers ++ config.users.extraUsers); in map addAttrs (defaultUsers ++ nixBuildUsers ++ config.users.extraUsers);
@ -90,8 +54,7 @@ let
groups = groups =
let let
defaultGroups = defaultGroups =
[ [ { name = "root";
{ name = "root";
gid = ids.gids.root; gid = ids.gids.root;
} }
{ name = "wheel"; { name = "wheel";
@ -144,31 +107,63 @@ let
in map addAttrs (defaultGroups ++ config.users.extraGroups); in map addAttrs (defaultGroups ++ config.users.extraGroups);
inherit (pkgs.lib) concatStringsSep;
serializedUser = u: "${u.name}\n${u.description}\n${toString u.uid}\n${u.group}\n${toString (concatStringsSep "," u.extraGroups)}\n${u.home}\n${u.shell}\n${toString u.createHome}"; # Note: the 'X' in front of the password is to distinguish between
# having an empty password, and not having a password.
serializedUser = u: "${u.name}\n${u.description}\n${toString u.uid}\n${u.group}\n${toString (concatStringsSep "," u.extraGroups)}\n${u.home}\n${u.shell}\n${toString u.createHome}\n${if u.password != null then "X" + u.password else ""}\n";
serializedGroup = g: "${g.name}\n${toString g.gid}"; serializedGroup = g: "${g.name}\n${toString g.gid}";
in
let
inherit (pkgs.stringsWithDeps) fullDepEntry;
# keep this extra file so that cat can be used to pass special chars such as "`" which is used in the avahi daemon # keep this extra file so that cat can be used to pass special chars such as "`" which is used in the avahi daemon
usersFile = pkgs.writeText "users" (concatStringsSep "\n" (map serializedUser users)); usersFile = pkgs.writeText "users" (concatStrings (map serializedUser users));
in in
{ {
require = [
options
# config.system.activationScripts ###### interface
# ../system/activate-configuration.nix
];
system = { options = {
activationScripts = {
users = fullDepEntry '' users.extraUsers = mkOption {
default = [];
example =
[ { name = "alice";
uid = 1234;
description = "Alice";
home = "/home/alice";
createHome = true;
group = "users";
extraGroups = ["wheel"];
shell = "/bin/sh";
password = "foobar";
}
];
description = ''
Additional user accounts to be created automatically by the system.
'';
};
users.extraGroups = mkOption {
default = [];
example =
[ { name = "students";
gid = 1001;
}
];
description = ''
Additional groups to be created automatically by the system.
'';
};
};
###### implementation
config = {
system.activationScripts.users = fullDepEntry
''
cat ${usersFile} | while true; do cat ${usersFile} | while true; do
read name || break read name || break
read description read description
@ -178,6 +173,7 @@ in
read home read home
read shell read shell
read createHome read createHome
read password
if ! curEnt=$(getent passwd "$name"); then if ! curEnt=$(getent passwd "$name"); then
echo "creating user $name..." echo "creating user $name..."
@ -190,6 +186,9 @@ in
--home "$home" \ --home "$home" \
--shell "$shell" \ --shell "$shell" \
''${createHome:+--create-home} ''${createHome:+--create-home}
if test "''${password:0:1}" = 'X'; then
echo "''${password:1}" | ${pkgs.pwdutils}/bin/passwd --stdin "$name"
fi
else else
#echo "updating user $name..." #echo "updating user $name..."
oldIFS="$IFS"; IFS=:; set -- $curEnt; IFS="$oldIFS" oldIFS="$IFS"; IFS=:; set -- $curEnt; IFS="$oldIFS"
@ -210,10 +209,12 @@ in
''${home:+--home "$home"} \ ''${home:+--home "$home"} \
--shell "$shell" --shell "$shell"
fi fi
done done
'' [ "groups" ]; '' [ "groups" ];
groups = fullDepEntry '' system.activationScripts.groups = fullDepEntry
''
while true; do while true; do
read name || break read name || break
read gid read gid
@ -236,6 +237,6 @@ in
EndOfGroupList EndOfGroupList
'' [ "rootPasswd" "binsh" "etc" "var" ]; '' [ "rootPasswd" "binsh" "etc" "var" ];
};
}; };
} }

1
modules/module-list.nix
View File

@ -1,5 +1,4 @@
[ ./config/fonts.nix [ ./config/fonts.nix
./config/guest-users.nix
./config/i18n.nix ./config/i18n.nix
./config/ldap.nix ./config/ldap.nix
./config/networking.nix ./config/networking.nix