public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/users-groups: Use user name not attribute name for /etc/profiles/...

Browse Source 
This cropped up, because I have a set-up where my work username is
different to my home desktop username, and I am using a parameterized
config for both, so I have something akin to

    config.users.users.default-user = ...;

and using

    config.users.users.default-user.{name, home}

in certain places to cope with this. Noticed my home-manager bought in
packages (which use the users.users.<name>.packages hence NixOS issue
not home-manager) weren't present.
This commit is contained in:
Kovacsics Robert 2020-06-09 17:22:05 +01:00
parent 0c98cef613
commit af4adb1dd2
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
nixos/modules/config/users-groups.nix
View File

@ -593,8 +593,8 @@ in {
# password or an SSH authorized key. Privileged accounts are # password or an SSH authorized key. Privileged accounts are
# root and users in the wheel group. # root and users in the wheel group.
assertion = !cfg.mutableUsers -> assertion = !cfg.mutableUsers ->
any id ((mapAttrsToList (name: cfg: any id ((mapAttrsToList (_: cfg:
(name == "root" (cfg.name == "root"
|| cfg.group == "wheel" || cfg.group == "wheel"
|| elem "wheel" cfg.extraGroups) || elem "wheel" cfg.extraGroups)
&& &&
@ -615,16 +615,16 @@ in {
assertion = (user.hashedPassword != null) assertion = (user.hashedPassword != null)
-> (builtins.match ".*:.*" user.hashedPassword == null); -> (builtins.match ".*:.*" user.hashedPassword == null);
message = '' message = ''
The password hash of user "${name}" contains a ":" character. The password hash of user "${user.name}" contains a ":" character.
This is invalid and would break the login system because the fields This is invalid and would break the login system because the fields
of /etc/shadow (file where hashes are stored) are colon-separated. of /etc/shadow (file where hashes are stored) are colon-separated.
Please check the value of option `users.users."${name}".hashedPassword`.''; Please check the value of option `users.users."${user.name}".hashedPassword`.'';
} }
); );
warnings = warnings =
builtins.filter (x: x != null) ( builtins.filter (x: x != null) (
flip mapAttrsToList cfg.users (name: user: flip mapAttrsToList cfg.users (_: user:
# This regex matches a subset of the Modular Crypto Format (MCF)[1] # This regex matches a subset of the Modular Crypto Format (MCF)[1]
# informal standard. Since this depends largely on the OS or the # informal standard. Since this depends largely on the OS or the
# specific implementation of crypt(3) we only support the (sane) # specific implementation of crypt(3) we only support the (sane)
@ -647,9 +647,9 @@ in {
&& user.hashedPassword != "" # login without password && user.hashedPassword != "" # login without password
&& builtins.match mcf user.hashedPassword == null) && builtins.match mcf user.hashedPassword == null)
then '' then ''
The password hash of user "${name}" may be invalid. You must set a The password hash of user "${user.name}" may be invalid. You must set a
valid hash or the user will be locked out of their account. Please valid hash or the user will be locked out of their account. Please
check the value of option `users.users."${name}".hashedPassword`.'' check the value of option `users.users."${user.name}".hashedPassword`.''
else null else null
)); ));