diff --git a/system/options.nix b/system/options.nix index 67ed93fb30f..d1748f16f7f 100644 --- a/system/options.nix +++ b/system/options.nix @@ -2247,6 +2247,7 @@ in (import ../upstart-jobs/cron/locate.nix) (import ../upstart-jobs/manual.nix) (import ../upstart-jobs/rogue.nix) + (import ../upstart-jobs/guest-users.nix) # fonts (import ../system/fonts.nix) diff --git a/upstart-jobs/guest-users.nix b/upstart-jobs/guest-users.nix new file mode 100644 index 00000000000..98fc8a39568 --- /dev/null +++ b/upstart-jobs/guest-users.nix @@ -0,0 +1,76 @@ +{pkgs, config}: +let + inherit(pkgs.lib) mkOption; + + options = { + services = { + guestUsers = { + enable = mkOption { + default = false; + description = " + Whether to enable automatic addition of users with empty passwords + "; + }; + users = mkOption { + default = ["guest"]; + description = " + List of usernames to add + "; + }; + includeRoot = mkOption { + default = false; + description = " + LEAVE THAT ALONE; whether to reset root password + "; + }; + extraGroups = mkOption { + default = ["audio"]; + description = " + Extra groups to grant + "; + }; + }; + }; + }; + inherit (pkgs.lib) concatStringsSep optional optionalString; + + inherit (config.services.guestUsers) enable users includeRoot extraGroups; + + userEntry = user: + { + name = user; + description = "NixOS guest user"; + home = "/home/${user}"; + createHome = true; + group = "users"; + extraGroups = extraGroups; + shell = "/bin/sh"; + }; + + nameString = (concatStringsSep " " users) + optionalString includeRoot " root"; + +in + +{ + require = options; + services = { + extraJobs = optional enable { + name = "clear-passwords"; + job = '' + description "Clear guest passwords" + start on startup + script + for i in ${nameString}; do + echo | ${pkgs.pwdutils}/bin/passwd --stdin $i + done + end script + ''; + }; + mingetty = { + helpLine = optionalString enable "\nThis users have empty passwords: ${nameString}"; + }; + }; + users = { + extraUsers = map userEntry users; + }; +}