dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

lib.types, nixos/users: Make passwdEntry available

Browse Source 
More nixpkgs code such as `boot.initrd.systemd.emergencyAccess` defines
options that takes hashed passwords, so move the type definition from
modules/ into lib/.

The type definition itself stays unchanged.
This commit is contained in:
Klemens Nanni 2022-06-25 15:59:43 +04:00
parent 41c91c48ee
commit 574a90771f
2 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/types.nix
View File

@ -55,6 +55,7 @@ let
concatMapStringsSep concatMapStringsSep
concatStringsSep concatStringsSep
escapeNixString escapeNixString
hasInfix
isCoercibleToString isCoercibleToString
; ;
inherit (lib.trivial) inherit (lib.trivial)
@ -360,6 +361,11 @@ rec {
deprecationMessage = "See https://github.com/NixOS/nixpkgs/pull/66346 for better alternative types."; deprecationMessage = "See https://github.com/NixOS/nixpkgs/pull/66346 for better alternative types.";
}; };
passwdEntry = entryType: addCheck entryType (str: !(hasInfix ":" str || hasInfix "\n" str)) // {
name = "passwdEntry ${entryType.name}";
description = "${entryType.description}, not containing newlines or colons";
};
attrs = mkOptionType { attrs = mkOptionType {
name = "attrs"; name = "attrs";
description = "attribute set"; description = "attribute set";

16
nixos/modules/config/users-groups.nix
View File

@ -6,12 +6,6 @@ let
ids = config.ids; ids = config.ids;
cfg = config.users; cfg = config.users;
isPasswdCompatible = str: !(hasInfix ":" str || hasInfix "\n" str);
passwdEntry = type: lib.types.addCheck type isPasswdCompatible // {
name = "passwdEntry ${type.name}";
description = "${type.description}, not containing newlines or colons";
};
# Check whether a password hash will allow login. # Check whether a password hash will allow login.
allowsLogin = hash: allowsLogin = hash:
hash == "" # login without password hash == "" # login without password
@ -60,7 +54,7 @@ let
options = { options = {
name = mkOption { name = mkOption {
type = passwdEntry types.str; type = types.passwdEntry types.str;
apply = x: assert (builtins.stringLength x < 32 || abort "Username '${x}' is longer than 31 characters which is not allowed!"); x; apply = x: assert (builtins.stringLength x < 32 || abort "Username '${x}' is longer than 31 characters which is not allowed!"); x;
description = '' description = ''
The name of the user account. If undefined, the name of the The name of the user account. If undefined, the name of the
@ -69,7 +63,7 @@ let
}; };
description = mkOption { description = mkOption {
type = passwdEntry types.str; type = types.passwdEntry types.str;
default = ""; default = "";
example = "Alice Q. User"; example = "Alice Q. User";
description = '' description = ''
@ -134,7 +128,7 @@ let
}; };
home = mkOption { home = mkOption {
type = passwdEntry types.path; type = types.passwdEntry types.path;
default = "/var/empty"; default = "/var/empty";
description = "The user's home directory."; description = "The user's home directory.";
}; };
@ -169,7 +163,7 @@ let
}; };
shell = mkOption { shell = mkOption {
type = types.nullOr (types.either types.shellPackage (passwdEntry types.path)); type = types.nullOr (types.either types.shellPackage (types.passwdEntry types.path));
default = pkgs.shadow; default = pkgs.shadow;
defaultText = literalExpression "pkgs.shadow"; defaultText = literalExpression "pkgs.shadow";
example = literalExpression "pkgs.bashInteractive"; example = literalExpression "pkgs.bashInteractive";
@ -349,7 +343,7 @@ let
options = { options = {
name = mkOption { name = mkOption {
type = passwdEntry types.str; type = types.passwdEntry types.str;
description = '' description = ''
The name of the group. If undefined, the name of the attribute set The name of the group. If undefined, the name of the attribute set
will be used. will be used.