extern/nix-config
1
0
Fork 1
mirror of https://github.com/donovanglover/nix-config.git synced 2024-11-22 08:14:00 +01:00
Code Issues Packages Projects Releases Wiki Activity

system: Add option to specify hashedPassword

Browse Source 
It may be useful to add hashedPasswordFile in the future, although from
my testing it was possible to rebuild a VM that used a cached derivation
with the old password.

Ideally your main form of authentication is through LUKS encryption or
SSH keys anyway, and this password should solely be used for sudo
purposes.
This commit is contained in:
Donovan Glover 2024-04-06 08:11:58 -04:00
parent 76a397031f
commit dd3d09bb67
No known key found for this signature in database
GPG Key ID: EA7408A77AE1BE65
1 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
modules/system.nix
View File

@ -1,10 +1,10 @@
{ nix-config, pkgs, lib, config, ... }:
let
inherit (lib) mkOption mkEnableOption;
inherit (lib.types) str listOf;
inherit (lib) mkOption mkEnableOption mkIf;
inherit (lib.types) nullOr str listOf;
inherit (pkgs.nixVersions) nix_2_19;
inherit (cfg) username iHaveLotsOfRam;
inherit (cfg) username iHaveLotsOfRam hashedPassword;
inherit (builtins) attrValues;
cfg = config.modules.system;
@ -20,6 +20,11 @@ in
default = "user";
};
hashedPassword = mkOption {
type = nullOr str;
default = null;
};
timeZone = mkOption {
type = str;
default = "America/New_York";
@ -98,9 +103,11 @@ in
mutableUsers = false;
users.${username} = {
inherit hashedPassword;
isNormalUser = true;
uid = 1000;
password = username;
password = mkIf (hashedPassword == null) username;
extraGroups = [ "wheel" "networkmanager" ];
};
};