* Fold the functionality of guest-users.nix into users-groups.nix by

adding an attribute "password" that defines the default password for an account. The default (null, as opposed to the empty string) means not to set a password. svn path=/nixos/trunk/; revision=16937
2009-09-02 17:35:24 +00:00 · 2009-09-02 17:35:24 +00:00 · 331bee12a4
commit 331bee12a4
parent a186b5e4b4
3 changed files with 63 additions and 136 deletions
--- a/modules/config/guest-users.nix
+++ b/modules/config/guest-users.nix
@ -1,73 +0,0 @@
-{pkgs, config, ...}:
-
-let
-  inherit (pkgs.lib) mkOption;
-
-  options = {
-    services = {
-      guestUsers = {
-        enable = mkOption {
-	  default = false;
-	  description = "
-	    Whether to enable automatic addition of users with empty passwords
-	  ";
-	};
-	users = mkOption {
-	  default = ["guest"];
-	  description = "
-	    List of usernames to add
-	  ";
-	};
-	includeRoot = mkOption {
-	  default = false;
-	  description = "
-	    LEAVE THAT ALONE; whether to reset root password
-	  ";
-	};
-	extraGroups = mkOption {
-	  default = ["audio"];
-	  description = "
-	    Extra groups to grant
-	  ";
-	};
-      };
-    };
-  };
-  
-  inherit (pkgs.lib) concatStringsSep optionalString;
-
-  cfg = config.services.guestUsers;
-
-  userEntry = user:
-  {
-    name = user;
-    description = "NixOS guest user";
-    home = "/home/${user}";
-    createHome = true;
-    group = "users";
-    extraGroups = cfg.extraGroups;
-    shell = "/bin/sh";
-  };
-
-  nameString = (concatStringsSep " " cfg.users) + optionalString cfg.includeRoot " root";
-
-in 
-
-pkgs.lib.mkIf cfg.enable {
-  require = options;
-
-  system.activationScripts = {
-
-    clearPasswords = pkgs.lib.fullDepEntry
-      ''
-        for i in ${nameString}; do
-            echo | ${pkgs.pwdutils}/bin/passwd --stdin $i
-        done
-      '' ["defaultPath" "users" "groups"];
-
-  };
-
-  services.mingetty.helpLine = "\nThese users have empty passwords: ${nameString}";
-  
-  users.extraUsers = map userEntry cfg.users;
-}
--- a/modules/config/users-groups.nix
+++ b/modules/config/users-groups.nix
@ -1,54 +1,17 @@
 {pkgs, config, ...}:

-###### interface
+with pkgs.lib;
+
 let
-  inherit (pkgs.lib) mkOption;

-  options = {
-    users = {
-      extraUsers = mkOption {
-        default = [];
-        example = [
-          { name = "alice";
-            uid = 1234;
-            description = "Alice";
-            home = "/home/alice";
-            createHome = true;
-            group = "users";
-            extraGroups = ["wheel"];
-            shell = "/bin/sh";
-          }
-        ];
-        description = "
-          Additional user accounts to be created automatically by the system.
-        ";
-      };
-
-      extraGroups = mkOption {
-        default = [];
-        example = [
-          { name = "students";
-            gid = 1001;
-          }
-        ];
-        description = "
-          Additional groups to be created automatically by the system.
-        ";
-      };
-    };
-  };
-in
-
-###### implementation
-let
  ids = config.ids;

+  
  # User accounts to be created/updated by NixOS.
  users =
    let
      defaultUsers =
-        [
-          { name = "root";
+        [ { name = "root";
            uid = ids.uids.root;
            description = "System administrator";
            home = "/root";
@ -80,8 +43,9 @@ let
        , shell ? (if useDefaultShell then config.users.defaultUserShell else "/noshell")
        , createHome ? false
        , useDefaultShell ? false
+        , password ? null
        }:
-        { inherit name description uid group extraGroups home shell createHome; };
+        { inherit name description uid group extraGroups home shell createHome password; };

    in map addAttrs (defaultUsers ++ nixBuildUsers ++ config.users.extraUsers);

@ -90,8 +54,7 @@ let
  groups =
    let
      defaultGroups = 
-        [
-          { name = "root";
+        [ { name = "root";
            gid = ids.gids.root;
          }
          { name = "wheel";
@ -144,31 +107,63 @@ let

    in map addAttrs (defaultGroups ++ config.users.extraGroups);

-  inherit (pkgs.lib) concatStringsSep;

-  serializedUser = u: "${u.name}\n${u.description}\n${toString u.uid}\n${u.group}\n${toString (concatStringsSep "," u.extraGroups)}\n${u.home}\n${u.shell}\n${toString u.createHome}";
+  # Note: the 'X' in front of the password is to distinguish between
+  # having an empty password, and not having a password.
+  serializedUser = u: "${u.name}\n${u.description}\n${toString u.uid}\n${u.group}\n${toString (concatStringsSep "," u.extraGroups)}\n${u.home}\n${u.shell}\n${toString u.createHome}\n${if u.password != null then "X" + u.password else ""}\n";
  serializedGroup = g: "${g.name}\n${toString g.gid}";
-in
-
-let
-  inherit (pkgs.stringsWithDeps) fullDepEntry;
-
+  
  # keep this extra file so that cat can be used to pass special chars such as "`" which is used in the avahi daemon
-  usersFile = pkgs.writeText "users" (concatStringsSep "\n" (map serializedUser users));
+  usersFile = pkgs.writeText "users" (concatStrings (map serializedUser users));
+  
 in

 {
-  require = [
-    options

-    # config.system.activationScripts
-    # ../system/activate-configuration.nix
-  ];
+  ###### interface

-  system = {
-    activationScripts = {
+  options = {
+  
+    users.extraUsers = mkOption {
+      default = [];
+      example =
+        [ { name = "alice";
+            uid = 1234;
+            description = "Alice";
+            home = "/home/alice";
+            createHome = true;
+            group = "users";
+            extraGroups = ["wheel"];
+            shell = "/bin/sh";
+            password = "foobar";
+          }
+        ];
+      description = ''
+        Additional user accounts to be created automatically by the system.
+      '';
+    };

-      users = fullDepEntry ''
+    users.extraGroups = mkOption {
+      default = [];
+      example =
+        [ { name = "students";
+            gid = 1001;
+          }
+        ];
+      description = ''
+        Additional groups to be created automatically by the system.
+      '';
+    };
+
+  };
+  
+
+  ###### implementation
+
+  config = {
+
+    system.activationScripts.users = fullDepEntry
+      ''
        cat ${usersFile} | while true; do
            read name || break
            read description
@ -178,6 +173,7 @@ in
            read home
            read shell
            read createHome
+            read password

            if ! curEnt=$(getent passwd "$name"); then
                echo "creating user $name..."
@ -190,6 +186,9 @@ in
                    --home "$home" \
                    --shell "$shell" \
                    ''${createHome:+--create-home}
+                if test "''${password:0:1}" = 'X'; then
+                    echo "''${password:1}" | ${pkgs.pwdutils}/bin/passwd --stdin "$name"
+                fi
            else
                #echo "updating user $name..."
                oldIFS="$IFS"; IFS=:; set -- $curEnt; IFS="$oldIFS"
@ -210,10 +209,12 @@ in
                    ''${home:+--home "$home"} \
                    --shell "$shell"
            fi
+
        done
      '' [ "groups" ];

-      groups = fullDepEntry ''
+    system.activationScripts.groups = fullDepEntry
+      ''
        while true; do
            read name || break
            read gid
@ -236,6 +237,6 @@ in
        EndOfGroupList
      '' [ "rootPasswd" "binsh" "etc" "var" ];

-    };
  };
+
 }
--- a/modules/module-list.nix
+++ b/modules/module-list.nix
@ -1,5 +1,4 @@
 [ ./config/fonts.nix
-  ./config/guest-users.nix
  ./config/i18n.nix
  ./config/ldap.nix
  ./config/networking.nix