From 192ae663cc6b50832a5546f294fd4db6f37bf712 Mon Sep 17 00:00:00 2001 From: Markus Napierkowski Date: Fri, 11 Nov 2022 16:11:37 +0100 Subject: [PATCH 1/2] nixos/pam: allow backing the motd with a file --- nixos/modules/security/pam.nix | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index 21e1749d8503..08b51788e082 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -694,7 +694,7 @@ let optionalString (cfg.limits != []) '' session required ${pkgs.pam}/lib/security/pam_limits.so conf=${makeLimitsConf cfg.limits} '' + - optionalString (cfg.showMotd && config.users.motd != null) '' + optionalString (cfg.showMotd && (config.users.motd != null || config.users.motdFile != null)) '' session optional ${pkgs.pam}/lib/security/pam_motd.so motd=${motd} '' + optionalString (cfg.enableAppArmor && config.security.apparmor.enable) '' @@ -775,7 +775,9 @@ let }; })); - motd = pkgs.writeText "motd" config.users.motd; + motd = if isNull config.users.motdFile + then pkgs.writeText "motd" config.users.motd + else config.users.motdFile; makePAMService = name: service: { name = "pam.d/${name}"; @@ -1199,12 +1201,26 @@ in description = lib.mdDoc "Message of the day shown to users when they log in."; }; + users.motdFile = mkOption { + default = null; + example = "/etc/motd"; + type = types.nullOr types.path; + description = lib.mdDoc "A file containing the message of the day shown to users when they log in."; + }; }; ###### implementation config = { + assertions = [ + { + assertion = isNull config.users.motd || isNull config.users.motdFile; + message = '' + Only one of users.motd and users.motdFile can be set. + ''; + } + ]; environment.systemPackages = # Include the PAM modules in the system path mostly for the manpages. From e6c6e41649886783d9dd4765bc7fccd25f022b43 Mon Sep 17 00:00:00 2001 From: Markus Napierkowski Date: Tue, 13 Dec 2022 17:37:56 +0100 Subject: [PATCH 2/2] release-notes: add an entry for users.motdFile --- nixos/doc/manual/from_md/release-notes/rl-2305.section.xml | 7 +++++++ nixos/doc/manual/release-notes/rl-2305.section.md | 2 ++ 2 files changed, 9 insertions(+) diff --git a/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml index b73aa325bbf7..7bbbb37f7d1b 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml @@ -221,6 +221,13 @@ package. + + + The new option users.motdFile allows + configuring a Message Of The Day that can be updated + dynamically. + + Resilio sync secret keys can now be provided using a secrets diff --git a/nixos/doc/manual/release-notes/rl-2305.section.md b/nixos/doc/manual/release-notes/rl-2305.section.md index 84216758bad5..ab21cb561a23 100644 --- a/nixos/doc/manual/release-notes/rl-2305.section.md +++ b/nixos/doc/manual/release-notes/rl-2305.section.md @@ -66,6 +66,8 @@ In addition to numerous new and upgraded packages, this release has the followin - A new `virtualisation.rosetta` module was added to allow running `x86_64` binaries through [Rosetta](https://developer.apple.com/documentation/apple-silicon/about-the-rosetta-translation-environment) inside virtualised NixOS guests on Apple silicon. This feature works by default with the [UTM](https://docs.getutm.app/) virtualisation [package](https://search.nixos.org/packages?channel=unstable&show=utm&from=0&size=1&sort=relevance&type=packages&query=utm). +- The new option `users.motdFile` allows configuring a Message Of The Day that can be updated dynamically. + - Resilio sync secret keys can now be provided using a secrets file at runtime, preventing these secrets from ending up in the Nix store. - The `services.fwupd` module now allows arbitrary daemon settings to be configured in a structured manner ([`services.fwupd.daemonSettings`](#opt-services.fwupd.daemonSettings)).