From af4adb1dd242c9d7c1225971108976b852497d3d Mon Sep 17 00:00:00 2001 From: Kovacsics Robert Date: Tue, 9 Jun 2020 17:22:05 +0100 Subject: [PATCH] nixos/users-groups: Use user name not attribute name for /etc/profiles/... This cropped up, because I have a set-up where my work username is different to my home desktop username, and I am using a parameterized config for both, so I have something akin to config.users.users.default-user = ...; and using config.users.users.default-user.{name, home} in certain places to cope with this. Noticed my home-manager bought in packages (which use the users.users..packages hence NixOS issue not home-manager) weren't present. --- nixos/modules/config/users-groups.nix | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index 1a530b9f0135..5ed1f568f499 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -593,8 +593,8 @@ in { # password or an SSH authorized key. Privileged accounts are # root and users in the wheel group. assertion = !cfg.mutableUsers -> - any id ((mapAttrsToList (name: cfg: - (name == "root" + any id ((mapAttrsToList (_: cfg: + (cfg.name == "root" || cfg.group == "wheel" || elem "wheel" cfg.extraGroups) && @@ -615,16 +615,16 @@ in { assertion = (user.hashedPassword != null) -> (builtins.match ".*:.*" user.hashedPassword == null); message = '' - The password hash of user "${name}" contains a ":" character. + The password hash of user "${user.name}" contains a ":" character. This is invalid and would break the login system because the fields of /etc/shadow (file where hashes are stored) are colon-separated. - Please check the value of option `users.users."${name}".hashedPassword`.''; + Please check the value of option `users.users."${user.name}".hashedPassword`.''; } ); warnings = builtins.filter (x: x != null) ( - flip mapAttrsToList cfg.users (name: user: + flip mapAttrsToList cfg.users (_: user: # This regex matches a subset of the Modular Crypto Format (MCF)[1] # informal standard. Since this depends largely on the OS or the # specific implementation of crypt(3) we only support the (sane) @@ -647,9 +647,9 @@ in { && user.hashedPassword != "" # login without password && builtins.match mcf user.hashedPassword == null) then '' - The password hash of user "${name}" may be invalid. You must set a + The password hash of user "${user.name}" may be invalid. You must set a valid hash or the user will be locked out of their account. Please - check the value of option `users.users."${name}".hashedPassword`.'' + check the value of option `users.users."${user.name}".hashedPassword`.'' else null ));