Obsolete security.initialPassword
You can now set users.extraUsers.root.initialHashedPassword instead.
This commit is contained in:
parent
f8f787b800
commit
f496c3cbe4
5 changed files with 11 additions and 28 deletions
|
@ -426,24 +426,12 @@ in {
|
|||
options = [ groupOpts ];
|
||||
};
|
||||
|
||||
# FIXME: obsolete - will remove.
|
||||
security.initialRootPassword = mkOption {
|
||||
type = types.str;
|
||||
default = "!";
|
||||
example = "";
|
||||
description = ''
|
||||
The (hashed) password for the root account set on initial
|
||||
installation. The empty string denotes that root can login
|
||||
locally without a password (but not via remote services such
|
||||
as SSH, or indirectly via <command>su</command> or
|
||||
<command>sudo</command>). The string <literal>!</literal>
|
||||
prevents root from logging in using a password.
|
||||
Note that setting this option sets
|
||||
<literal>users.extraUsers.root.hashedPassword</literal>.
|
||||
Also, if <literal>users.mutableUsers</literal> is false
|
||||
you cannot change the root password manually, so in that case
|
||||
the name of this option is a bit misleading, since it will define
|
||||
the root password beyond the user initialisation phase.
|
||||
'';
|
||||
visible = false;
|
||||
};
|
||||
|
||||
};
|
||||
|
@ -461,7 +449,7 @@ in {
|
|||
shell = mkDefault cfg.defaultUserShell;
|
||||
group = "root";
|
||||
extraGroups = [ "grsecurity" ];
|
||||
hashedPassword = mkDefault config.security.initialRootPassword;
|
||||
initialHashedPassword = mkDefault config.security.initialRootPassword;
|
||||
};
|
||||
nobody = {
|
||||
uid = ids.uids.nobody;
|
||||
|
|
|
@ -49,5 +49,5 @@ with lib;
|
|||
boot.supportedFilesystems = [ "zfs" "btrfs" ];
|
||||
|
||||
# Allow the user to log in as root without a password.
|
||||
security.initialRootPassword = "";
|
||||
users.extraUsers.root.initialHashedPassword = "";
|
||||
}
|
||||
|
|
|
@ -98,7 +98,7 @@ let kernel = config.boot.kernelPackages.kernel; in
|
|||
networking.usePredictableInterfaceNames = false;
|
||||
|
||||
# Make it easy to log in as root when running the test interactively.
|
||||
security.initialRootPassword = mkDefault "";
|
||||
users.extraUsers.root.initialHashedPassword = mkDefault "";
|
||||
|
||||
};
|
||||
|
||||
|
|
|
@ -191,10 +191,5 @@ in
|
|||
environment.systemPackages = [ pkgs.cryptsetup ];
|
||||
|
||||
boot.initrd.supportedFilesystems = [ "unionfs-fuse" ];
|
||||
|
||||
# Prevent logging in as root without a password. This doesn't really matter,
|
||||
# since the only PAM services that allow logging in with a null
|
||||
# password are local ones that are inaccessible on EC2 machines.
|
||||
security.initialRootPassword = mkDefault "!";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -38,8 +38,8 @@ in {
|
|||
'';
|
||||
|
||||
|
||||
# docker image config
|
||||
require = [
|
||||
# Docker image config.
|
||||
imports = [
|
||||
../installer/cd-dvd/channel.nix
|
||||
../profiles/minimal.nix
|
||||
../profiles/clone-config.nix
|
||||
|
@ -47,16 +47,16 @@ in {
|
|||
|
||||
boot.isContainer = true;
|
||||
|
||||
# Iptables do not work in docker
|
||||
# Iptables do not work in Docker.
|
||||
networking.firewall.enable = false;
|
||||
|
||||
services.openssh.enable = true;
|
||||
|
||||
# Socket activated ssh presents problem in docker
|
||||
# Socket activated ssh presents problem in Docker.
|
||||
services.openssh.startWhenNeeded = false;
|
||||
|
||||
# Allow the user to login as root without password
|
||||
security.initialRootPassword = "";
|
||||
# Allow the user to login as root without password.
|
||||
users.extraUsers.root.initialHashedPassword = mkDefault "";
|
||||
|
||||
# Some more help text.
|
||||
services.mingetty.helpLine =
|
||||
|
|
Loading…
Reference in a new issue