commit 5cea7ee4527d3bbe2ba9675f9fb24c69d22c044d · pyrox.dev/nixpkgs

+14 -3

nixos/modules/config/users-groups.nix

···

       606
       606
        
                 defaultText = literalExpression "config.users.users.\${name}.group";

     

       607
       607
        
                 default = cfg.users.${name}.group;

     

       608
       608
        
               };

     

       609
       609
       +
               options.shell = mkOption {

     

       610
       610
       +
                 type = types.passwdEntry types.path;

     

       611
       611
       +
                 description = ''

     

       612
       612
       +
                   The path to the user's shell in initrd.

     

       613
       613
       +
                 '';

     

       614
       614
       +
                 default = "${pkgs.shadow}/bin/nologin";

     

       615
       615
       +
                 defaultText = literalExpression "\${pkgs.shadow}/bin/nologin";

     

       616
       616
       +
               };

     

       609
       617
        
             }));

     

       610
       618
        
           };

     

       611
       619
        
       

     
···

       750
       758
        
           boot.initrd.systemd = lib.mkIf config.boot.initrd.systemd.enable {

     

       751
       759
        
             contents = {

     

       752
       760
        
               "/etc/passwd".text = ''

     

       753
       753
       -
                 ${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: { uid, group }: let

     

       761
       761
       +
                 ${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: { uid, group, shell }: let

     

       754
       762
        
                   g = config.boot.initrd.systemd.groups.${group};

     

       755
       755
       -
                 in "${n}:x:${toString uid}:${toString g.gid}::/var/empty:") config.boot.initrd.systemd.users)}

     

       763
       763
       +
                 in "${n}:x:${toString uid}:${toString g.gid}::/var/empty:${shell}") config.boot.initrd.systemd.users)}

     

       756
       764
        
               '';

     

       757
       765
        
               "/etc/group".text = ''

     

       758
       766
        
                 ${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: { gid }: "${n}:x:${toString gid}:") config.boot.initrd.systemd.groups)}

     

       759
       767
        
               '';

     

       768
       768
       +
               "/etc/shells".text = lib.concatStringsSep "\n" (lib.unique (lib.mapAttrsToList (_: u: u.shell) config.boot.initrd.systemd.users)) + "\n";

     

       760
       769
        
             };

     

       761
       770
        
       

     

       771
       771
       +
             storePaths = [ "${pkgs.shadow}/bin/nologin" ];

     

       772
       772
       +
       

     

       762
       773
        
             users = {

     

       763
       763
       -
               root = {};

     

       774
       774
       +
               root = { shell = lib.mkDefault "/bin/bash"; };

     

       764
       775
        
               nobody = {};

     

       765
       776
        
             };

     

       766
       777

+6 -5

nixos/modules/system/boot/initrd-ssh.nix

···

       164
       164
        
                 for instructions.

     

       165
       165
        
               '';

     

       166
       166
        
             }

     

       167
       167
       +
           ];

     

       167
       168
        
       

     

       168
       168
       -
             {

     

       169
       169
       -
               assertion = config.boot.initrd.systemd.enable -> cfg.shell == null;

     

       170
       170
       -
               message = "systemd stage 1 does not support boot.initrd.network.ssh.shell";

     

       171
       171
       -
             }

     

       172
       172
       -
           ];

     

       169
       169
       +
           warnings = lib.optional (config.boot.initrd.systemd.enable -> cfg.shell != null) ''

     

       170
       170
       +
             Please set 'boot.initrd.systemd.users.root.shell' instead of 'boot.initrd.network.ssh.shell'

     

       171
       171
       +
           '';

     

       173
       172
        
       

     

       174
       173
        
           boot.initrd.extraUtilsCommands = mkIf (!config.boot.initrd.systemd.enable) ''

     

       175
       174
        
             copy_bin_and_libs ${package}/bin/sshd

     
···

       234
       233
        
           boot.initrd.systemd = mkIf config.boot.initrd.systemd.enable {

     

       235
       234
        
             users.sshd = { uid = 1; group = "sshd"; };

     

       236
       235
        
             groups.sshd = { gid = 1; };

     

       236
       236
       +
       

     

       237
       237
       +
             users.root.shell = mkIf (config.boot.initrd.network.ssh.shell != null) config.boot.initrd.network.ssh.shell;

     

       237
       238
        
       

     

       238
       239
        
             contents."/etc/ssh/authorized_keys.d/root".text =

     

       239
       240
        
               concatStringsSep "\n" config.boot.initrd.network.ssh.authorizedKeys;