commit 6c1b52297d5966949640e393df2f2e59ed8508e2 · pyrox.dev/nixpkgs

+1 -2

nixos/doc/manual/configuration/user-mgmt.chapter.md

···

       32
       32
        
       groups, such as useradd, are no longer available. Passwords may still be

     

       33
       33
        
       assigned by setting the user\'s

     

       34
       34
        
       [hashedPassword](#opt-users.users._name_.hashedPassword) option. A

     

       35
       35
       -
       hashed password can be generated using `mkpasswd -m

     

       36
       36
       -
         sha-512`.

     

       35
       35
       +
       hashed password can be generated using `mkpasswd`.

     

       37
       36
        
       

     

       38
       37
        
       A user ID (uid) is assigned automatically. You can also specify a uid

     

       39
       38
        
       manually by adding

+1 -1

nixos/doc/manual/from_md/configuration/user-mgmt.chapter.xml

···

       39
       39
        
           Passwords may still be assigned by setting the user's

     

       40
       40
        
           <link linkend="opt-users.users._name_.hashedPassword">hashedPassword</link>

     

       41
       41
        
           option. A hashed password can be generated using

     

       42
       42
       -
           <literal>mkpasswd -m sha-512</literal>.

     

       42
       42
       +
           <literal>mkpasswd</literal>.

     

       43
       43
        
         </para>

     

       44
       44
        
         <para>

     

       45
       45
        
           A user ID (uid) is assigned automatically. You can also specify a

+21 -1

nixos/modules/config/users-groups.nix

···

       35
       35
        
         '';

     

       36
       36
        
       

     

       37
       37
        
         hashedPasswordDescription = ''

     

       38
       38
       -
           To generate a hashed password run `mkpasswd -m sha-512`.

     

       38
       38
       +
           To generate a hashed password run `mkpasswd`.

     

       39
       39
        
       

     

       40
       40
        
           If set to an empty string (`""`), this user will

     

       41
       41
        
           be able to log in without being asked for a password (but not via remote

     
···

       589
       589
        
       

     

       590
       590
        
               ${pkgs.perl.withPackages (p: [ p.FileSlurp p.JSON ])}/bin/perl \

     

       591
       591
        
               -w ${./update-users-groups.pl} ${spec}

     

       592
       592
       +
             '';

     

       593
       593
       +
           };

     

       594
       594
       +
       

     

       595
       595
       +
           # Warn about user accounts with deprecated password hashing schemes

     

       596
       596
       +
           system.activationScripts.hashes = {

     

       597
       597
       +
             deps = [ "users" ];

     

       598
       598
       +
             text = ''

     

       599
       599
       +
               users=()

     

       600
       600
       +
               while IFS=: read -r user hash tail; do

     

       601
       601
       +
                 if [[ "$hash" = "$"* && ! "$hash" =~ ^\$(y|gy|7|2b|2y|2a|6)\$ ]]; then

     

       602
       602
       +
                   users+=("$user")

     

       603
       603
       +
                 fi

     

       604
       604
       +
               done </etc/shadow

     

       605
       605
       +
       

     

       606
       606
       +
               if (( "''${#users[@]}" )); then

     

       607
       607
       +
                 echo "

     

       608
       608
       +
               WARNING: The following user accounts rely on password hashes that will

     

       609
       609
       +
               be removed in NixOS 23.05. They should be renewed as soon as possible."

     

       610
       610
       +
                 printf ' - %s\n' "''${users[@]}"

     

       611
       611
       +
               fi

     

       592
       612
        
             '';

     

       593
       613
        
           };

     

       594
       614