pyrox.dev / nixpkgs
lol
fork atom

systemd-initrd: Don't use SYSTEMD_SULOGIN_FORCE

Will Fancher 71983a6e 10193ca1

options
unified split
Changed files
+5 -2
nixos
modules
system
boot
systemd
initrd.nix
+5 -2
nixos/modules/system/boot/systemd/initrd.nix 
···

       
378

       
378

       
 

       



     

       
379

       
379

       
 

       
        "/etc/systemd/system.conf".text = ''


     

       
380

       
380

       
 

       
          [Manager]


     

       
381

       

       
-

       
          DefaultEnvironment=PATH=/bin:/sbin ${optionalString (isBool cfg.emergencyAccess && cfg.emergencyAccess) "SYSTEMD_SULOGIN_FORCE=1"}


     

       

       
381

       
+

       
          DefaultEnvironment=PATH=/bin:/sbin


     

       
382

       
382

       
 

       
          ${cfg.extraConfig}


     

       
383

       
383

       
 

       
          ManagerEnvironment=${lib.concatStringsSep " " (lib.mapAttrsToList (n: v: "${n}=${lib.escapeShellArg v}") cfg.managerEnvironment)}


     

       
384

       
384

       
 

       
        '';


     
···

       
389

       
389

       
 

       
        "/etc/modules-load.d/nixos.conf".text = concatStringsSep "\n" config.boot.initrd.kernelModules;


     

       
390

       
390

       
 

       



     

       
391

       
391

       
 

       
        "/etc/passwd".source = "${pkgs.fakeNss}/etc/passwd";


     

       
392

       

       
-

       
        "/etc/shadow".text = "root:${if isBool cfg.emergencyAccess then "!" else cfg.emergencyAccess}:::::::";


     

       

       
392

       
+

       
        # We can use either ! or * to lock the root account in the


     

       

       
393

       
+

       
        # console, but some software like OpenSSH won't even allow you


     

       

       
394

       
+

       
        # to log in with an SSH key if you use ! so we use * instead


     

       

       
395

       
+

       
        "/etc/shadow".text = "root:${if isBool cfg.emergencyAccess then optionalString (!cfg.emergencyAccess) "*" else cfg.emergencyAccess}:::::::";


     

       
393

       
396

       
 

       



     

       
394

       
397

       
 

       
        "/bin".source = "${initrdBinEnv}/bin";


     

       
395

       
398

       
 

       
        "/sbin".source = "${initrdBinEnv}/sbin";