nixpkgs/modules/config/guest-users.nix

{pkgs, config, ...}:

let
  inherit (pkgs.lib) mkOption;

  options = {
    services = {
      guestUsers = {
        enable = mkOption {
	  default = false;
	  description = "
	    Whether to enable automatic addition of users with empty passwords
	  ";
	};
	users = mkOption {
	  default = ["guest"];
	  description = "
	    List of usernames to add
	  ";
	};
	includeRoot = mkOption {
	  default = false;
	  description = "
	    LEAVE THAT ALONE; whether to reset root password
	  ";
	};
	extraGroups = mkOption {
	  default = ["audio"];
	  description = "
	    Extra groups to grant
	  ";
	};
      };
    };
  };
  
  inherit (pkgs.lib) concatStringsSep optionalString;

  cfg = config.services.guestUsers;

  userEntry = user:
  {
    name = user;
    description = "NixOS guest user";
    home = "/home/${user}";
    createHome = true;
    group = "users";
    extraGroups = cfg.extraGroups;
    shell = "/bin/sh";
  };

  nameString = (concatStringsSep " " cfg.users) + optionalString cfg.includeRoot " root";

in 

pkgs.lib.mkIf cfg.enable {
  require = options;

  system.activationScripts = {

    clearPasswords = pkgs.lib.fullDepEntry
      ''
        for i in ${nameString}; do
            echo | ${pkgs.pwdutils}/bin/passwd --stdin $i
        done
      '' ["defaultPath" "users" "groups"];

  };

  services.mingetty.helpLine = "\nThese users have empty passwords: ${nameString}";
  
  users.extraUsers = map userEntry cfg.users;
}
* Moved the guest-users.nix module to modules/config. Clearing the passwords is now done in an activation scriptlet rather than an Upstart job (not tested). BTW, we should get rid of this module and add support to the users-groups.nix module for creating accounts with an empty password. svn path=/nixos/branches/modular-nixos/; revision=15769 2009-05-28 16:37:30 +02:00			`{pkgs, config, ...}:`

Added guestUsers job for automatical adding guests svn path=/nixos/trunk/; revision=13732 2009-01-09 01:23:07 +01:00			`let`
* Moved the guest-users.nix module to modules/config. Clearing the passwords is now done in an activation scriptlet rather than an Upstart job (not tested). BTW, we should get rid of this module and add support to the users-groups.nix module for creating accounts with an empty password. svn path=/nixos/branches/modular-nixos/; revision=15769 2009-05-28 16:37:30 +02:00			`inherit (pkgs.lib) mkOption;`
Added guestUsers job for automatical adding guests svn path=/nixos/trunk/; revision=13732 2009-01-09 01:23:07 +01:00
			`options = {`
			`services = {`
			`guestUsers = {`
			`enable = mkOption {`
			`default = false;`
			`description = "`
			`Whether to enable automatic addition of users with empty passwords`
			`";`
			`};`
			`users = mkOption {`
			`default = ["guest"];`
			`description = "`
			`List of usernames to add`
			`";`
			`};`
			`includeRoot = mkOption {`
			`default = false;`
			`description = "`
			`LEAVE THAT ALONE; whether to reset root password`
			`";`
			`};`
			`extraGroups = mkOption {`
			`default = ["audio"];`
			`description = "`
			`Extra groups to grant`
			`";`
			`};`
			`};`
			`};`
			`};`
* That wasn't quite right. svn path=/nixos/branches/modular-nixos/; revision=15770 2009-05-28 16:57:31 +02:00
			`inherit (pkgs.lib) concatStringsSep optionalString;`
Added guestUsers job for automatical adding guests svn path=/nixos/trunk/; revision=13732 2009-01-09 01:23:07 +01:00
* That wasn't quite right. svn path=/nixos/branches/modular-nixos/; revision=15770 2009-05-28 16:57:31 +02:00			`cfg = config.services.guestUsers;`
Added guestUsers job for automatical adding guests svn path=/nixos/trunk/; revision=13732 2009-01-09 01:23:07 +01:00
			`userEntry = user:`
			`{`
			`name = user;`
			`description = "NixOS guest user";`
			`home = "/home/${user}";`
			`createHome = true;`
			`group = "users";`
* That wasn't quite right. svn path=/nixos/branches/modular-nixos/; revision=15770 2009-05-28 16:57:31 +02:00			`extraGroups = cfg.extraGroups;`
Added guestUsers job for automatical adding guests svn path=/nixos/trunk/; revision=13732 2009-01-09 01:23:07 +01:00			`shell = "/bin/sh";`
			`};`

* That wasn't quite right. svn path=/nixos/branches/modular-nixos/; revision=15770 2009-05-28 16:57:31 +02:00			`nameString = (concatStringsSep " " cfg.users) + optionalString cfg.includeRoot " root";`
Added guestUsers job for automatical adding guests svn path=/nixos/trunk/; revision=13732 2009-01-09 01:23:07 +01:00
			`in`

* That wasn't quite right. svn path=/nixos/branches/modular-nixos/; revision=15770 2009-05-28 16:57:31 +02:00			`pkgs.lib.mkIf cfg.enable {`
Added guestUsers job for automatical adding guests svn path=/nixos/trunk/; revision=13732 2009-01-09 01:23:07 +01:00			`require = options;`
* Moved the guest-users.nix module to modules/config. Clearing the passwords is now done in an activation scriptlet rather than an Upstart job (not tested). BTW, we should get rid of this module and add support to the users-groups.nix module for creating accounts with an empty password. svn path=/nixos/branches/modular-nixos/; revision=15769 2009-05-28 16:37:30 +02:00
* That wasn't quite right. svn path=/nixos/branches/modular-nixos/; revision=15770 2009-05-28 16:57:31 +02:00			`system.activationScripts = {`

			`clearPasswords = pkgs.lib.fullDepEntry`
			`''`
			`for i in ${nameString}; do`
			`echo \| ${pkgs.pwdutils}/bin/passwd --stdin $i`
			`done`
			`'' ["defaultPath" "users" "groups"];`

			`};`
* Moved the guest-users.nix module to modules/config. Clearing the passwords is now done in an activation scriptlet rather than an Upstart job (not tested). BTW, we should get rid of this module and add support to the users-groups.nix module for creating accounts with an empty password. svn path=/nixos/branches/modular-nixos/; revision=15769 2009-05-28 16:37:30 +02:00
* That wasn't quite right. svn path=/nixos/branches/modular-nixos/; revision=15770 2009-05-28 16:57:31 +02:00			`services.mingetty.helpLine = "\nThese users have empty passwords: ${nameString}";`
* Moved the guest-users.nix module to modules/config. Clearing the passwords is now done in an activation scriptlet rather than an Upstart job (not tested). BTW, we should get rid of this module and add support to the users-groups.nix module for creating accounts with an empty password. svn path=/nixos/branches/modular-nixos/; revision=15769 2009-05-28 16:37:30 +02:00
* That wasn't quite right. svn path=/nixos/branches/modular-nixos/; revision=15770 2009-05-28 16:57:31 +02:00			`users.extraUsers = map userEntry cfg.users;`
Added guestUsers job for automatical adding guests svn path=/nixos/trunk/; revision=13732 2009-01-09 01:23:07 +01:00			`}`