58 lines
1.6 KiB
Nix
58 lines
1.6 KiB
Nix
# Configuration for the pwdutils suite of tools: passwd, useradd, etc.
|
|
|
|
{config, pkgs, ...}:
|
|
|
|
let
|
|
|
|
options = {
|
|
|
|
users.defaultUserShell = pkgs.lib.mkOption {
|
|
default = "/var/run/current-system/sw/bin/bash";
|
|
description = ''
|
|
This option defined the default shell assigned to user
|
|
accounts. This must not be a store path, since the path is
|
|
used outside the store (in particular in /etc/passwd).
|
|
Rather, it should be the path of a symlink that points to the
|
|
actual shell in the Nix store.
|
|
'';
|
|
};
|
|
|
|
};
|
|
|
|
in
|
|
|
|
{
|
|
require = [options];
|
|
|
|
environment.etc =
|
|
[ { # /etc/login.defs: global configuration for pwdutils. You
|
|
# cannot login without it!
|
|
source = ./login.defs;
|
|
target = "login.defs";
|
|
}
|
|
|
|
{ # /etc/default/passwd: configuration for passwd and friends
|
|
# (e.g., hash algorithm for /etc/passwd).
|
|
source = pkgs.substituteAll {
|
|
src = ./passwd.conf;
|
|
# This depends on pam_unix2 being built with libxcrypt or libc's libcrypt.
|
|
# Only in the first case it will understand 'blowfish'. And pam_unix2
|
|
# is not built with libxcrypt at the time of writing (it did not build)
|
|
filesCipher = if (pkgs.stdenv.system == "armv5tel-linux") then
|
|
"des" else "blowfish";
|
|
};
|
|
target = "default/passwd";
|
|
}
|
|
|
|
{ # /etc/default/useradd: configuration for useradd.
|
|
source = pkgs.writeText "useradd"
|
|
''
|
|
GROUP=100
|
|
HOME=/home
|
|
SHELL=${config.users.defaultUserShell}
|
|
'';
|
|
target = "default/useradd";
|
|
}
|
|
];
|
|
}
|