pyrox.dev
lol
Merge pull request #200720 from kaldonir/dynamic-motd
pam: Allow backing the MOTD with a file
authored by
Ryan Lahfa
and committed by
GitHub
810e9ccf
08e19644
+27
-2
+7
nixos/doc/manual/from_md/release-notes/rl-2305.section.xml
+7
nixos/doc/manual/from_md/release-notes/rl-2305.section.xml
···
247
247
</listitem>
248
248
<listitem>
249
249
<para>
250
+
The new option <literal>users.motdFile</literal> allows
251
+
configuring a Message Of The Day that can be updated
252
+
dynamically.
253
+
</para>
254
+
</listitem>
255
+
<listitem>
256
+
<para>
250
257
Resilio sync secret keys can now be provided using a secrets
251
258
file at runtime, preventing these secrets from ending up in
252
259
the Nix store.
+2
nixos/doc/manual/release-notes/rl-2305.section.md
+2
nixos/doc/manual/release-notes/rl-2305.section.md
···
72
72
73
73
- A new `virtualisation.rosetta` module was added to allow running `x86_64` binaries through [Rosetta](https://developer.apple.com/documentation/apple-silicon/about-the-rosetta-translation-environment) inside virtualised NixOS guests on Apple silicon. This feature works by default with the [UTM](https://docs.getutm.app/) virtualisation [package](https://search.nixos.org/packages?channel=unstable&show=utm&from=0&size=1&sort=relevance&type=packages&query=utm).
74
74
75
+
- The new option `users.motdFile` allows configuring a Message Of The Day that can be updated dynamically.
76
+
75
77
- Resilio sync secret keys can now be provided using a secrets file at runtime, preventing these secrets from ending up in the Nix store.
76
78
77
79
- The `services.fwupd` module now allows arbitrary daemon settings to be configured in a structured manner ([`services.fwupd.daemonSettings`](#opt-services.fwupd.daemonSettings)).
+18
-2
nixos/modules/security/pam.nix
+18
-2
nixos/modules/security/pam.nix
···
694
694
optionalString (cfg.limits != []) ''
695
695
session required ${pkgs.pam}/lib/security/pam_limits.so conf=${makeLimitsConf cfg.limits}
696
696
'' +
697
-
optionalString (cfg.showMotd && config.users.motd != null) ''
697
+
optionalString (cfg.showMotd && (config.users.motd != null || config.users.motdFile != null)) ''
698
698
session optional ${pkgs.pam}/lib/security/pam_motd.so motd=${motd}
699
699
'' +
700
700
optionalString (cfg.enableAppArmor && config.security.apparmor.enable) ''
···
775
775
};
776
776
}));
777
777
778
-
motd = pkgs.writeText "motd" config.users.motd;
778
+
motd = if isNull config.users.motdFile
779
+
then pkgs.writeText "motd" config.users.motd
780
+
else config.users.motdFile;
779
781
780
782
makePAMService = name: service:
781
783
{ name = "pam.d/${name}";
···
1199
1201
description = lib.mdDoc "Message of the day shown to users when they log in.";
1200
1202
};
1201
1203
1204
+
users.motdFile = mkOption {
1205
+
default = null;
1206
+
example = "/etc/motd";
1207
+
type = types.nullOr types.path;
1208
+
description = lib.mdDoc "A file containing the message of the day shown to users when they log in.";
1209
+
};
1202
1210
};
1203
1211
1204
1212
1205
1213
###### implementation
1206
1214
1207
1215
config = {
1216
+
assertions = [
1217
+
{
1218
+
assertion = isNull config.users.motd || isNull config.users.motdFile;
1219
+
message = ''
1220
+
Only one of users.motd and users.motdFile can be set.
1221
+
'';
1222
+
}
1223
+
];
1208
1224
1209
1225
environment.systemPackages =
1210
1226
# Include the PAM modules in the system path mostly for the manpages.