commit 5cea7ee4527d3bbe2ba9675f9fb24c69d22c044d · tjh.dev/nixpkgs

tjh.dev / nixpkgs

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

fork atom

Merge pull request #262583 from ElvishJerricco/systemd-stage-1-shells

systemd-stage-1: Support for user shells

authored by Will Fancher and committed by GitHub 2 years ago 5cea7ee4 b9d8a730

+20 -8

2 changed files

expand all

unified split

nixos

modules

config

users-groups.nix

system

boot

initrd-ssh.nix

+14 -3

nixos/modules/config/users-groups.nix

··· 606 defaultText = literalExpression "config.users.users.\${name}.group"; 607 default = cfg.users.${name}.group; 608 }; 609 })); 610 }; 611 ··· 750 boot.initrd.systemd = lib.mkIf config.boot.initrd.systemd.enable { 751 contents = { 752 "/etc/passwd".text = '' 753 - ${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: { uid, group }: let 754 g = config.boot.initrd.systemd.groups.${group}; 755 - in "${n}:x:${toString uid}:${toString g.gid}::/var/empty:") config.boot.initrd.systemd.users)} 756 ''; 757 "/etc/group".text = '' 758 ${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: { gid }: "${n}:x:${toString gid}:") config.boot.initrd.systemd.groups)} 759 ''; 760 }; 761 762 users = { 763 - root = {}; 764 nobody = {}; 765 }; 766

··· 606 defaultText = literalExpression "config.users.users.\${name}.group"; 607 default = cfg.users.${name}.group; 608 }; 609 + options.shell = mkOption { 610 + type = types.passwdEntry types.path; 611 + description = '' 612 + The path to the user's shell in initrd. 613 + ''; 614 + default = "${pkgs.shadow}/bin/nologin"; 615 + defaultText = literalExpression "\${pkgs.shadow}/bin/nologin"; 616 + }; 617 })); 618 }; 619 ··· 758 boot.initrd.systemd = lib.mkIf config.boot.initrd.systemd.enable { 759 contents = { 760 "/etc/passwd".text = '' 761 + ${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: { uid, group, shell }: let 762 g = config.boot.initrd.systemd.groups.${group}; 763 + in "${n}:x:${toString uid}:${toString g.gid}::/var/empty:${shell}") config.boot.initrd.systemd.users)} 764 ''; 765 "/etc/group".text = '' 766 ${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: { gid }: "${n}:x:${toString gid}:") config.boot.initrd.systemd.groups)} 767 ''; 768 + "/etc/shells".text = lib.concatStringsSep "\n" (lib.unique (lib.mapAttrsToList (_: u: u.shell) config.boot.initrd.systemd.users)) + "\n"; 769 }; 770 771 + storePaths = [ "${pkgs.shadow}/bin/nologin" ]; 772 + 773 users = { 774 + root = { shell = lib.mkDefault "/bin/bash"; }; 775 nobody = {}; 776 }; 777

+6 -5

nixos/modules/system/boot/initrd-ssh.nix

··· 164 for instructions. 165 ''; 166 } 167 168 - { 169 - assertion = config.boot.initrd.systemd.enable -> cfg.shell == null; 170 - message = "systemd stage 1 does not support boot.initrd.network.ssh.shell"; 171 - } 172 - ]; 173 174 boot.initrd.extraUtilsCommands = mkIf (!config.boot.initrd.systemd.enable) '' 175 copy_bin_and_libs ${package}/bin/sshd ··· 234 boot.initrd.systemd = mkIf config.boot.initrd.systemd.enable { 235 users.sshd = { uid = 1; group = "sshd"; }; 236 groups.sshd = { gid = 1; }; 237 238 contents."/etc/ssh/authorized_keys.d/root".text = 239 concatStringsSep "\n" config.boot.initrd.network.ssh.authorizedKeys;

··· 164 for instructions. 165 ''; 166 } 167 + ]; 168 169 + warnings = lib.optional (config.boot.initrd.systemd.enable -> cfg.shell != null) '' 170 + Please set 'boot.initrd.systemd.users.root.shell' instead of 'boot.initrd.network.ssh.shell' 171 + ''; 172 173 boot.initrd.extraUtilsCommands = mkIf (!config.boot.initrd.systemd.enable) '' 174 copy_bin_and_libs ${package}/bin/sshd ··· 233 boot.initrd.systemd = mkIf config.boot.initrd.systemd.enable { 234 users.sshd = { uid = 1; group = "sshd"; }; 235 groups.sshd = { gid = 1; }; 236 + 237 + users.root.shell = mkIf (config.boot.initrd.network.ssh.shell != null) config.boot.initrd.network.ssh.shell; 238 239 contents."/etc/ssh/authorized_keys.d/root".text = 240 concatStringsSep "\n" config.boot.initrd.network.ssh.authorizedKeys;