forked from mirrors/nixpkgs
Add option ‘users.motd’ for setting a message of the day shown on login
Note that this uses pam_motd.
This commit is contained in:
Eelco Dolstra
parent
c980faebe2
commit
224c825a36
|
|
@ -1,6 +1,6 @@
|
|||
# Configuration for the pwdutils suite of tools: passwd, useradd, etc.
|
||||
|
||||
{config, pkgs, ...}:
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
|
||||
|
|
@ -27,6 +27,7 @@ let
|
|||
# Uncomment this to allow non-root users to change their account
|
||||
#information. This should be made configurable.
|
||||
#CHFN_RESTRICT frwh
|
||||
|
||||
'';
|
||||
|
||||
in
|
||||
|
|
@ -90,7 +91,7 @@ in
|
|||
{ name = "groupmod"; rootOK = true; }
|
||||
{ name = "groupmems"; rootOK = true; }
|
||||
{ name = "groupdel"; rootOK = true; }
|
||||
{ name = "login"; startSession = true; allowNullPassword = true; }
|
||||
{ name = "login"; startSession = true; allowNullPassword = true; showMotd = true; }
|
||||
];
|
||||
|
||||
security.setuidPrograms = [ "passwd" "chfn" "su" "newgrp" ];
|
||||
|
|
|
|||
|
|
@ -29,6 +29,8 @@ let
|
|||
concatStringsSep " " [ domain type item value ])
|
||||
limits));
|
||||
|
||||
motd = pkgs.writeText "motd" config.users.motd;
|
||||
|
||||
makePAMService =
|
||||
{ name
|
||||
, # If set, root doesn't need to authenticate (e.g. for the "chsh"
|
||||
|
|
@ -58,6 +60,8 @@ let
|
|||
allowNullPassword ? false
|
||||
, # The limits, as per limits.conf(5).
|
||||
limits ? config.security.pam.loginLimits
|
||||
, # Whether to show the message of the day.
|
||||
showMotd ? false
|
||||
}:
|
||||
|
||||
{ source = pkgs.writeText "${name}.pam"
|
||||
|
|
@ -110,6 +114,8 @@ let
|
|||
"session optional pam_xauth.so xauthpath=${pkgs.xorg.xauth}/bin/xauth systemuser=99"}
|
||||
${optionalString (limits != [])
|
||||
"session required ${pkgs.pam}/lib/security/pam_limits.so conf=${makeLimitsConf limits}"}
|
||||
${optionalString (showMotd && config.users.motd != null)
|
||||
"session optional ${pkgs.pam}/lib/security/pam_motd.so motd=${motd}"}
|
||||
'';
|
||||
target = "pam.d/${name}";
|
||||
};
|
||||
|
|
@ -201,6 +207,13 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
users.motd = mkOption {
|
||||
default = null;
|
||||
example = "Today is Sweetmorn, the 4th day of The Aftermath in the YOLD 3178.";
|
||||
type = types.nullOr types.string;
|
||||
description = "Message of the day shown to users when they log in.";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -358,7 +358,7 @@ in
|
|||
|
||||
networking.firewall.allowedTCPPorts = cfg.ports;
|
||||
|
||||
security.pam.services = optional cfg.usePAM { name = "sshd"; startSession = true; };
|
||||
security.pam.services = optional cfg.usePAM { name = "sshd"; startSession = true; showMotd = true; };
|
||||
|
||||
services.openssh.extraConfig =
|
||||
''
|
||||
|
|
@ -390,10 +390,13 @@ in
|
|||
GatewayPorts ${cfg.gatewayPorts}
|
||||
PasswordAuthentication ${if cfg.passwordAuthentication then "yes" else "no"}
|
||||
ChallengeResponseAuthentication ${if cfg.challengeResponseAuthentication then "yes" else "no"}
|
||||
|
||||
PrintMotd no # handled by pam_motd
|
||||
'';
|
||||
|
||||
assertions = [{ assertion = if cfg.forwardX11 then cfgc.setXAuthLocation else true;
|
||||
message = "cannot enable X11 forwarding without setting xauth location";}];
|
||||
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue