lib.types, nixos/users: Make passwdEntry available

More nixpkgs code such as `boot.initrd.systemd.emergencyAccess` defines options that takes hashed passwords, so move the type definition from modules/ into lib/. The type definition itself stays unchanged.
2022-06-25 15:59:43 +04:00 · 2022-06-25 15:59:43 +04:00 · 574a90771f
parent 41c91c48ee
commit 574a90771f
2 changed files with 11 additions and 11 deletions
--- a/lib/types.nix
+++ b/lib/types.nix
@ -55,6 +55,7 @@ let
    concatMapStringsSep
    concatStringsSep
    escapeNixString
+    hasInfix
    isCoercibleToString
    ;
  inherit (lib.trivial)
@ -360,6 +361,11 @@ rec {
      deprecationMessage = "See https://github.com/NixOS/nixpkgs/pull/66346 for better alternative types.";
    };

+    passwdEntry = entryType: addCheck entryType (str: !(hasInfix ":" str || hasInfix "\n" str)) // {
+      name = "passwdEntry ${entryType.name}";
+      description = "${entryType.description}, not containing newlines or colons";
+    };
+
    attrs = mkOptionType {
      name = "attrs";
      description = "attribute set";
--- a/nixos/modules/config/users-groups.nix
+++ b/nixos/modules/config/users-groups.nix
@ -6,12 +6,6 @@ let
  ids = config.ids;
  cfg = config.users;

-  isPasswdCompatible = str: !(hasInfix ":" str || hasInfix "\n" str);
-  passwdEntry = type: lib.types.addCheck type isPasswdCompatible // {
-    name = "passwdEntry ${type.name}";
-    description = "${type.description}, not containing newlines or colons";
-  };
-
  # Check whether a password hash will allow login.
  allowsLogin = hash:
    hash == "" # login without password
@ -60,7 +54,7 @@ let
    options = {

      name = mkOption {
-        type = passwdEntry types.str;
+        type = types.passwdEntry types.str;
        apply = x: assert (builtins.stringLength x < 32 || abort "Username '${x}' is longer than 31 characters which is not allowed!"); x;
        description = ''
          The name of the user account. If undefined, the name of the
@ -69,7 +63,7 @@ let
      };

      description = mkOption {
-        type = passwdEntry types.str;
+        type = types.passwdEntry types.str;
        default = "";
        example = "Alice Q. User";
        description = ''
@ -134,7 +128,7 @@ let
      };

      home = mkOption {
-        type = passwdEntry types.path;
+        type = types.passwdEntry types.path;
        default = "/var/empty";
        description = "The user's home directory.";
      };
@ -169,7 +163,7 @@ let
      };

      shell = mkOption {
-        type = types.nullOr (types.either types.shellPackage (passwdEntry types.path));
+        type = types.nullOr (types.either types.shellPackage (types.passwdEntry types.path));
        default = pkgs.shadow;
        defaultText = literalExpression "pkgs.shadow";
        example = literalExpression "pkgs.bashInteractive";
@ -349,7 +343,7 @@ let
    options = {

      name = mkOption {
-        type = passwdEntry types.str;
+        type = types.passwdEntry types.str;
        description = ''
          The name of the group. If undefined, the name of the attribute set
          will be used.