diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix
index 60906d48ff0c..256c5888cb94 100644
--- a/nixos/modules/config/users-groups.nix
+++ b/nixos/modules/config/users-groups.nix
@@ -426,24 +426,12 @@ in {
options = [ groupOpts ];
};
+ # FIXME: obsolete - will remove.
security.initialRootPassword = mkOption {
type = types.str;
default = "!";
example = "";
- description = ''
- The (hashed) password for the root account set on initial
- installation. The empty string denotes that root can login
- locally without a password (but not via remote services such
- as SSH, or indirectly via su or
- sudo). The string !
- prevents root from logging in using a password.
- Note that setting this option sets
- users.extraUsers.root.hashedPassword.
- Also, if users.mutableUsers is false
- you cannot change the root password manually, so in that case
- the name of this option is a bit misleading, since it will define
- the root password beyond the user initialisation phase.
- '';
+ visible = false;
};
};
@@ -461,7 +449,7 @@ in {
shell = mkDefault cfg.defaultUserShell;
group = "root";
extraGroups = [ "grsecurity" ];
- hashedPassword = mkDefault config.security.initialRootPassword;
+ initialHashedPassword = mkDefault config.security.initialRootPassword;
};
nobody = {
uid = ids.uids.nobody;
diff --git a/nixos/modules/installer/cd-dvd/installation-cd-base.nix b/nixos/modules/installer/cd-dvd/installation-cd-base.nix
index f2a90e8d2ec4..a68581c113fc 100644
--- a/nixos/modules/installer/cd-dvd/installation-cd-base.nix
+++ b/nixos/modules/installer/cd-dvd/installation-cd-base.nix
@@ -49,5 +49,5 @@ with lib;
boot.supportedFilesystems = [ "zfs" "btrfs" ];
# Allow the user to log in as root without a password.
- security.initialRootPassword = "";
+ users.extraUsers.root.initialHashedPassword = "";
}
diff --git a/nixos/modules/testing/test-instrumentation.nix b/nixos/modules/testing/test-instrumentation.nix
index 54a376c9560e..2de978ca1018 100644
--- a/nixos/modules/testing/test-instrumentation.nix
+++ b/nixos/modules/testing/test-instrumentation.nix
@@ -98,7 +98,7 @@ let kernel = config.boot.kernelPackages.kernel; in
networking.usePredictableInterfaceNames = false;
# Make it easy to log in as root when running the test interactively.
- security.initialRootPassword = mkDefault "";
+ users.extraUsers.root.initialHashedPassword = mkDefault "";
};
diff --git a/nixos/modules/virtualisation/amazon-image.nix b/nixos/modules/virtualisation/amazon-image.nix
index 552d787b4478..d175bac3074d 100644
--- a/nixos/modules/virtualisation/amazon-image.nix
+++ b/nixos/modules/virtualisation/amazon-image.nix
@@ -191,10 +191,5 @@ in
environment.systemPackages = [ pkgs.cryptsetup ];
boot.initrd.supportedFilesystems = [ "unionfs-fuse" ];
-
- # Prevent logging in as root without a password. This doesn't really matter,
- # since the only PAM services that allow logging in with a null
- # password are local ones that are inaccessible on EC2 machines.
- security.initialRootPassword = mkDefault "!";
};
}
diff --git a/nixos/modules/virtualisation/docker-image.nix b/nixos/modules/virtualisation/docker-image.nix
index 13b861dc9884..ff276fc86a8e 100644
--- a/nixos/modules/virtualisation/docker-image.nix
+++ b/nixos/modules/virtualisation/docker-image.nix
@@ -38,8 +38,8 @@ in {
'';
- # docker image config
- require = [
+ # Docker image config.
+ imports = [
../installer/cd-dvd/channel.nix
../profiles/minimal.nix
../profiles/clone-config.nix
@@ -47,16 +47,16 @@ in {
boot.isContainer = true;
- # Iptables do not work in docker
+ # Iptables do not work in Docker.
networking.firewall.enable = false;
services.openssh.enable = true;
- # Socket activated ssh presents problem in docker
+ # Socket activated ssh presents problem in Docker.
services.openssh.startWhenNeeded = false;
- # Allow the user to login as root without password
- security.initialRootPassword = "";
+ # Allow the user to login as root without password.
+ users.extraUsers.root.initialHashedPassword = mkDefault "";
# Some more help text.
services.mingetty.helpLine =