forked from mirrors/nixpkgs
Obsolete security.initialPassword
You can now set users.extraUsers.root.initialHashedPassword instead.
This commit is contained in:
parent
f8f787b800
commit
f496c3cbe4
|
@ -426,24 +426,12 @@ in {
|
||||||
options = [ groupOpts ];
|
options = [ groupOpts ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# FIXME: obsolete - will remove.
|
||||||
security.initialRootPassword = mkOption {
|
security.initialRootPassword = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "!";
|
default = "!";
|
||||||
example = "";
|
example = "";
|
||||||
description = ''
|
visible = false;
|
||||||
The (hashed) password for the root account set on initial
|
|
||||||
installation. The empty string denotes that root can login
|
|
||||||
locally without a password (but not via remote services such
|
|
||||||
as SSH, or indirectly via <command>su</command> or
|
|
||||||
<command>sudo</command>). The string <literal>!</literal>
|
|
||||||
prevents root from logging in using a password.
|
|
||||||
Note that setting this option sets
|
|
||||||
<literal>users.extraUsers.root.hashedPassword</literal>.
|
|
||||||
Also, if <literal>users.mutableUsers</literal> is false
|
|
||||||
you cannot change the root password manually, so in that case
|
|
||||||
the name of this option is a bit misleading, since it will define
|
|
||||||
the root password beyond the user initialisation phase.
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
@ -461,7 +449,7 @@ in {
|
||||||
shell = mkDefault cfg.defaultUserShell;
|
shell = mkDefault cfg.defaultUserShell;
|
||||||
group = "root";
|
group = "root";
|
||||||
extraGroups = [ "grsecurity" ];
|
extraGroups = [ "grsecurity" ];
|
||||||
hashedPassword = mkDefault config.security.initialRootPassword;
|
initialHashedPassword = mkDefault config.security.initialRootPassword;
|
||||||
};
|
};
|
||||||
nobody = {
|
nobody = {
|
||||||
uid = ids.uids.nobody;
|
uid = ids.uids.nobody;
|
||||||
|
|
|
@ -49,5 +49,5 @@ with lib;
|
||||||
boot.supportedFilesystems = [ "zfs" "btrfs" ];
|
boot.supportedFilesystems = [ "zfs" "btrfs" ];
|
||||||
|
|
||||||
# Allow the user to log in as root without a password.
|
# Allow the user to log in as root without a password.
|
||||||
security.initialRootPassword = "";
|
users.extraUsers.root.initialHashedPassword = "";
|
||||||
}
|
}
|
||||||
|
|
|
@ -98,7 +98,7 @@ let kernel = config.boot.kernelPackages.kernel; in
|
||||||
networking.usePredictableInterfaceNames = false;
|
networking.usePredictableInterfaceNames = false;
|
||||||
|
|
||||||
# Make it easy to log in as root when running the test interactively.
|
# Make it easy to log in as root when running the test interactively.
|
||||||
security.initialRootPassword = mkDefault "";
|
users.extraUsers.root.initialHashedPassword = mkDefault "";
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -191,10 +191,5 @@ in
|
||||||
environment.systemPackages = [ pkgs.cryptsetup ];
|
environment.systemPackages = [ pkgs.cryptsetup ];
|
||||||
|
|
||||||
boot.initrd.supportedFilesystems = [ "unionfs-fuse" ];
|
boot.initrd.supportedFilesystems = [ "unionfs-fuse" ];
|
||||||
|
|
||||||
# Prevent logging in as root without a password. This doesn't really matter,
|
|
||||||
# since the only PAM services that allow logging in with a null
|
|
||||||
# password are local ones that are inaccessible on EC2 machines.
|
|
||||||
security.initialRootPassword = mkDefault "!";
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -38,8 +38,8 @@ in {
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
|
||||||
# docker image config
|
# Docker image config.
|
||||||
require = [
|
imports = [
|
||||||
../installer/cd-dvd/channel.nix
|
../installer/cd-dvd/channel.nix
|
||||||
../profiles/minimal.nix
|
../profiles/minimal.nix
|
||||||
../profiles/clone-config.nix
|
../profiles/clone-config.nix
|
||||||
|
@ -47,16 +47,16 @@ in {
|
||||||
|
|
||||||
boot.isContainer = true;
|
boot.isContainer = true;
|
||||||
|
|
||||||
# Iptables do not work in docker
|
# Iptables do not work in Docker.
|
||||||
networking.firewall.enable = false;
|
networking.firewall.enable = false;
|
||||||
|
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
|
|
||||||
# Socket activated ssh presents problem in docker
|
# Socket activated ssh presents problem in Docker.
|
||||||
services.openssh.startWhenNeeded = false;
|
services.openssh.startWhenNeeded = false;
|
||||||
|
|
||||||
# Allow the user to login as root without password
|
# Allow the user to login as root without password.
|
||||||
security.initialRootPassword = "";
|
users.extraUsers.root.initialHashedPassword = mkDefault "";
|
||||||
|
|
||||||
# Some more help text.
|
# Some more help text.
|
||||||
services.mingetty.helpLine =
|
services.mingetty.helpLine =
|
||||||
|
|
Loading…
Reference in a new issue