revert bd3861c580

revert Merge pull request 'Remove clanModules/*' (#4202) from remove-modules into main Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/4202 See: https://git.clan.lol/clan/clan-core/issues/4365 Not all modules are migrated. If they are not migrated, we need to write migration docs and please display the link to the migration docs
2025-07-15 17:51:36 +00:00
parent 9bb366cdd7
commit 341f444fa0
136 changed files with 5488 additions and 40 deletions
--- a/clanModules/user-password/README.md
+++ b/clanModules/user-password/README.md
@@ -0,0 +1,24 @@
+---
+description = "Automatically generates and configures a password for the specified user account."
+categories = ["System"]
+features = ["inventory", "deprecated"]
+---
+
+If setting the option prompt to true, the user will be prompted to type in their desired password.
+
+!!! Note
+    This module will set `mutableUsers` to `false`, meaning you can not manage user passwords through `passwd` anymore.
+
+
+After the system was installed/deployed the following command can be used to display the user-password:
+
+```bash
+clan vars get [machine_name] root-password/root-password
+```
+
+See also: [Vars](../../guides/vars-backend.md)
+
+To regenerate the password run:
+```
+clan vars generate --regenerate [machine_name] --generator user-password
+```
--- a/clanModules/user-password/default.nix
+++ b/clanModules/user-password/default.nix
@@ -0,0 +1,6 @@
+# Dont import this file
+# It is only here for backwards compatibility.
+# Dont author new modules with this file.
+{
+  imports = [ ./roles/default.nix ];
+}
--- a/clanModules/user-password/roles/default.nix
+++ b/clanModules/user-password/roles/default.nix
@@ -0,0 +1,68 @@
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
+let
+  cfg = config.clan.user-password;
+in
+{
+  options.clan.user-password = {
+    user = lib.mkOption {
+      type = lib.types.str;
+      example = "alice";
+      description = "The user the password should be generated for.";
+    };
+    prompt = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      example = false;
+      description = ''
+        Whether the user should be prompted
+        If disabled, will autogenerate the password without prompting.
+      '';
+    };
+  };
+
+  config = {
+
+    warnings = [
+      "The clan.user-password module is deprecated and will be removed on 2025-07-15.
+      Please migrate to user-maintained configuration or the new equivalent clan services
+      (https://docs.clan.lol/reference/clanServices)."
+    ];
+
+    users.mutableUsers = false;
+    users.users.${cfg.user} = {
+      hashedPasswordFile = config.clan.core.vars.generators.user-password.files.user-password-hash.path;
+      isNormalUser = lib.mkDefault true;
+    };
+
+    clan.core.vars.generators.user-password = {
+      files.user-password-hash.neededFor = "users";
+      files.user-password-hash.restartUnits = lib.optional (config.services.userborn.enable) "userborn.service";
+
+      prompts.user-password.type = "hidden";
+      prompts.user-password.persist = true;
+      prompts.user-password.description = "You can autogenerate a password, if you leave this prompt blank.";
+      files.user-password.deploy = false;
+
+      migrateFact = "user-password";
+      runtimeInputs = [
+        pkgs.coreutils
+        pkgs.xkcdpass
+        pkgs.mkpasswd
+      ];
+      script = ''
+        prompt_value=$(cat "$prompts"/user-password)
+        if [[ -n "''${prompt_value-}" ]]; then
+          echo "$prompt_value" | tr -d "\n" > "$out"/user-password
+        else
+          xkcdpass --numwords 4 --delimiter - --count 1 | tr -d "\n" > "$out"/user-password
+        fi
+        mkpasswd -s -m sha-512 < "$out"/user-password | tr -d "\n" > "$out"/user-password-hash
+      '';
+    };
+  };
+}