yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

clanModules/root-password: Add inventory feature

Browse Source
This commit is contained in:
a-kenji
2025-02-02 12:49:31 +07:00
committed by kenji
parent 83169dc93e
commit c7e9bfbefe
3 changed files with 64 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
clanModules/user-password/README.md
View File

@@ -1,5 +1,7 @@
--- ---
description = "Automatically generates and configures a password for the specified user account." description = "Automatically generates and configures a password for the specified user account."
categories = ["System"]
features = ["inventory"]
--- ---
If setting the option prompt to true, the user will be prompted to type in their desired password. If setting the option prompt to true, the user will be prompted to type in their desired password.

60
clanModules/user-password/default.nix
View File

@@ -1,58 +1,6 @@
# Dont import this file
# It is only here for backwards compatibility.
# Dont author new modules with this file.
{ {
pkgs, imports = [ ./roles/default.nix ];
config,
lib,
...
}:
let
cfg = config.clan.user-password;
in
{
options.clan.user-password = {
user = lib.mkOption {
type = lib.types.str;
example = "alice";
description = "The user the password should be generated for.";
};
prompt = lib.mkOption {
type = lib.types.bool;
default = true;
example = false;
description = "Whether the user should be prompted.";
};
};
config = {
users.mutableUsers = false;
users.users.${cfg.user} = {
hashedPasswordFile = config.clan.core.facts.services.user-password.secret.user-password-hash.path;
isNormalUser = lib.mkDefault true;
};
sops.secrets = lib.mkIf (config.clan.core.facts.secretStore == "sops") {
"${config.clan.core.settings.machine.name}-user-password-hash".neededForUsers = true;
};
clan.core.facts.services.user-password = {
secret.user-password = { };
secret.user-password-hash = { };
generator.prompt = (
lib.mkIf config.clan.user-password.prompt "Set the password for your user '${config.clan.user-password.user}'.
You can autogenerate a password, if you leave this prompt blank."
);
generator.path = with pkgs; [
coreutils
xkcdpass
mkpasswd
];
generator.script = ''
if [[ -n ''${prompt_value-} ]]; then
echo $prompt_value | tr -d "\n" > $secrets/user-password
else
xkcdpass --numwords 3 --delimiter - --count 1 | tr -d "\n" > $secrets/user-password
fi
cat $secrets/user-password | mkpasswd -s -m sha-512 | tr -d "\n" > $secrets/user-password-hash
'';
};
};
} }

58
clanModules/user-password/roles/default.nix Normal file
View File

@@ -0,0 +1,58 @@
{
pkgs,
config,
lib,
...
}:
let
cfg = config.clan.user-password;
in
{
options.clan.user-password = {
user = lib.mkOption {
type = lib.types.str;
example = "alice";
description = "The user the password should be generated for.";
};
prompt = lib.mkOption {
type = lib.types.bool;
default = true;
example = false;
description = "Whether the user should be prompted.";
};
};
config = {
users.mutableUsers = false;
users.users.${cfg.user} = {
hashedPasswordFile = config.clan.core.facts.services.user-password.secret.user-password-hash.path;
isNormalUser = lib.mkDefault true;
};
sops.secrets = lib.mkIf (config.clan.core.facts.secretStore == "sops") {
"${config.clan.core.settings.machine.name}-user-password-hash".neededForUsers = true;
};
clan.core.facts.services.user-password = {
secret.user-password = { };
secret.user-password-hash = { };
generator.prompt = (
lib.mkIf config.clan.user-password.prompt "Set the password for your user '${config.clan.user-password.user}'.
You can autogenerate a password, if you leave this prompt blank."
);
generator.path = with pkgs; [
coreutils
xkcdpass
mkpasswd
];
generator.script = ''
if [[ -n ''${prompt_value-} ]]; then
echo $prompt_value | tr -d "\n" > $secrets/user-password
else
xkcdpass --numwords 3 --delimiter - --count 1 | tr -d "\n" > $secrets/user-password
fi
cat $secrets/user-password | mkpasswd -s -m sha-512 | tr -d "\n" > $secrets/user-password-hash
'';
};
};
}