diff --git a/clanModules/user-password/README.md b/clanModules/user-password/README.md index fb361fbf6..15707ed40 100644 --- a/clanModules/user-password/README.md +++ b/clanModules/user-password/README.md @@ -1,5 +1,7 @@ --- description = "Automatically generates and configures a password for the specified user account." +categories = ["System"] +features = ["inventory"] --- If setting the option prompt to true, the user will be prompted to type in their desired password. diff --git a/clanModules/user-password/default.nix b/clanModules/user-password/default.nix index 296dbb733..ed6af3368 100644 --- a/clanModules/user-password/default.nix +++ b/clanModules/user-password/default.nix @@ -1,58 +1,6 @@ +# Dont import this file +# It is only here for backwards compatibility. +# Dont author new modules with this file. { - pkgs, - config, - lib, - ... -}: -let - cfg = config.clan.user-password; -in -{ - options.clan.user-password = { - user = lib.mkOption { - type = lib.types.str; - example = "alice"; - description = "The user the password should be generated for."; - }; - prompt = lib.mkOption { - type = lib.types.bool; - default = true; - example = false; - description = "Whether the user should be prompted."; - }; - }; - - config = { - users.mutableUsers = false; - users.users.${cfg.user} = { - hashedPasswordFile = config.clan.core.facts.services.user-password.secret.user-password-hash.path; - isNormalUser = lib.mkDefault true; - }; - - sops.secrets = lib.mkIf (config.clan.core.facts.secretStore == "sops") { - "${config.clan.core.settings.machine.name}-user-password-hash".neededForUsers = true; - }; - - clan.core.facts.services.user-password = { - secret.user-password = { }; - secret.user-password-hash = { }; - generator.prompt = ( - lib.mkIf config.clan.user-password.prompt "Set the password for your user '${config.clan.user-password.user}'. - You can autogenerate a password, if you leave this prompt blank." - ); - generator.path = with pkgs; [ - coreutils - xkcdpass - mkpasswd - ]; - generator.script = '' - if [[ -n ''${prompt_value-} ]]; then - echo $prompt_value | tr -d "\n" > $secrets/user-password - else - xkcdpass --numwords 3 --delimiter - --count 1 | tr -d "\n" > $secrets/user-password - fi - cat $secrets/user-password | mkpasswd -s -m sha-512 | tr -d "\n" > $secrets/user-password-hash - ''; - }; - }; + imports = [ ./roles/default.nix ]; } diff --git a/clanModules/user-password/roles/default.nix b/clanModules/user-password/roles/default.nix new file mode 100644 index 000000000..296dbb733 --- /dev/null +++ b/clanModules/user-password/roles/default.nix @@ -0,0 +1,58 @@ +{ + pkgs, + config, + lib, + ... +}: +let + cfg = config.clan.user-password; +in +{ + options.clan.user-password = { + user = lib.mkOption { + type = lib.types.str; + example = "alice"; + description = "The user the password should be generated for."; + }; + prompt = lib.mkOption { + type = lib.types.bool; + default = true; + example = false; + description = "Whether the user should be prompted."; + }; + }; + + config = { + users.mutableUsers = false; + users.users.${cfg.user} = { + hashedPasswordFile = config.clan.core.facts.services.user-password.secret.user-password-hash.path; + isNormalUser = lib.mkDefault true; + }; + + sops.secrets = lib.mkIf (config.clan.core.facts.secretStore == "sops") { + "${config.clan.core.settings.machine.name}-user-password-hash".neededForUsers = true; + }; + + clan.core.facts.services.user-password = { + secret.user-password = { }; + secret.user-password-hash = { }; + generator.prompt = ( + lib.mkIf config.clan.user-password.prompt "Set the password for your user '${config.clan.user-password.user}'. + You can autogenerate a password, if you leave this prompt blank." + ); + generator.path = with pkgs; [ + coreutils + xkcdpass + mkpasswd + ]; + generator.script = '' + if [[ -n ''${prompt_value-} ]]; then + echo $prompt_value | tr -d "\n" > $secrets/user-password + else + xkcdpass --numwords 3 --delimiter - --count 1 | tr -d "\n" > $secrets/user-password + fi + cat $secrets/user-password | mkpasswd -s -m sha-512 | tr -d "\n" > $secrets/user-password-hash + ''; + }; + }; +}