yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Files
998aaec269e4502b51f11966f0b8b0397ed7fc81
clan-core/clanModules/user-password/roles/default.nix
hsjobeki 341f444fa0 revert bd3861c580 
revert Merge pull request 'Remove clanModules/*' (#4202) from remove-modules into main

Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/4202

See: https://git.clan.lol/clan/clan-core/issues/4365

Not all modules are migrated.
If they are not migrated, we need to write migration docs and please display the link to the migration docs
2025-07-15 17:51:36 +00:00

69 lines
2.0 KiB
Nix
Raw Blame History

{
pkgs,
config,
lib,
...
}:
let
cfg = config.clan.user-password;
in
{
options.clan.user-password = {
user = lib.mkOption {
type = lib.types.str;
example = "alice";
description = "The user the password should be generated for.";
};
prompt = lib.mkOption {
type = lib.types.bool;
default = true;
example = false;
description = ''
Whether the user should be prompted
If disabled, will autogenerate the password without prompting.
'';
};
};
config = {
warnings = [
"The clan.user-password module is deprecated and will be removed on 2025-07-15.
Please migrate to user-maintained configuration or the new equivalent clan services
(https://docs.clan.lol/reference/clanServices)."
];
users.mutableUsers = false;
users.users.${cfg.user} = {
hashedPasswordFile = config.clan.core.vars.generators.user-password.files.user-password-hash.path;
isNormalUser = lib.mkDefault true;
};
clan.core.vars.generators.user-password = {
files.user-password-hash.neededFor = "users";
files.user-password-hash.restartUnits = lib.optional (config.services.userborn.enable) "userborn.service";
prompts.user-password.type = "hidden";
prompts.user-password.persist = true;
prompts.user-password.description = "You can autogenerate a password, if you leave this prompt blank.";
files.user-password.deploy = false;
migrateFact = "user-password";
runtimeInputs = [
pkgs.coreutils
pkgs.xkcdpass
pkgs.mkpasswd
];
script = ''
prompt_value=$(cat "$prompts"/user-password)
if [[ -n "''${prompt_value-}" ]]; then
echo "$prompt_value" | tr -d "\n" > "$out"/user-password
else
xkcdpass --numwords 4 --delimiter - --count 1 | tr -d "\n" > "$out"/user-password
fi
mkpasswd -s -m sha-512 < "$out"/user-password | tr -d "\n" > "$out"/user-password-hash
'';
};
};
}
Reference in New Issue View Git Blame Copy Permalink