Loading nixos/modules/config/users-groups.nix +14 −3 Original line number Diff line number Diff line Loading @@ -606,6 +606,14 @@ in { defaultText = literalExpression "config.users.users.\${name}.group"; default = cfg.users.${name}.group; }; options.shell = mkOption { type = types.passwdEntry types.path; description = '' The path to the user's shell in initrd. ''; default = "${pkgs.shadow}/bin/nologin"; defaultText = literalExpression "\${pkgs.shadow}/bin/nologin"; }; })); }; Loading Loading @@ -750,17 +758,20 @@ in { boot.initrd.systemd = lib.mkIf config.boot.initrd.systemd.enable { contents = { "/etc/passwd".text = '' ${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: { uid, group }: let ${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: { uid, group, shell }: let g = config.boot.initrd.systemd.groups.${group}; in "${n}:x:${toString uid}:${toString g.gid}::/var/empty:") config.boot.initrd.systemd.users)} in "${n}:x:${toString uid}:${toString g.gid}::/var/empty:${shell}") config.boot.initrd.systemd.users)} ''; "/etc/group".text = '' ${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: { gid }: "${n}:x:${toString gid}:") config.boot.initrd.systemd.groups)} ''; "/etc/shells".text = lib.concatStringsSep "\n" (lib.unique (lib.mapAttrsToList (_: u: u.shell) config.boot.initrd.systemd.users)) + "\n"; }; storePaths = [ "${pkgs.shadow}/bin/nologin" ]; users = { root = {}; root = { shell = lib.mkDefault "/bin/bash"; }; nobody = {}; }; Loading nixos/modules/system/boot/initrd-ssh.nix +6 −5 Original line number Diff line number Diff line Loading @@ -164,13 +164,12 @@ in for instructions. ''; } { assertion = config.boot.initrd.systemd.enable -> cfg.shell == null; message = "systemd stage 1 does not support boot.initrd.network.ssh.shell"; } ]; warnings = lib.optional (config.boot.initrd.systemd.enable -> cfg.shell != null) '' Please set 'boot.initrd.systemd.users.root.shell' instead of 'boot.initrd.network.ssh.shell' ''; boot.initrd.extraUtilsCommands = mkIf (!config.boot.initrd.systemd.enable) '' copy_bin_and_libs ${package}/bin/sshd cp -pv ${pkgs.glibc.out}/lib/libnss_files.so.* $out/lib Loading Loading @@ -235,6 +234,8 @@ in users.sshd = { uid = 1; group = "sshd"; }; groups.sshd = { gid = 1; }; users.root.shell = mkIf (config.boot.initrd.network.ssh.shell != null) config.boot.initrd.network.ssh.shell; contents."/etc/ssh/authorized_keys.d/root".text = concatStringsSep "\n" config.boot.initrd.network.ssh.authorizedKeys; contents."/etc/ssh/sshd_config".text = sshdConfig; Loading Loading
nixos/modules/config/users-groups.nix +14 −3 Original line number Diff line number Diff line Loading @@ -606,6 +606,14 @@ in { defaultText = literalExpression "config.users.users.\${name}.group"; default = cfg.users.${name}.group; }; options.shell = mkOption { type = types.passwdEntry types.path; description = '' The path to the user's shell in initrd. ''; default = "${pkgs.shadow}/bin/nologin"; defaultText = literalExpression "\${pkgs.shadow}/bin/nologin"; }; })); }; Loading Loading @@ -750,17 +758,20 @@ in { boot.initrd.systemd = lib.mkIf config.boot.initrd.systemd.enable { contents = { "/etc/passwd".text = '' ${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: { uid, group }: let ${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: { uid, group, shell }: let g = config.boot.initrd.systemd.groups.${group}; in "${n}:x:${toString uid}:${toString g.gid}::/var/empty:") config.boot.initrd.systemd.users)} in "${n}:x:${toString uid}:${toString g.gid}::/var/empty:${shell}") config.boot.initrd.systemd.users)} ''; "/etc/group".text = '' ${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: { gid }: "${n}:x:${toString gid}:") config.boot.initrd.systemd.groups)} ''; "/etc/shells".text = lib.concatStringsSep "\n" (lib.unique (lib.mapAttrsToList (_: u: u.shell) config.boot.initrd.systemd.users)) + "\n"; }; storePaths = [ "${pkgs.shadow}/bin/nologin" ]; users = { root = {}; root = { shell = lib.mkDefault "/bin/bash"; }; nobody = {}; }; Loading
nixos/modules/system/boot/initrd-ssh.nix +6 −5 Original line number Diff line number Diff line Loading @@ -164,13 +164,12 @@ in for instructions. ''; } { assertion = config.boot.initrd.systemd.enable -> cfg.shell == null; message = "systemd stage 1 does not support boot.initrd.network.ssh.shell"; } ]; warnings = lib.optional (config.boot.initrd.systemd.enable -> cfg.shell != null) '' Please set 'boot.initrd.systemd.users.root.shell' instead of 'boot.initrd.network.ssh.shell' ''; boot.initrd.extraUtilsCommands = mkIf (!config.boot.initrd.systemd.enable) '' copy_bin_and_libs ${package}/bin/sshd cp -pv ${pkgs.glibc.out}/lib/libnss_files.so.* $out/lib Loading Loading @@ -235,6 +234,8 @@ in users.sshd = { uid = 1; group = "sshd"; }; groups.sshd = { gid = 1; }; users.root.shell = mkIf (config.boot.initrd.network.ssh.shell != null) config.boot.initrd.network.ssh.shell; contents."/etc/ssh/authorized_keys.d/root".text = concatStringsSep "\n" config.boot.initrd.network.ssh.authorizedKeys; contents."/etc/ssh/sshd_config".text = sshdConfig; Loading
