Merge: nixos/users-groups: dump values of password options if multiple options...

    attrNames

    attrValues

    concatMap

    concatMapStringsSep

    concatStrings

    elem

    filter

    flatten

    flip

    foldr

    generators

    getAttr

    hasAttr

    id

    warnings =

      flip concatMap (attrValues cfg.users) (user: let

        unambiguousPasswordConfiguration = 1 >= length (filter (x: x != null) ([

          user.hashedPassword

          user.hashedPasswordFile

          user.password

        passwordOptions = [

          "hashedPassword"

          "hashedPasswordFile"

          "password"

        ] ++ optionals cfg.mutableUsers [

          # For immutable users, initialHashedPassword is set to hashedPassword,

          # so using these options would always trigger the assertion.

          user.initialHashedPassword

          user.initialPassword

        ]));

          "initialHashedPassword"

          "initialPassword"

        ];

        unambiguousPasswordConfiguration = 1 >= length

          (filter (x: x != null) (map (flip getAttr user) passwordOptions));

      in optional (!unambiguousPasswordConfiguration) ''

        The user '${user.name}' has multiple of the options

        `hashedPassword`, `password`, `hashedPasswordFile`, `initialPassword`

        The options silently discard others by the order of precedence

        given above which can lead to surprising results. To resolve this warning,

        set at most one of the options above to a non-`null` value.

        The values of these options are:

        ${concatMapStringsSep

          "\n"

          (value:

            "* users.users.\"${user.name}\".${value}: ${generators.toPretty {} user.${value}}")

          passwordOptions}

      '')

      ++ filter (x: x != null) (

        flip mapAttrsToList cfg.users (_: user: