Unverified Commit cce9aef6 authored by Florian Klink's avatar Florian Klink Committed by GitHub
Browse files

Merge pull request #334337 from eduarrrd/eaccess-null 

nixos/systemd/initrd: Fix emergencyAccess to work with `null`.
parents 082b3c6c b33bf6b9

nixos/modules/system/boot/systemd/initrd.nix

+8 −3
Original line number Diff line number Diff line
@@ -233,8 +233,8 @@ in { 
    emergencyAccess = mkOption {

      type = with types; oneOf [ bool (nullOr (passwdEntry str)) ];

      description = ''

        Set to true for unauthenticated emergency access, and false for

        no emergency access.

        Set to true for unauthenticated emergency access, and false or

        null for no emergency access.



        Can also be set to a hashed super user password to allow

        authenticated access to the emergency mode.
@@ -436,7 +436,12 @@ in { 
        # We can use either ! or * to lock the root account in the

        # console, but some software like OpenSSH won't even allow you

        # to log in with an SSH key if you use ! so we use * instead

        "/etc/shadow".text = "root:${if isBool cfg.emergencyAccess then optionalString (!cfg.emergencyAccess) "*" else cfg.emergencyAccess}:::::::";

        "/etc/shadow".text = let

          ea = cfg.emergencyAccess;

          access = ea != null && !(isBool ea && !ea);

          passwd = if isString ea then ea else "";

        in

          "root:${if access then passwd else "*"}:::::::";



        "/bin".source = "${initrdBinEnv}/bin";

        "/sbin".source = "${initrdBinEnv}/sbin";