systemd-stage-1: Support for user shells

This commit is contained in:
Will Fancher 2023-10-21 13:24:16 -04:00
parent 7c9cc5a6e5
commit 22325ce016
2 changed files with 20 additions and 8 deletions

View file

@ -606,6 +606,14 @@ in {
defaultText = literalExpression "config.users.users.\${name}.group"; defaultText = literalExpression "config.users.users.\${name}.group";
default = cfg.users.${name}.group; default = cfg.users.${name}.group;
}; };
options.shell = mkOption {
type = types.passwdEntry types.path;
description = ''
The path to the user's shell in initrd.
'';
default = "${pkgs.shadow}/bin/nologin";
defaultText = literalExpression "\${pkgs.shadow}/bin/nologin";
};
})); }));
}; };
@ -750,17 +758,20 @@ in {
boot.initrd.systemd = lib.mkIf config.boot.initrd.systemd.enable { boot.initrd.systemd = lib.mkIf config.boot.initrd.systemd.enable {
contents = { contents = {
"/etc/passwd".text = '' "/etc/passwd".text = ''
${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: { uid, group }: let ${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: { uid, group, shell }: let
g = config.boot.initrd.systemd.groups.${group}; g = config.boot.initrd.systemd.groups.${group};
in "${n}:x:${toString uid}:${toString g.gid}::/var/empty:") config.boot.initrd.systemd.users)} in "${n}:x:${toString uid}:${toString g.gid}::/var/empty:${shell}") config.boot.initrd.systemd.users)}
''; '';
"/etc/group".text = '' "/etc/group".text = ''
${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: { gid }: "${n}:x:${toString gid}:") config.boot.initrd.systemd.groups)} ${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: { gid }: "${n}:x:${toString gid}:") config.boot.initrd.systemd.groups)}
''; '';
"/etc/shells".text = lib.concatStringsSep "\n" (lib.unique (lib.mapAttrsToList (_: u: u.shell) config.boot.initrd.systemd.users)) + "\n";
}; };
storePaths = [ "${pkgs.shadow}/bin/nologin" ];
users = { users = {
root = {}; root = { shell = lib.mkDefault "/bin/bash"; };
nobody = {}; nobody = {};
}; };

View file

@ -164,13 +164,12 @@ in
for instructions. for instructions.
''; '';
} }
{
assertion = config.boot.initrd.systemd.enable -> cfg.shell == null;
message = "systemd stage 1 does not support boot.initrd.network.ssh.shell";
}
]; ];
warnings = lib.optional (config.boot.initrd.systemd.enable -> cfg.shell != null) ''
Please set 'boot.initrd.systemd.users.root.shell' instead of 'boot.initrd.network.ssh.shell'
'';
boot.initrd.extraUtilsCommands = mkIf (!config.boot.initrd.systemd.enable) '' boot.initrd.extraUtilsCommands = mkIf (!config.boot.initrd.systemd.enable) ''
copy_bin_and_libs ${package}/bin/sshd copy_bin_and_libs ${package}/bin/sshd
cp -pv ${pkgs.glibc.out}/lib/libnss_files.so.* $out/lib cp -pv ${pkgs.glibc.out}/lib/libnss_files.so.* $out/lib
@ -235,6 +234,8 @@ in
users.sshd = { uid = 1; group = "sshd"; }; users.sshd = { uid = 1; group = "sshd"; };
groups.sshd = { gid = 1; }; groups.sshd = { gid = 1; };
users.root.shell = mkIf (config.boot.initrd.network.ssh.shell != null) config.boot.initrd.network.ssh.shell;
contents."/etc/ssh/authorized_keys.d/root".text = contents."/etc/ssh/authorized_keys.d/root".text =
concatStringsSep "\n" config.boot.initrd.network.ssh.authorizedKeys; concatStringsSep "\n" config.boot.initrd.network.ssh.authorizedKeys;
contents."/etc/ssh/sshd_config".text = sshdConfig; contents."/etc/ssh/sshd_config".text = sshdConfig;