systemd-stage-1: Support for user shells
This commit is contained in:
parent
7c9cc5a6e5
commit
22325ce016
2 changed files with 20 additions and 8 deletions
|
@ -606,6 +606,14 @@ in {
|
||||||
defaultText = literalExpression "config.users.users.\${name}.group";
|
defaultText = literalExpression "config.users.users.\${name}.group";
|
||||||
default = cfg.users.${name}.group;
|
default = cfg.users.${name}.group;
|
||||||
};
|
};
|
||||||
|
options.shell = mkOption {
|
||||||
|
type = types.passwdEntry types.path;
|
||||||
|
description = ''
|
||||||
|
The path to the user's shell in initrd.
|
||||||
|
'';
|
||||||
|
default = "${pkgs.shadow}/bin/nologin";
|
||||||
|
defaultText = literalExpression "\${pkgs.shadow}/bin/nologin";
|
||||||
|
};
|
||||||
}));
|
}));
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -750,17 +758,20 @@ in {
|
||||||
boot.initrd.systemd = lib.mkIf config.boot.initrd.systemd.enable {
|
boot.initrd.systemd = lib.mkIf config.boot.initrd.systemd.enable {
|
||||||
contents = {
|
contents = {
|
||||||
"/etc/passwd".text = ''
|
"/etc/passwd".text = ''
|
||||||
${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: { uid, group }: let
|
${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: { uid, group, shell }: let
|
||||||
g = config.boot.initrd.systemd.groups.${group};
|
g = config.boot.initrd.systemd.groups.${group};
|
||||||
in "${n}:x:${toString uid}:${toString g.gid}::/var/empty:") config.boot.initrd.systemd.users)}
|
in "${n}:x:${toString uid}:${toString g.gid}::/var/empty:${shell}") config.boot.initrd.systemd.users)}
|
||||||
'';
|
'';
|
||||||
"/etc/group".text = ''
|
"/etc/group".text = ''
|
||||||
${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: { gid }: "${n}:x:${toString gid}:") config.boot.initrd.systemd.groups)}
|
${lib.concatStringsSep "\n" (lib.mapAttrsToList (n: { gid }: "${n}:x:${toString gid}:") config.boot.initrd.systemd.groups)}
|
||||||
'';
|
'';
|
||||||
|
"/etc/shells".text = lib.concatStringsSep "\n" (lib.unique (lib.mapAttrsToList (_: u: u.shell) config.boot.initrd.systemd.users)) + "\n";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
storePaths = [ "${pkgs.shadow}/bin/nologin" ];
|
||||||
|
|
||||||
users = {
|
users = {
|
||||||
root = {};
|
root = { shell = lib.mkDefault "/bin/bash"; };
|
||||||
nobody = {};
|
nobody = {};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -164,13 +164,12 @@ in
|
||||||
for instructions.
|
for instructions.
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
|
|
||||||
{
|
|
||||||
assertion = config.boot.initrd.systemd.enable -> cfg.shell == null;
|
|
||||||
message = "systemd stage 1 does not support boot.initrd.network.ssh.shell";
|
|
||||||
}
|
|
||||||
];
|
];
|
||||||
|
|
||||||
|
warnings = lib.optional (config.boot.initrd.systemd.enable -> cfg.shell != null) ''
|
||||||
|
Please set 'boot.initrd.systemd.users.root.shell' instead of 'boot.initrd.network.ssh.shell'
|
||||||
|
'';
|
||||||
|
|
||||||
boot.initrd.extraUtilsCommands = mkIf (!config.boot.initrd.systemd.enable) ''
|
boot.initrd.extraUtilsCommands = mkIf (!config.boot.initrd.systemd.enable) ''
|
||||||
copy_bin_and_libs ${package}/bin/sshd
|
copy_bin_and_libs ${package}/bin/sshd
|
||||||
cp -pv ${pkgs.glibc.out}/lib/libnss_files.so.* $out/lib
|
cp -pv ${pkgs.glibc.out}/lib/libnss_files.so.* $out/lib
|
||||||
|
@ -235,6 +234,8 @@ in
|
||||||
users.sshd = { uid = 1; group = "sshd"; };
|
users.sshd = { uid = 1; group = "sshd"; };
|
||||||
groups.sshd = { gid = 1; };
|
groups.sshd = { gid = 1; };
|
||||||
|
|
||||||
|
users.root.shell = mkIf (config.boot.initrd.network.ssh.shell != null) config.boot.initrd.network.ssh.shell;
|
||||||
|
|
||||||
contents."/etc/ssh/authorized_keys.d/root".text =
|
contents."/etc/ssh/authorized_keys.d/root".text =
|
||||||
concatStringsSep "\n" config.boot.initrd.network.ssh.authorizedKeys;
|
concatStringsSep "\n" config.boot.initrd.network.ssh.authorizedKeys;
|
||||||
contents."/etc/ssh/sshd_config".text = sshdConfig;
|
contents."/etc/ssh/sshd_config".text = sshdConfig;
|
||||||
|
|
Loading…
Reference in a new issue