Merge pull request #200720 from kaldonir/dynamic-motd

pam: Allow backing the MOTD with a file
2022-12-17 00:35:08 +01:00 · 2022-12-17 00:35:08 +01:00 · 810e9ccfda
commit 810e9ccfda
parent 08e1964458 e6c6e41649
3 changed files with 27 additions and 2 deletions
--- a/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml
@ -245,6 +245,13 @@
          <link xlink:href="https://search.nixos.org/packages?channel=unstable&amp;show=utm&amp;from=0&amp;size=1&amp;sort=relevance&amp;type=packages&amp;query=utm">package</link>.
        </para>
      </listitem>
+      <listitem>
+        <para>
+          The new option <literal>users.motdFile</literal> allows
+          configuring a Message Of The Day that can be updated
+          dynamically.
+        </para>
+      </listitem>
      <listitem>
        <para>
          Resilio sync secret keys can now be provided using a secrets
--- a/nixos/doc/manual/release-notes/rl-2305.section.md
+++ b/nixos/doc/manual/release-notes/rl-2305.section.md
@ -72,6 +72,8 @@ In addition to numerous new and upgraded packages, this release has the followin

 - A new `virtualisation.rosetta` module was added to allow running `x86_64` binaries through [Rosetta](https://developer.apple.com/documentation/apple-silicon/about-the-rosetta-translation-environment) inside virtualised NixOS guests on Apple silicon. This feature works by default with the [UTM](https://docs.getutm.app/) virtualisation [package](https://search.nixos.org/packages?channel=unstable&show=utm&from=0&size=1&sort=relevance&type=packages&query=utm).

+- The new option `users.motdFile` allows configuring a Message Of The Day that can be updated dynamically.
+
 - Resilio sync secret keys can now be provided using a secrets file at runtime, preventing these secrets from ending up in the Nix store.

 - The `services.fwupd` module now allows arbitrary daemon settings to be configured in a structured manner ([`services.fwupd.daemonSettings`](#opt-services.fwupd.daemonSettings)).
--- a/nixos/modules/security/pam.nix
+++ b/nixos/modules/security/pam.nix
@ -694,7 +694,7 @@ let
          optionalString (cfg.limits != []) ''
            session required ${pkgs.pam}/lib/security/pam_limits.so conf=${makeLimitsConf cfg.limits}
          '' +
-          optionalString (cfg.showMotd && config.users.motd != null) ''
+          optionalString (cfg.showMotd && (config.users.motd != null || config.users.motdFile != null)) ''
            session optional ${pkgs.pam}/lib/security/pam_motd.so motd=${motd}
          '' +
          optionalString (cfg.enableAppArmor && config.security.apparmor.enable) ''
@ -775,7 +775,9 @@ let
    };
  }));

-  motd = pkgs.writeText "motd" config.users.motd;
+  motd = if isNull config.users.motdFile
+         then pkgs.writeText "motd" config.users.motd
+         else config.users.motdFile;

  makePAMService = name: service:
    { name = "pam.d/${name}";
@ -1199,12 +1201,26 @@ in
      description = lib.mdDoc "Message of the day shown to users when they log in.";
    };

+    users.motdFile = mkOption {
+      default = null;
+      example = "/etc/motd";
+      type = types.nullOr types.path;
+      description = lib.mdDoc "A file containing the message of the day shown to users when they log in.";
+    };
  };


  ###### implementation

  config = {
+    assertions = [
+      {
+        assertion = isNull config.users.motd || isNull config.users.motdFile;
+        message = ''
+          Only one of users.motd and users.motdFile can be set.
+        '';
+      }
+    ];

    environment.systemPackages =
      # Include the PAM modules in the system path mostly for the manpages.