diff options
| author | Galen Abell <galen@galenabell.com> | 2020-03-06 17:27:47 +0000 |
|---|---|---|
| committer | lewo <lewo@abesis.fr> | 2020-03-06 17:27:47 +0000 |
| commit | 6563abc1c45de0d9e6b02cf8842005800b4e2745 (patch) | |
| tree | 3db4c853bb81346200b28dddd14879ee337699c2 /default.nix | |
| parent | 7bda4c4f110da5134ef9de5efe5d7e6f66bab6e6 (diff) | |
Fix password hash file generation behavior
- Move the "create password hash file from hashed password" behavior to
a separate variable, since having it in the default field of config
would always cause the warning to trigger
- Change type of hashedPassword to `nullOr str`
Diffstat (limited to 'default.nix')
| -rw-r--r-- | default.nix | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/default.nix b/default.nix index 0c6271c..e6aaf8c 100644 --- a/default.nix +++ b/default.nix @@ -56,10 +56,27 @@ in }; hashedPassword = mkOption { - type = types.str; + type = with types; nullOr str; + default = null; example = "$6$evQJs5CFQyPAW09S$Cn99Y8.QjZ2IBnSu4qf1vBxDRWkaIZWOtmu1Ddsm3.H3CFpeVc0JU4llIq8HQXgeatvYhh5O33eWG3TSpjzu6/"; description = '' - Hashed password. Use `mkpasswd` as follows + The user's hashed password. Use `mkpasswd` as follows + + ``` + mkpasswd -m sha-512 "super secret password" + ``` + + Warning: this is stored in plaintext in the Nix store! + Use `hashedPasswordFile` instead. + ''; + }; + + hashedPasswordFile = mkOption { + type = with types; nullOr path; + default = null; + example = "/run/keys/user1-passwordhash"; + description = '' + A file containing the user's hashed password. Use `mkpasswd` as follows ``` mkpasswd -m sha-512 "super secret password" |