diff options
| author |  Alexander Foremny <aforemny@posteo.de> | 2025-09-08 00:10:35 +0200 |
|---|---|---|
| committer | Alexander Foremny <aforemny@posteo.de> | 2025-09-08 00:11:23 +0200 |
| commit | a485724fdc452fa19b337c2364a105243635acb3 (patch) | |
| tree | 832d52907499ff2d435e70cec1f64a8d37f429ed | |
| parent | 3e4da4404a1b1eca40f7fbdd566800936456ac03 (diff) | |
extend userSecret implementation to all users (not only root)
requires a patch of nixpkgs:
```diff
--- a/nixos/modules/contracts/default.nix 2025-09-07 16:15:41.381243855 +0200
+++ b/nixos/modules/contracts/default.nix 2025-09-08 00:05:58.218489096 +0200
@@ -87,7 +87,8 @@ in
default = submodule (consumer: {
options = {
provider = mkOption {
- type = interface.config.provider;
+ type = lib.types.nullOr interface.config.provider;
+ default = null;
};
input = mkOption {
type = submodule interface.config.input;`
| -rw-r--r-- | modules/userSecret.nix | 30 |
1 files changed, 16 insertions, 14 deletions
diff --git a/modules/userSecret.nix b/modules/userSecret.nix index b47cc95..02502a2 100644 --- a/modules/userSecret.nix +++ b/modules/userSecret.nix @@ -1,24 +1,26 @@ # "secret" consumer { config, lib, ... }: +let + topConfig = config; +in { options.users.users = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { options.passwordSecret = lib.mkOption { - type = lib.types.nullOr config.contracts.secret.consumer; + type = lib.types.nullOr topConfig.contracts.secret.consumer; }; - }); - }; - config = { - # TODO other users than root - users.users.root.passwordFile = - lib.mkIf (config.users.users.root.passwordSecret != null) - config.users.users.root.passwordSecret.output.path; + config = { + hashedPasswordFile = + lib.mkIf (config.passwordSecret.provider != null) + config.passwordSecret.output.path; - users.users.root.passwordSecret.input = - lib.mkIf (config.users.users.root.passwordSecret != null) { - owner = "root"; - group = "root"; - mode = "0400"; + passwordSecret.input = + lib.mkIf (config.passwordSecret.provider != null) { + owner = "root"; + group = "root"; + mode = "0400"; + }; }; + })); }; } |