diff options
| author | pennae <pennae.git@eno.space> | 2023-09-22 20:55:05 +0200 |
|---|---|---|
| committer | pennae <pennae.git@eno.space> | 2023-09-22 21:06:55 +0200 |
| commit | 66c6d2c1dfd4b3ef222bb64d3ccef9be915e0895 (patch) | |
| tree | 0dde64acbdf9aa61134cdf066723bd731101f767 /openwrt/users.nix | |
| download | dewclaw-66c6d2c1dfd4b3ef222bb64d3ccef9be915e0895.tar.gz dewclaw-66c6d2c1dfd4b3ef222bb64d3ccef9be915e0895.tar.xz dewclaw-66c6d2c1dfd4b3ef222bb64d3ccef9be915e0895.zip | |
initial commit
without warranty of any kind, express or impliend
Diffstat (limited to 'openwrt/users.nix')
| -rw-r--r-- | openwrt/users.nix | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/openwrt/users.nix b/openwrt/users.nix new file mode 100644 index 0000000..6e4f6fc --- /dev/null +++ b/openwrt/users.nix @@ -0,0 +1,32 @@ +{ config, lib, ... }: + +{ + options.users.root.hashedPassword = lib.mkOption { + type = lib.types.nullOr (lib.types.strMatching "[^\n:]*"); + default = null; + description = '' + Hashed password of the user. This should be either a disabled password + (e.g. `*` or `!`) or use MD5, SHA256, or SHA512. + ''; + }; + + config = { + deploySteps.rootPassword = lib.mkIf (config.users.root.hashedPassword != null) { + priority = 5000; + apply = '' + ( + umask 0077 + touch /tmp/.shadow + while IFS=: read name pw rest; do + if [ "$name" = root ]; then + echo "$name:"${lib.escapeShellArg config.users.root.hashedPassword}":$rest" + else + echo "$name:$pw:$rest" + fi + done </etc/shadow >>/tmp/.shadow + mv /tmp/.shadow /etc/shadow + ) + ''; + }; + }; +} |