diff options
Diffstat (limited to 'openwrt/users.nix')
| -rw-r--r-- | openwrt/users.nix | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/openwrt/users.nix b/openwrt/users.nix new file mode 100644 index 0000000..6e4f6fc --- /dev/null +++ b/openwrt/users.nix @@ -0,0 +1,32 @@ +{ config, lib, ... }: + +{ + options.users.root.hashedPassword = lib.mkOption { + type = lib.types.nullOr (lib.types.strMatching "[^\n:]*"); + default = null; + description = '' + Hashed password of the user. This should be either a disabled password + (e.g. `*` or `!`) or use MD5, SHA256, or SHA512. + ''; + }; + + config = { + deploySteps.rootPassword = lib.mkIf (config.users.root.hashedPassword != null) { + priority = 5000; + apply = '' + ( + umask 0077 + touch /tmp/.shadow + while IFS=: read name pw rest; do + if [ "$name" = root ]; then + echo "$name:"${lib.escapeShellArg config.users.root.hashedPassword}":$rest" + else + echo "$name:$pw:$rest" + fi + done </etc/shadow >>/tmp/.shadow + mv /tmp/.shadow /etc/shadow + ) + ''; + }; + }; +} |