From 66c6d2c1dfd4b3ef222bb64d3ccef9be915e0895 Mon Sep 17 00:00:00 2001
From: pennae <pennae.git@eno.space>
Date: Fri, 22 Sep 2023 20:55:05 +0200
Subject: initial commit

without warranty of any kind, express or impliend
---
 openwrt/users.nix | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 openwrt/users.nix

(limited to 'openwrt/users.nix')

diff --git a/openwrt/users.nix b/openwrt/users.nix
new file mode 100644
index 0000000..6e4f6fc
--- /dev/null
+++ b/openwrt/users.nix
@@ -0,0 +1,32 @@
+{ config, lib, ... }:
+
+{
+  options.users.root.hashedPassword = lib.mkOption {
+    type = lib.types.nullOr (lib.types.strMatching "[^\n:]*");
+    default = null;
+    description = ''
+      Hashed password of the user. This should be either a disabled password
+      (e.g. `*` or `!`) or use MD5, SHA256, or SHA512.
+    '';
+  };
+
+  config = {
+    deploySteps.rootPassword = lib.mkIf (config.users.root.hashedPassword != null) {
+      priority = 5000;
+      apply = ''
+        (
+          umask 0077
+          touch /tmp/.shadow
+          while IFS=: read name pw rest; do
+            if [ "$name" = root ]; then
+              echo "$name:"${lib.escapeShellArg config.users.root.hashedPassword}":$rest"
+            else
+              echo "$name:$pw:$rest"
+            fi
+          done </etc/shadow >>/tmp/.shadow
+          mv /tmp/.shadow /etc/shadow
+        )
+      '';
+    };
+  };
+}
-- 
cgit v1.2.3