From 4b09ff2d36e2356dd34fb08cfc1fee1f10f8b5b2 Mon Sep 17 00:00:00 2001 From: Ming Di Leom <2809763-curben@users.noreply.gitlab.com> Date: Thu, 25 Jul 2024 11:06:56 +0000 Subject: [PATCH] post(nixos): rename passwordFile to hashedPasswordFile introduced in nixos v23.11 --- source/_posts/caddy-nixos-part-2.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/source/_posts/caddy-nixos-part-2.md b/source/_posts/caddy-nixos-part-2.md index 01f660a..933201a 100644 --- a/source/_posts/caddy-nixos-part-2.md +++ b/source/_posts/caddy-nixos-part-2.md @@ -69,14 +69,14 @@ printf "Password: " && read -s var && mkpasswd "$var" '$y$parameter$salt$' && va Replace the single-quoted value `''` with the copied value. It should have similar output as the previous mkpasswd. -### passwordFile +### hashedPasswordFile -Note that the hash is still world-readable. A more secure option is to use `users..passwordFile`. Save the hash into a file (e.g. "/etc/nixos/nixos.password") and restricts the file to be readable by root only (`chown root:root` and `chmod 600`). +Note that the hash is still world-readable. A more secure option is to use `users..hashedPasswordFile`. Save the hash into a file (e.g. "/etc/nixos/nixos.password") and restricts the file to be readable by root only (`chown root:root` and `chmod 600`). -You might be wondering why not just `passwordFile` during installation. The issue is that, in the live CD environment, the "/etc/" folder refers to the live CD's not the actual one which is located in "/mnt/etc/". I mean, you _could_ try "/mnt/etc/nixos/nixos.password", but remember to update the option after reboot otherwise you would get locked out. "./nixos.password" value doesn't work because `passwordFile` option doesn't support relative path, it must be a full path. Hence, I have to use `hashedPassword` during the initial setup and then switch to `passwordFile`. Remember to remove the `hashedPassword` option once you have set up `passwordFile`. +You might be wondering why not just `hashedPasswordFile` during installation. The issue is that, in the live CD environment, the "/etc/" folder refers to the live CD's not the actual one which is located in "/mnt/etc/". I mean, you _could_ try "/mnt/etc/nixos/nixos.password", but remember to update the option after reboot otherwise you would get locked out. "./nixos.password" value doesn't work because `hashedPasswordFile` option doesn't support relative path, it must be a full path. Hence, I have to use `hashedPassword` during the initial setup and then switch to `hashedPasswordFile`. Remember to remove the `hashedPassword` option once you have set up `hashedPasswordFile`. ```nix - passwordFile = "/etc/nixos/nixos.password"; + hashedPasswordFile = "/etc/nixos/nixos.password"; isNormalUser = true; extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. ``` @@ -614,7 +614,7 @@ Since [unattended upgrade](#unattended-upgrade) is executed on 00:00, I delay ga hashedPassword = "*"; # Disable root password }; nixos = { - passwordFile = "/etc/nixos/nixos.password"; + hashedPasswordFile = "/etc/nixos/nixos.password"; isNormalUser = true; extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. };