mirror of https://gitlab.com/curben/blog
post(nixos): rename passwordFile to hashedPasswordFile
introduced in nixos v23.11
This commit is contained in:
parent
f038f71a97
commit
4b09ff2d36
|
@ -69,14 +69,14 @@ printf "Password: " && read -s var && mkpasswd "$var" '$y$parameter$salt$' && va
|
||||||
|
|
||||||
Replace the single-quoted value `''` with the copied value. It should have similar output as the previous mkpasswd.
|
Replace the single-quoted value `''` with the copied value. It should have similar output as the previous mkpasswd.
|
||||||
|
|
||||||
### passwordFile
|
### hashedPasswordFile
|
||||||
|
|
||||||
Note that the hash is still world-readable. A more secure option is to use `users.<name>.passwordFile`. Save the hash into a file (e.g. "/etc/nixos/nixos.password") and restricts the file to be readable by root only (`chown root:root` and `chmod 600`).
|
Note that the hash is still world-readable. A more secure option is to use `users.<name>.hashedPasswordFile`. Save the hash into a file (e.g. "/etc/nixos/nixos.password") and restricts the file to be readable by root only (`chown root:root` and `chmod 600`).
|
||||||
|
|
||||||
You might be wondering why not just `passwordFile` during installation. The issue is that, in the live CD environment, the "/etc/" folder refers to the live CD's not the actual one which is located in "/mnt/etc/". I mean, you _could_ try "/mnt/etc/nixos/nixos.password", but remember to update the option after reboot otherwise you would get locked out. "./nixos.password" value doesn't work because `passwordFile` option doesn't support relative path, it must be a full path. Hence, I have to use `hashedPassword` during the initial setup and then switch to `passwordFile`. Remember to remove the `hashedPassword` option once you have set up `passwordFile`.
|
You might be wondering why not just `hashedPasswordFile` during installation. The issue is that, in the live CD environment, the "/etc/" folder refers to the live CD's not the actual one which is located in "/mnt/etc/". I mean, you _could_ try "/mnt/etc/nixos/nixos.password", but remember to update the option after reboot otherwise you would get locked out. "./nixos.password" value doesn't work because `hashedPasswordFile` option doesn't support relative path, it must be a full path. Hence, I have to use `hashedPassword` during the initial setup and then switch to `hashedPasswordFile`. Remember to remove the `hashedPassword` option once you have set up `hashedPasswordFile`.
|
||||||
|
|
||||||
```nix
|
```nix
|
||||||
passwordFile = "/etc/nixos/nixos.password";
|
hashedPasswordFile = "/etc/nixos/nixos.password";
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
|
extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
|
||||||
```
|
```
|
||||||
|
@ -614,7 +614,7 @@ Since [unattended upgrade](#unattended-upgrade) is executed on 00:00, I delay ga
|
||||||
hashedPassword = "*"; # Disable root password
|
hashedPassword = "*"; # Disable root password
|
||||||
};
|
};
|
||||||
nixos = {
|
nixos = {
|
||||||
passwordFile = "/etc/nixos/nixos.password";
|
hashedPasswordFile = "/etc/nixos/nixos.password";
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
|
extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in New Issue