2024-05-14 08:39:31 +00:00
|
|
|
{
|
|
|
|
pkgs,
|
|
|
|
config,
|
|
|
|
lib,
|
|
|
|
...
|
|
|
|
}:
|
|
|
|
{
|
|
|
|
options.clan.user-password = {
|
|
|
|
user = lib.mkOption {
|
|
|
|
type = lib.types.str;
|
|
|
|
example = "alice";
|
|
|
|
description = "The user the password should be generated for.";
|
|
|
|
};
|
|
|
|
prompt = lib.mkOption {
|
|
|
|
type = lib.types.bool;
|
2024-05-22 10:15:26 +00:00
|
|
|
default = true;
|
|
|
|
example = false;
|
2024-05-14 08:39:31 +00:00
|
|
|
description = "Whether the user should be prompted.";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
config = {
|
|
|
|
users.mutableUsers = false;
|
|
|
|
users.users.${config.clan.user-password.user}.hashedPasswordFile =
|
|
|
|
config.clanCore.facts.services.user-password.secret.user-password-hash.path;
|
|
|
|
sops.secrets."${config.clanCore.machineName}-user-password-hash".neededForUsers = true;
|
|
|
|
clanCore.facts.services.user-password = {
|
|
|
|
secret.user-password = { };
|
|
|
|
secret.user-password-hash = { };
|
|
|
|
generator.prompt = (
|
|
|
|
lib.mkIf config.clan.user-password.prompt "Set the password for your $user: ${config.clan.user-password.user}.
|
|
|
|
You can autogenerate a password, if you leave this prompt blank."
|
|
|
|
);
|
|
|
|
generator.path = with pkgs; [
|
|
|
|
coreutils
|
|
|
|
xkcdpass
|
|
|
|
mkpasswd
|
|
|
|
];
|
|
|
|
generator.script = ''
|
|
|
|
if [[ -n $prompt_value ]]; then
|
|
|
|
echo $prompt_value > $secrets/user-password
|
|
|
|
else
|
|
|
|
xkcdpass --numwords 3 --delimiter - --count 1 > $secrets/user-password
|
|
|
|
fi
|
|
|
|
cat $secrets/user-password | mkpasswd -s -m sha-512 > $secrets/user-password-hash
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|