feat(users): Add root passwords and deactivate mutableUsers

2024-10-10 09:23:09 +02:00 · 2024-10-10 09:23:09 +02:00 · 1e71ef3636
commit 1e71ef3636
parent 7bdc70632c
5 changed files with 50 additions and 8 deletions
--- a/modules/dgn-access-control.nix
+++ b/modules/dgn-access-control.nix
@ -45,6 +45,7 @@ let
    mkDefault
    mkEnableOption
    mkIf
+    mkMerge
    mkOption

    types
@ -79,12 +80,22 @@ in
    };
  };

-  config = mkIf cfg.enable {
-    # Admins have root access to the node
-    dgn-access-control.users.root = mkDefault admins;
+  config = mkIf cfg.enable (mkMerge [
+    {
+      # Admins have root access to the node
+      dgn-access-control.users.root = mkDefault admins;

-    users.users = builtins.mapAttrs (_: members: {
-      openssh.authorizedKeys.keys = dgn-keys.getKeys members;
-    }) cfg.users;
-  };
+      users.users = builtins.mapAttrs (_: members: {
+        openssh.authorizedKeys.keys = dgn-keys.getKeys members;
+      }) cfg.users;
+    }
+    {
+      users = {
+        mutableUsers = false;
+        users.root = {
+          inherit (nodeMeta) hashedPassword;
+        };
+      };
+    }
+  ]);
 }