ehmry
/
nix-processmgmt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
nix-processmgmt/nixproc/backends/disnix/generate-disnix-image-args.nix

47 lines
1.4 KiB
Nix
Raw Blame History

{pkgs, system, exprFile, stateDir, runtimeDir, forceDisableUserChange, extraParams}:
let
sysvinitTools = (import ../../../tools {
inherit pkgs system;
}).sysvinit;
generateCompoundProxy = import ../util/generate-compound-proxy.nix {
inherit (pkgs) stdenv writeTextFile;
};
disnixDataDir = "${pkgs.disnix}/share/disnix";
profile = import ./build-disnix-env.nix {
inherit pkgs system exprFile stateDir runtimeDir forceDisableUserChange extraParams disnixDataDir;
};
emptyProfile = import ./build-disnix-env.nix {
inherit pkgs system stateDir runtimeDir forceDisableUserChange extraParams disnixDataDir;
exprFile = null;
};
script = generateCompoundProxy {
path = [ pkgs.dysnomia pkgs.disnix ];
startCommand = "disnix-activate ${profile}";
stopCommand = "disnix-activate -o ${profile} ${emptyProfile}";
};
in
{
runAsRoot = pkgs.lib.optionalString (!forceDisableUserChange) ''
${pkgs.gnused}/bin/sed -i -e "s/CREATE_MAIL_SPOOL=yes/CREATE_MAIL_SPOOL=no/" /etc/default/useradd
mkdir -p /etc/pam.d
cat > /etc/pam.d/su <<EOF
account required pam_unix.so
auth sufficient pam_rootok.so
auth required pam_tally.so
auth sufficient pam_unix.so likeauth try_first_pass
auth required pam_deny.so
password sufficient pam_unix.so nullok sha512
EOF
'';
contents = [ pkgs.shadow pkgs.su pkgs.disnix pkgs.dysnomia ];
cmd = [ script ];
credentialsSpec = null;
}
Reference in New Issue View Git Blame Copy Permalink