support unhashed password files

This commit is contained in:
Ryan Gibb
2026-03-04 17:14:45 +00:00
parent e1afec5b08
commit 12ae5dd89b
5 changed files with 67 additions and 5 deletions
+9 -2
View File
@@ -90,8 +90,15 @@ in
config = lib.mkIf enable {
# assert that all accounts provide a password
assertions = map (acct: {
assertion = acct.hashedPassword != null || acct.hashedPasswordFile != null;
message = "${acct.name} must provide either a hashed password or a password hash file";
assertion =
lib.length (
lib.filter (value: value != null) [
acct.hashedPassword
acct.hashedPasswordFile
acct.passwordFile
]
) == 1;
message = "Login account ${acct.name} must provide exactly one of password file, hashed password, or hashed password file";
}) (lib.attrValues loginAccounts);
# warn for accounts that specify both password and file