Sovran_Systems/Sovran_SystemsOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #283 from naturallaw777/copilot/fix-free-password-setup-script

Browse Source 
fix(credentials): enforce boot ordering and error visibility for password-setup services
This commit is contained in:
Sovran Systems
2026-04-29 19:54:14 -05:00
committed by GitHub
parent 466582bcdc 6512bf4356
commit 1cd5bd4496
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/credentials.nix
+4
View File
@@ -127,6 +127,7 @@ in
}; };
path = [ pkgs.shadow pkgs.coreutils ]; path = [ pkgs.shadow pkgs.coreutils ];
script = '' script = ''
set -euo pipefail
SECRET_FILE="/var/lib/secrets/root-password" SECRET_FILE="/var/lib/secrets/root-password"
if [ ! -f "$SECRET_FILE" ]; then if [ ! -f "$SECRET_FILE" ]; then
mkdir -p /var/lib/secrets mkdir -p /var/lib/secrets
@@ -158,12 +159,15 @@ in
systemd.services.free-password-setup = { systemd.services.free-password-setup = {
description = "Generate and set a random 'free' user password"; description = "Generate and set a random 'free' user password";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
before = [ "display-manager.service" ];
after = [ "systemd-user-sessions.service" ];
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
RemainAfterExit = true; RemainAfterExit = true;
}; };
path = [ pkgs.shadow pkgs.coreutils ]; path = [ pkgs.shadow pkgs.coreutils ];
script = '' script = ''
set -euo pipefail
SECRET_FILE="/var/lib/secrets/free-password" SECRET_FILE="/var/lib/secrets/free-password"
PENDING_FILE="/var/lib/secrets/free-password-migration-pending" PENDING_FILE="/var/lib/secrets/free-password-migration-pending"