diff options
Diffstat (limited to 'nixos/modules/system/boot/systemd/initrd.nix')
-rw-r--r-- | nixos/modules/system/boot/systemd/initrd.nix | 17 |
1 files changed, 5 insertions, 12 deletions
diff --git a/nixos/modules/system/boot/systemd/initrd.nix b/nixos/modules/system/boot/systemd/initrd.nix index ffe96f3ad9c30..d623eddf699f9 100644 --- a/nixos/modules/system/boot/systemd/initrd.nix +++ b/nixos/modules/system/boot/systemd/initrd.nix @@ -72,15 +72,6 @@ let "systemd-tmpfiles-setup.service" "timers.target" "umount.target" - - # TODO: Networking - # "network-online.target" - # "network-pre.target" - # "network.target" - # "nss-lookup.target" - # "nss-user-lookup.target" - # "remote-fs-pre.target" - # "remote-fs.target" ] ++ cfg.additionalUpstreamUnits; upstreamWants = [ @@ -378,7 +369,7 @@ in { "/etc/systemd/system.conf".text = '' [Manager] - DefaultEnvironment=PATH=/bin:/sbin ${optionalString (isBool cfg.emergencyAccess && cfg.emergencyAccess) "SYSTEMD_SULOGIN_FORCE=1"} + DefaultEnvironment=PATH=/bin:/sbin ${cfg.extraConfig} ManagerEnvironment=${lib.concatStringsSep " " (lib.mapAttrsToList (n: v: "${n}=${lib.escapeShellArg v}") cfg.managerEnvironment)} ''; @@ -388,8 +379,10 @@ in { "/etc/modules-load.d/nixos.conf".text = concatStringsSep "\n" config.boot.initrd.kernelModules; - "/etc/passwd".source = "${pkgs.fakeNss}/etc/passwd"; - "/etc/shadow".text = "root:${if isBool cfg.emergencyAccess then "!" else cfg.emergencyAccess}:::::::"; + # We can use either ! or * to lock the root account in the + # console, but some software like OpenSSH won't even allow you + # to log in with an SSH key if you use ! so we use * instead + "/etc/shadow".text = "root:${if isBool cfg.emergencyAccess then optionalString (!cfg.emergencyAccess) "*" else cfg.emergencyAccess}:::::::"; "/bin".source = "${initrdBinEnv}/bin"; "/sbin".source = "${initrdBinEnv}/sbin"; |