Add option ‘users.motd’ for setting a message of the day shown on login

Note that this uses pam_motd.
This commit is contained in:
Eelco Dolstra 2012-10-23 09:10:48 -04:00
parent c980faebe2
commit 224c825a36
3 changed files with 20 additions and 3 deletions

View File

@ -1,6 +1,6 @@
# Configuration for the pwdutils suite of tools: passwd, useradd, etc.
{config, pkgs, ...}:
{ config, pkgs, ... }:
let
@ -27,6 +27,7 @@ let
# Uncomment this to allow non-root users to change their account
#information. This should be made configurable.
#CHFN_RESTRICT frwh
'';
in
@ -90,7 +91,7 @@ in
{ name = "groupmod"; rootOK = true; }
{ name = "groupmems"; rootOK = true; }
{ name = "groupdel"; rootOK = true; }
{ name = "login"; startSession = true; allowNullPassword = true; }
{ name = "login"; startSession = true; allowNullPassword = true; showMotd = true; }
];
security.setuidPrograms = [ "passwd" "chfn" "su" "newgrp" ];

View File

@ -29,6 +29,8 @@ let
concatStringsSep " " [ domain type item value ])
limits));
motd = pkgs.writeText "motd" config.users.motd;
makePAMService =
{ name
, # If set, root doesn't need to authenticate (e.g. for the "chsh"
@ -58,6 +60,8 @@ let
allowNullPassword ? false
, # The limits, as per limits.conf(5).
limits ? config.security.pam.loginLimits
, # Whether to show the message of the day.
showMotd ? false
}:
{ source = pkgs.writeText "${name}.pam"
@ -110,6 +114,8 @@ let
"session optional pam_xauth.so xauthpath=${pkgs.xorg.xauth}/bin/xauth systemuser=99"}
${optionalString (limits != [])
"session required ${pkgs.pam}/lib/security/pam_limits.so conf=${makeLimitsConf limits}"}
${optionalString (showMotd && config.users.motd != null)
"session optional ${pkgs.pam}/lib/security/pam_motd.so motd=${motd}"}
'';
target = "pam.d/${name}";
};
@ -201,6 +207,13 @@ in
'';
};
users.motd = mkOption {
default = null;
example = "Today is Sweetmorn, the 4th day of The Aftermath in the YOLD 3178.";
type = types.nullOr types.string;
description = "Message of the day shown to users when they log in.";
};
};

View File

@ -358,7 +358,7 @@ in
networking.firewall.allowedTCPPorts = cfg.ports;
security.pam.services = optional cfg.usePAM { name = "sshd"; startSession = true; };
security.pam.services = optional cfg.usePAM { name = "sshd"; startSession = true; showMotd = true; };
services.openssh.extraConfig =
''
@ -390,10 +390,13 @@ in
GatewayPorts ${cfg.gatewayPorts}
PasswordAuthentication ${if cfg.passwordAuthentication then "yes" else "no"}
ChallengeResponseAuthentication ${if cfg.challengeResponseAuthentication then "yes" else "no"}
PrintMotd no # handled by pam_motd
'';
assertions = [{ assertion = if cfg.forwardX11 then cfgc.setXAuthLocation else true;
message = "cannot enable X11 forwarding without setting xauth location";}];
};
}