Skip to content

user-password 🔹

Automatically generates and configures a password for the specified user account.

Categories

System

If setting the option prompt to true, the user will be prompted to type in their desired password.

Note

This module will set mutableUsers to false, meaning you can not manage user passwords through passwd anymore.

After the system was installed/deployed the following command can be used to display the user-password:

clan secrets get {machine_name}-user-password

See also: Facts / Secrets

To regenerate the password, delete the password files in the clan directory and redeploy the machine.

Usage via Inventory

Roles

This module can be used via predefined roles

- `default`

Every role has its own configuration options. Which are each listed below.

For more information, see the inventory guide.

Example

For example the admin module adds the following options globally to all machines where it is used.

clan.admin.allowedkeys

This means there are two equivalent ways to set the allowedkeys option. Either via a nixos module or via the inventory interface. But it is recommended to keep together imports and config to preserve locality of the module configuration.

clan-core.lib.buildClan {
    inventory.services = {
        admin.me = {
            roles.default.machines = [ "jon" ];
            config.allowedkeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQD..." ];
        };
    };
};

clan-core.lib.buildClan {
    machines = {
        jon = {
            clan.admin.allowedkeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQD..." ];
            imports = [ clanModules.admin ];
        };
    };
};

Options of default role

The following options are available when using the default role.

prompt

Whether the user should be prompted.

Type: boolean

Default:

true
Example 
false

default.nix

user

The user the password should be generated for.

Type: string

Example 
"alice"

default.nix

Usage via Nix

This module can be also imported directly in your nixos configuration. Although it is recommended to use the inventory interface if available.

Some modules are considered 'low-level' or 'expert modules' and are not available via the inventory interface.

{config, lib, inputs, ...}: {
    imports = [ inputs.clan-core.clanModules.user-password ];
    # ...
}

Module Options

The following options are available for this module.

clan.user-password.prompt

Whether the user should be prompted.

Type: boolean

Default:

true
Example 
false

default.nix

clan.user-password.user

The user the password should be generated for.

Type: string

Example 
"alice"

default.nix