What exactly happens when a user entry in configuration.nix has no password specified? I added an ssh key, so am able to log in as them, but specified no password or passwordHash. It doesn’t seem to be an empty password, or the root password. Does it have no valid password? I didn’t know that was possible.
users.users.me = {
uid = 1000;
isNormalUser = true;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [ "<redacted>" ];
};
(and, is there a place I could have gone to learn this kind of thing for myself in the future?)
Ah, I found the answer with man configuration.nix:
users.users.<name?>.hashedPassword
Specifies the hashed password for the user. The options hashedPassword, password and passwordFile controls what password is set for the
user. hashedPassword overrides both password and passwordFile. password overrides passwordFile. ***If none of these three options are
set, no password is assigned to the user, and the user will not be able to do password logins.*** If the option users.mutableUsers is
true, the password defined in one of the three options will only be set when the user is created for the first time. After that, you
are free to change the password with the ordinary user management commands. If users.mutableUsers is false, you cannot change user
passwords, they will always be set according to the password options.
To generate hashed password install mkpasswd package and run mkpasswd -m sha-512.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
Cool, thanks for posting this. I logged in as root after installing nixos then used mkpasswd for my normal user.