How to adjust /etc/login.defs?

I am new to NixOS. I have used to configure my home systems using Ansible, and one of the first steps in that is to adjust the /etc/login.defs file, since I want to use what Red Hat calls “user private groups”.
Now I am trying to “port” my ansible setup to use Nix instead.

I can see that there is a shadow.nix file that configures this file originally, but how can I override or adjust what is added to this file?

nixpkgs/shadow.nix at 634141959076a8ab69ca2cca0f266852256d79ee · NixOS/nixpkgs (

The module does not support any customization of login.defs. You would need to open a PR to Nixpkgs. adding an option for setting the default umask.

Or you can force replace the file by adding something like the following to your configuration:

environment.etc."login.defs".source = lib.mkForce (pkgs.writeText "login.defs" myLoginDefs);
1 Like

Thanks for clarifying that it is not possible to override. I need more understanding of Nix language before I can attempt a PR but I will try out the workaround first.