Merge: nixos/users-groups: dump values of password options if multipl…

…e options have definitions (NixOS#349308)
nyanloutre · Oct 31, 2024 · 9c9b193 · 9c9b193
2 parents 87cf213 + 7cb22a0
commit 9c9b193
Showing 1 changed file with 18 additions and 7 deletions.
diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix
@@ -6,13 +6,15 @@ let
     attrNames
     attrValues
     concatMap
+    concatMapStringsSep
     concatStrings
     elem
     filter
     filterAttrs
     flatten
     flip
     foldr
+    generators
     getAttr
     hasAttr
     id
@@ -944,23 +946,32 @@ in {
 
     warnings =
       flip concatMap (attrValues cfg.users) (user: let
-        unambiguousPasswordConfiguration = 1 >= length (filter (x: x != null) ([
-          user.hashedPassword
-          user.hashedPasswordFile
-          user.password
+        passwordOptions = [
+          "hashedPassword"
+          "hashedPasswordFile"
+          "password"
         ] ++ optionals cfg.mutableUsers [
           # For immutable users, initialHashedPassword is set to hashedPassword,
           # so using these options would always trigger the assertion.
-          user.initialHashedPassword
-          user.initialPassword
-        ]));
+          "initialHashedPassword"
+          "initialPassword"
+        ];
+        unambiguousPasswordConfiguration = 1 >= length
+          (filter (x: x != null) (map (flip getAttr user) passwordOptions));
       in optional (!unambiguousPasswordConfiguration) ''
         The user '${user.name}' has multiple of the options
         `hashedPassword`, `password`, `hashedPasswordFile`, `initialPassword`
         & `initialHashedPassword` set to a non-null value.
         The options silently discard others by the order of precedence
         given above which can lead to surprising results. To resolve this warning,
         set at most one of the options above to a non-`null` value.
+
+        The values of these options are:
+        ${concatMapStringsSep
+          "\n"
+          (value:
+            "* users.users.\"${user.name}\".${value}: ${generators.toPretty {} user.${value}}")
+          passwordOptions}
       '')
       ++ filter (x: x != null) (
         flip mapAttrsToList cfg.users (_: user: