Browse Source

Ban root passwords from HQ

storage-ng
Emery Hemingway 1 month ago
parent
commit
83c0090ab9
1 changed files with 4 additions and 0 deletions
  1. 4
    0
      lib/default.nix

+ 4
- 0
lib/default.nix View File

@@ -32,6 +32,7 @@ let
32 32
 
33 33
   cfg = config.c3d2;
34 34
 
35
+
35 36
 in {
36 37
 
37 38
   imports = [ ./users ];
@@ -118,6 +119,9 @@ in {
118 119
     # Configuration specific to this machine
119 120
 
120 121
     assertions = [
122
+      { assertion = cfg.isInHq -> (config.users.users.root.password == null);
123
+        message = "Root passwords not allowed in HQ";
124
+      }
121 125
       {
122 126
         assertion = let
123 127
           check = hostName: hostName == config.networking.hostName;

Loading…
Cancel
Save