Ban root passwords from HQ
This commit is contained in:
parent
ed3670aeba
commit
83c0090ab9
|
@ -32,6 +32,7 @@ let
|
||||||
|
|
||||||
cfg = config.c3d2;
|
cfg = config.c3d2;
|
||||||
|
|
||||||
|
|
||||||
in {
|
in {
|
||||||
|
|
||||||
imports = [ ./users ];
|
imports = [ ./users ];
|
||||||
|
@ -118,6 +119,9 @@ in {
|
||||||
# Configuration specific to this machine
|
# Configuration specific to this machine
|
||||||
|
|
||||||
assertions = [
|
assertions = [
|
||||||
|
{ assertion = cfg.isInHq -> (config.users.users.root.password == null);
|
||||||
|
message = "Root passwords not allowed in HQ";
|
||||||
|
}
|
||||||
{
|
{
|
||||||
assertion = let
|
assertion = let
|
||||||
check = hostName: hostName == config.networking.hostName;
|
check = hostName: hostName == config.networking.hostName;
|
||||||
|
|
Loading…
Reference in New Issue