non-privileged users don't need to check passwords well, maybe they do (for desktop unlockers), but i've already solved that :)
12 lines
250 B
Nix
12 lines
250 B
Nix
{ config, ... }:
|
|
let
|
|
cfg = config.sane.programs.shadow;
|
|
in
|
|
{
|
|
sane.programs.shadow = {
|
|
sandbox.enable = false; #< `login` can't be sandboxed because it launches a user shell
|
|
};
|
|
|
|
services.getty.loginProgram = "${cfg.package}/bin/login";
|
|
}
|