diff --git a/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml
index 0a750121dfe6..e943b6c26279 100644
--- a/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml
@@ -245,6 +245,13 @@
package.
+
+
+ The new option users.motdFile allows
+ configuring a Message Of The Day that can be updated
+ dynamically.
+
+
Resilio sync secret keys can now be provided using a secrets
diff --git a/nixos/doc/manual/release-notes/rl-2305.section.md b/nixos/doc/manual/release-notes/rl-2305.section.md
index 0870d1feaba6..305c19f87f0d 100644
--- a/nixos/doc/manual/release-notes/rl-2305.section.md
+++ b/nixos/doc/manual/release-notes/rl-2305.section.md
@@ -72,6 +72,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- A new `virtualisation.rosetta` module was added to allow running `x86_64` binaries through [Rosetta](https://developer.apple.com/documentation/apple-silicon/about-the-rosetta-translation-environment) inside virtualised NixOS guests on Apple silicon. This feature works by default with the [UTM](https://docs.getutm.app/) virtualisation [package](https://search.nixos.org/packages?channel=unstable&show=utm&from=0&size=1&sort=relevance&type=packages&query=utm).
+- The new option `users.motdFile` allows configuring a Message Of The Day that can be updated dynamically.
+
- Resilio sync secret keys can now be provided using a secrets file at runtime, preventing these secrets from ending up in the Nix store.
- The `services.fwupd` module now allows arbitrary daemon settings to be configured in a structured manner ([`services.fwupd.daemonSettings`](#opt-services.fwupd.daemonSettings)).
diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix
index 21e1749d8503..08b51788e082 100644
--- a/nixos/modules/security/pam.nix
+++ b/nixos/modules/security/pam.nix
@@ -694,7 +694,7 @@ let
optionalString (cfg.limits != []) ''
session required ${pkgs.pam}/lib/security/pam_limits.so conf=${makeLimitsConf cfg.limits}
'' +
- optionalString (cfg.showMotd && config.users.motd != null) ''
+ optionalString (cfg.showMotd && (config.users.motd != null || config.users.motdFile != null)) ''
session optional ${pkgs.pam}/lib/security/pam_motd.so motd=${motd}
'' +
optionalString (cfg.enableAppArmor && config.security.apparmor.enable) ''
@@ -775,7 +775,9 @@ let
};
}));
- motd = pkgs.writeText "motd" config.users.motd;
+ motd = if isNull config.users.motdFile
+ then pkgs.writeText "motd" config.users.motd
+ else config.users.motdFile;
makePAMService = name: service:
{ name = "pam.d/${name}";
@@ -1199,12 +1201,26 @@ in
description = lib.mdDoc "Message of the day shown to users when they log in.";
};
+ users.motdFile = mkOption {
+ default = null;
+ example = "/etc/motd";
+ type = types.nullOr types.path;
+ description = lib.mdDoc "A file containing the message of the day shown to users when they log in.";
+ };
};
###### implementation
config = {
+ assertions = [
+ {
+ assertion = isNull config.users.motd || isNull config.users.motdFile;
+ message = ''
+ Only one of users.motd and users.motdFile can be set.
+ '';
+ }
+ ];
environment.systemPackages =
# Include the PAM modules in the system path mostly for the manpages.