users.extraUsers.<name>.initialPassword
Specifies the initial password for the user, i.e. the
password assigned if the user does not already exist. If
users.mutableUsers is true, the password
can be changed subsequently using the
passwd command. Otherwise, it's
equivalent to setting the password
option. The same caveat applies: the password specified here
is world-readable in the Nix store, so it should only be
used for guest accounts or passwords that will be changed
promptly.
The initialHashedPassword, hashedPassword,
initialPassword, password and
hashedPasswordFile options all control what password is set for
the user.
In a system where systemd.sysusers.enable is false, typically
only one of hashedPassword, password, or
hashedPasswordFile will be set.
In a system where systemd.sysusers.enable or services.userborn.enable is true,
typically only one of initialPassword, initialHashedPassword,
or hashedPasswordFile will be set.
If the option users.mutableUsers is true, the password defined
in one of the above password options will only be set when the user is
created for the first time. After that, you are free to change the
password with the ordinary user management commands. If
users.mutableUsers is false, you cannot change user passwords,
they will always be set according to the password options.
If none of the password options are set, then no password is assigned to the user, and the user will not be able to do password-based logins.
If multiple of these password options are set at the same time then a
specific order of precedence is followed, which can lead to surprising
results. The order of precedence differs depending on whether the
users.mutableUsers option is set.
If the option users.mutableUsers is
false, then the order of precedence is as shown
below, where values on the left are overridden by values on the right:
initialHashedPassword -> hashedPassword -> initialPassword -> password -> hashedPasswordFile
If the option users.mutableUsers is
true, then the order of precedence is as shown
below, where values on the left are overridden by values on the right:
initialHashedPassword -> initialPassword -> hashedPassword -> password -> hashedPasswordFile
- Type
null or string- Default
null- Declared
- <nixpkgs/nixos/modules/config/users-groups.nix>