Re: Avoiding the need to set user passwords for 'guix system vm-image'

[Leo Famulari]

On Wed, Jan 31, 2018 at 08:41:44PM -0500, George myglc2 Clemmer wrote:
> How do I avoid the need to set user passwords for vm-images created with
> 'guix system vm-image'?

It's possible to put the encrypted user passwords in the GuixSD configuration 
file:

"password (default: #f)

    You would normally leave this field to #f, initialize user passwords
    as root with the passwd command, and then let users change it with
    passwd. Passwords set with passwd are of course preserved across
    reboot and reconfiguration.

    If you do want to have a preset password for an account, then this
    field must contain the encrypted password, as a string. See crypt in
    The GNU C Library Reference Manual, for more information on password
    encryption, and Encryption in GNU Guile Reference Manual, for
    information on Guile’s crypt procedure."

https://www.gnu.org/software/guix/manual/html_node/User-Accounts.html#User-Accounts

> Is there a way to pre-populate user accounts with public keys?

And, at least with the OpenSSH service, to include the public keys:

(service openssh-service-type
         (openssh-configuration
           (x11-forwarding? #t)
           (permit-root-login 'without-password)
           (authorized-keys
             `(("alice" ,(local-file "alice.pub"))
               ("bob" ,(local-file "bob.pub"))))))

I haven't tried it, but I think it should be possible to pass the public
key as a string instead of using local-file if necessary.

https://www.gnu.org/software/guix/manual/html_node/Networking-Services.html#index-openssh_002dservice_002dtype

> A sample config sure would be appreciated ;-)

Sorry, I've never tried either of these things before :)

signature.asc
Description: PGP signature