From 5a3eb4f6fee7f5b571ff6c66c6c5aac95de8a8a3 Mon Sep 17 00:00:00 2001
From: Jan Tojnar <jtojnar@gmail.com>
Date: Mon, 3 Apr 2023 02:13:52 +0200
Subject: [PATCH] nixos/users-groups: Fix password scheme validation

0d7cd666520621ebb3f2fb0e590064e8621e249e broke validation for hashes with options
such as those generated with `mkpasswd --method=sha-512 --rounds=1000000`:

    $6$rounds=1000000$xpzZ6Rfg873gZnDY$RxS7lpVnohfDrrKG3lt9UFHED1KoiPGzH7zQv/HzwalZepo/IfFtxw05ap25duEJSKYhC14.Fn9eXszEpWVtF.

This fixes it.
---
 nixos/modules/config/users-groups.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix
index 852f0a22f3a..e44cce11f3a 100644
--- a/nixos/modules/config/users-groups.nix
+++ b/nixos/modules/config/users-groups.nix
@@ -733,8 +733,9 @@ in {
           sep = "\\$";
           base64 = "[a-zA-Z0-9./]+";
           id = cryptSchemeIdPatternGroup;
+          name = "[a-z0-9-]+";
           value = "[a-zA-Z0-9/+.-]+";
-          options = "${id}(=${value})?(,${id}=${value})*";
+          options = "${name}(=${value})?(,${name}=${value})*";
           scheme  = "${id}(${sep}${options})?";
           content = "${base64}${sep}${base64}(${sep}${base64})?";
           mcf = "^${sep}${scheme}${sep}${content}$";