BoomMicrophone/nixpkgs-suyu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

nixos/security: Fix pam configuration file generation.

Browse source
This commit is contained in:
Scott Dier 2019-02-13 01:39:22 +00:00
parent 4e9ac79ef5
commit a3273e85e3
1 changed files with 8 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
nixos/modules/security/duosec.nix
View file

@ -7,7 +7,7 @@ let
boolToStr = b: if b then "yes" else "no"; boolToStr = b: if b then "yes" else "no";
configFile = '' configFilePam = ''
[duo] [duo]
ikey=${cfg.ikey} ikey=${cfg.ikey}
skey=${cfg.skey} skey=${cfg.skey}
@ -16,21 +16,24 @@ let
failmode=${cfg.failmode} failmode=${cfg.failmode}
pushinfo=${boolToStr cfg.pushinfo} pushinfo=${boolToStr cfg.pushinfo}
autopush=${boolToStr cfg.autopush} autopush=${boolToStr cfg.autopush}
motd=${boolToStr cfg.motd}
prompts=${toString cfg.prompts} prompts=${toString cfg.prompts}
accept_env_factor=${boolToStr cfg.acceptEnvFactor}
fallback_local_ip=${boolToStr cfg.fallbackLocalIP} fallback_local_ip=${boolToStr cfg.fallbackLocalIP}
''; '';
configFileLogin = configFilePam + ''
motd=${boolToStr cfg.motd}
accept_env_factor=${boolToStr cfg.acceptEnvFactor}
'';
loginCfgFile = optional cfg.ssh.enable loginCfgFile = optional cfg.ssh.enable
{ source = pkgs.writeText "login_duo.conf" configFile; { source = pkgs.writeText "login_duo.conf" configFileLogin;
mode = "0600"; mode = "0600";
user = "sshd"; user = "sshd";
target = "duo/login_duo.conf"; target = "duo/login_duo.conf";
}; };
pamCfgFile = optional cfg.pam.enable pamCfgFile = optional cfg.pam.enable
{ source = pkgs.writeText "pam_duo.conf" configFile; { source = pkgs.writeText "pam_duo.conf" configFilePam;
mode = "0600"; mode = "0600";
user = "sshd"; user = "sshd";
target = "duo/pam_duo.conf"; target = "duo/pam_duo.conf";