nixos/pam: add option failDelay
Co-authored-by: Bobby Rong <rjl931189261@126.com>
This commit is contained in:
parent
1c64f29ee9
commit
ab0ae8f5e1
1 changed files with 22 additions and 0 deletions
|
@ -383,6 +383,24 @@ let
|
|||
'';
|
||||
};
|
||||
|
||||
failDelay = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = lib.mdDoc ''
|
||||
If enabled, this will replace the `FAIL_DELAY` setting from `login.defs`.
|
||||
Change the delay on failure per-application.
|
||||
'';
|
||||
};
|
||||
|
||||
delay = mkOption {
|
||||
default = 3000000;
|
||||
type = types.int;
|
||||
example = 1000000;
|
||||
description = lib.mdDoc "The delay time (in microseconds) on failure.";
|
||||
};
|
||||
};
|
||||
|
||||
gnupg = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
|
@ -513,6 +531,7 @@ let
|
|||
|| cfg.enableGnomeKeyring
|
||||
|| cfg.googleAuthenticator.enable
|
||||
|| cfg.gnupg.enable
|
||||
|| cfg.failDelay.enable
|
||||
|| cfg.duoSecurity.enable))
|
||||
(
|
||||
''
|
||||
|
@ -533,6 +552,9 @@ let
|
|||
optionalString cfg.gnupg.enable ''
|
||||
auth optional ${pkgs.pam_gnupg}/lib/security/pam_gnupg.so ${optionalString cfg.gnupg.storeOnly " store-only"}
|
||||
'' +
|
||||
optionalString cfg.failDelay.enable ''
|
||||
auth optional ${pkgs.pam}/lib/security/pam_faildelay.so delay=${toString cfg.failDelay.delay}
|
||||
'' +
|
||||
optionalString cfg.googleAuthenticator.enable ''
|
||||
auth required ${pkgs.google-authenticator}/lib/security/pam_google_authenticator.so no_increment_hotp
|
||||
'' +
|
||||
|
|
Loading…
Reference in a new issue