diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2013-10-15 14:47:51 +0200 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2013-10-15 14:47:51 +0200 |
commit | a2c820c6786ef8275213838ad0bdd77b970a4168 (patch) | |
tree | ca4a67b5220aa069aef67a7948f7e151933db9a9 /nixos/modules/programs/shadow.nix | |
parent | 3f2c0bf9bde96260276fe487e2f85b1858d61c47 (diff) |
Turn security.pam.services into an attribute set
That is, you can say security.pam.services.sshd = { options... }; instead of security.pam.services = [ { name = "sshd"; options... } ]; making it easier to override PAM settings from other modules.
Diffstat (limited to 'nixos/modules/programs/shadow.nix')
-rw-r--r-- | nixos/modules/programs/shadow.nix | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/nixos/modules/programs/shadow.nix b/nixos/modules/programs/shadow.nix index 695c0b6620f7b..36c915f755f0c 100644 --- a/nixos/modules/programs/shadow.nix +++ b/nixos/modules/programs/shadow.nix @@ -79,22 +79,22 @@ in ]; security.pam.services = - [ { name = "chsh"; rootOK = true; } - { name = "chfn"; rootOK = true; } - { name = "su"; rootOK = true; forwardXAuth = true; } - { name = "passwd"; } + { chsh = { rootOK = true; }; + chfn = { rootOK = true; }; + su = { rootOK = true; forwardXAuth = true; }; + passwd = {}; # Note: useradd, groupadd etc. aren't setuid root, so it # doesn't really matter what the PAM config says as long as it # lets root in. - { name = "useradd"; rootOK = true; } - { name = "usermod"; rootOK = true; } - { name = "userdel"; rootOK = true; } - { name = "groupadd"; rootOK = true; } - { name = "groupmod"; rootOK = true; } - { name = "groupmems"; rootOK = true; } - { name = "groupdel"; rootOK = true; } - { name = "login"; startSession = true; allowNullPassword = true; showMotd = true; updateWtmp = true; } - ]; + useradd = { rootOK = true; }; + usermod = { rootOK = true; }; + userdel = { rootOK = true; }; + groupadd = { rootOK = true; }; + groupmod = { rootOK = true; }; + groupmems = { rootOK = true; }; + groupdel = { rootOK = true; }; + login = { startSession = true; allowNullPassword = true; showMotd = true; updateWtmp = true; }; + }; security.setuidPrograms = [ "passwd" "chfn" "su" "newgrp" ]; |