diff options
author | Scott Dier <scott@dier.name> | 2019-02-13 01:39:22 +0000 |
---|---|---|
committer | Scott Dier <scott@dier.name> | 2019-02-24 22:49:01 +0000 |
commit | a3273e85e3dda63cde87f46896525a595b468d71 (patch) | |
tree | 7a28bead033da38dfd03cda075fcdb79cff1687e /nixos/modules/security | |
parent | 4e9ac79ef53a2da40a3a30c956925d25061d5cd0 (diff) |
nixos/security: Fix pam configuration file generation.
Diffstat (limited to 'nixos/modules/security')
-rw-r--r-- | nixos/modules/security/duosec.nix | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/nixos/modules/security/duosec.nix b/nixos/modules/security/duosec.nix index 630a10282719b..14bf118f2d843 100644 --- a/nixos/modules/security/duosec.nix +++ b/nixos/modules/security/duosec.nix @@ -7,7 +7,7 @@ let boolToStr = b: if b then "yes" else "no"; - configFile = '' + configFilePam = '' [duo] ikey=${cfg.ikey} skey=${cfg.skey} @@ -16,21 +16,24 @@ let failmode=${cfg.failmode} pushinfo=${boolToStr cfg.pushinfo} autopush=${boolToStr cfg.autopush} - motd=${boolToStr cfg.motd} prompts=${toString cfg.prompts} - accept_env_factor=${boolToStr cfg.acceptEnvFactor} fallback_local_ip=${boolToStr cfg.fallbackLocalIP} ''; + configFileLogin = configFilePam + '' + motd=${boolToStr cfg.motd} + accept_env_factor=${boolToStr cfg.acceptEnvFactor} + ''; + loginCfgFile = optional cfg.ssh.enable - { source = pkgs.writeText "login_duo.conf" configFile; + { source = pkgs.writeText "login_duo.conf" configFileLogin; mode = "0600"; user = "sshd"; target = "duo/login_duo.conf"; }; pamCfgFile = optional cfg.pam.enable - { source = pkgs.writeText "pam_duo.conf" configFile; + { source = pkgs.writeText "pam_duo.conf" configFilePam; mode = "0600"; user = "sshd"; target = "duo/pam_duo.conf"; |