about summary refs log tree commit diff
path: root/nixos/modules/security
diff options
context:
space:
mode:
authorScott Dier <scott@dier.name>2019-02-13 01:39:22 +0000
committerScott Dier <scott@dier.name>2019-02-24 22:49:01 +0000
commita3273e85e3dda63cde87f46896525a595b468d71 (patch)
tree7a28bead033da38dfd03cda075fcdb79cff1687e /nixos/modules/security
parent4e9ac79ef53a2da40a3a30c956925d25061d5cd0 (diff)
nixos/security: Fix pam configuration file generation.
Diffstat (limited to 'nixos/modules/security')
-rw-r--r--nixos/modules/security/duosec.nix13


1 files changed, 8 insertions, 5 deletions
diff --git a/nixos/modules/security/duosec.nix b/nixos/modules/security/duosec.nix
index 630a10282719b..14bf118f2d843 100644
--- a/nixos/modules/security/duosec.nix
+++ b/nixos/modules/security/duosec.nix
@@ -7,7 +7,7 @@ let
 
   boolToStr = b: if b then "yes" else "no";
 
-  configFile = ''
+  configFilePam = ''
     [duo]
     ikey=${cfg.ikey}
     skey=${cfg.skey}
@@ -16,21 +16,24 @@ let
     failmode=${cfg.failmode}
     pushinfo=${boolToStr cfg.pushinfo}
     autopush=${boolToStr cfg.autopush}
-    motd=${boolToStr cfg.motd}
     prompts=${toString cfg.prompts}
-    accept_env_factor=${boolToStr cfg.acceptEnvFactor}
     fallback_local_ip=${boolToStr cfg.fallbackLocalIP}
   '';
 
+  configFileLogin = configFilePam + ''
+    motd=${boolToStr cfg.motd}
+    accept_env_factor=${boolToStr cfg.acceptEnvFactor}
+  '';
+
   loginCfgFile = optional cfg.ssh.enable
-    { source = pkgs.writeText "login_duo.conf" configFile;
+    { source = pkgs.writeText "login_duo.conf" configFileLogin;
       mode   = "0600";
       user   = "sshd";
       target = "duo/login_duo.conf";
     };
 
   pamCfgFile = optional cfg.pam.enable
-    { source = pkgs.writeText "pam_duo.conf" configFile;
+    { source = pkgs.writeText "pam_duo.conf" configFilePam;
       mode   = "0600";
       user   = "sshd";
       target = "duo/pam_duo.conf";

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-21 03:09:48 +0000