about summary refs log tree commit diff
path: root/nixos/modules/security/pam.nix
AgeCommit message (Collapse)AuthorFilesLines
2023-11-25nixos/sudo-rs: Move support for `pam_ssh_agent_auth(8)` to PAM's NixOS modulenicoo1-5/+8
Similar to delroth's suggestion in #262790.
2023-11-08nixos/sudo: Move support for `pam_ssh_agent_auth(8)` to PAM's NixOS modulenicoo1-1/+5
2023-10-10nixos/pam: add maintainerMajiir Paktu1-0/+2
2023-10-10nixos/pam: generate apparmor includes from rulesMajiir Paktu1-85/+13
Removes redundant config from the module. Fixes a bug where some modules (e.g. ussh) were added to apparmor even though they had no rules enabled.
2023-10-10nixos/pam: add order comment to each rule lineMajiir Paktu1-0/+1
2023-10-10nixos/pam: convert rules to attrs, add order fieldMajiir Paktu1-7/+43
Makes it possible to override properties of a rule by name. Introduces an 'order' field that can be overridden to change the sequence of rules. For now, the order value for each built-in rule is derived from its place in the hardcoded list of rules.
2023-10-10nixos/pam: remove empty text fieldsMajiir Paktu1-177/+85
2023-10-10nixos/pam: add settings option for common argument stylesMajiir Paktu1-163/+176
Adds easily overrideable settings for the most common PAM argument styles. These are: - Flag (e.g. "use_first_pass"): rendered for true boolean values. false values are ignored. - Key-value (e.g. "action=validate"): rendered for non-null, non-boolean values. Most PAM arguments can be configured this way. Others can still be configured with the 'args' option.
2023-10-09nixos/pam: extract args fieldMajiir Paktu1-97/+190
Module arguments have common escaping rules for all PAMs.
2023-10-09nixos/pam: extract modulePath fieldMajiir Paktu1-174/+144
2023-10-09nixos/pam: extract control fieldMajiir Paktu1-172/+178
2023-10-09nixos/pam: give each rule a nameMajiir Paktu1-85/+91
These names are internal identifiers. They will be used as keys so that users can reconfigure rules by merging a rule config with the same name. The name is arbitrary. The built-in rules are named after the PAM where practical.
2023-10-09nixos/pam: define rules as submodulesMajiir Paktu1-183/+205
Allows us to decompose rules into multiple fields that we later format as textual rules. Eventually allows users to override individual fields.
2023-10-09nixos/pam: automatically populate rule typeMajiir Paktu1-86/+88
Eliminates a redundancy between the 'rules' suboptions and the type specified in each rule. We eventually want to give each rule a name so that we can merge config overrides. The PAM name is a natural choice for rule name, but a PAM is often used in multiple rule types. Organizing rules by type and rule name avoids name collisions.
2023-10-09nixos/pam: extract header commentsMajiir Paktu1-182/+227
Unblocks converting the rules from one big string to a rich data structure.
2023-09-24nixos/pam: split rule lists into individual rulesMajiir Paktu1-0/+10
2023-09-24nixos/pam: clean up rulesMajiir Paktu1-22/+16
Makes the rules more uniform in structure and style. This makes it easier to automate subsequent commits. No behavior changes.
2023-09-11nixos/pam: fix typo in fscrypt enable optionmib1-1/+1
mkEnableOption prepends "Whether to enable" to text, so this became "Whether to enable Enables fscrypt ..."
2023-08-10security/pam: add umask option to configure pam_mkhomedirAaron Andersen1-1/+11
2023-08-08treewide: stop using types.stringLin Jian1-1/+1
It is an error[1] now. [1]: https://github.com/NixOS/nixpkgs/pull/247848
2023-07-09pam_dp9ik: init at 1.5Jacob Moody1-0/+29
2023-06-11nixos/pam: support KanidmMax1-0/+16
2023-05-15nixos/pam: fix ZFS support assertionRaito Bezarius1-1/+1
It was always complaining even if you didn't enable PAM ZFS.
2023-05-15nixos/pam: assert ZFS support for PAM moduleNicola Squartini1-0/+6
2023-05-15nixos/pam: improve documentation of ZFS moduleNicola Squartini1-3/+3
2023-05-15nixos/pam: enable unlocking ZFS home datasetNicola Squartini1-2/+53
2023-05-09pam: remove unused try_first_passs13411-1/+1
2023-05-09nixos/pam: allow changing password using sssds13411-1/+1
2023-03-16Merge master into staging-nextgithub-actions[bot]1-2/+2
2023-03-13treewide: Make yescrypt the default algorithm for pam_unix.soMartin Weinelt1-1/+1
This ensures `passwd` will default to yescrypt for newly generated passwords.
2023-03-06treewide: deprecate isNullFelix Buehler1-2/+2
https://nixos.org/manual/nix/stable/language/builtins.html#builtins-isNull
2022-12-23Merge pull request #205121 from alaviss/homedFlorian Klink1-3/+24
nixos: systemd-homed support
2022-12-17nixos: fix typosfigsoda1-2/+2
2022-12-15nixos/pam: allow backing the motd with a fileMarkus Napierkowski1-2/+18
2022-12-09nixos: add systemd-homed supportLeorize1-3/+24
As a start, it's not very configurable, but works pretty well.
2022-11-14Merge pull request #199587 from lorenz/fscryptFranz Pletz1-0/+30
nixos/pam: support fscrypt login protectors
2022-11-11nixos/pam: support fscrypt login protectorsLorenz Brun1-0/+30
fscrypt can automatically unlock directories with the user's login password. To do this it ships a PAM module which reads the user's password and loads the respective keys into the user's kernel keyring. Significant inspiration was taken from the ecryptfs implementation.
2022-11-07Merge pull request #186628 from ocfox/pam_faildelayBobby Rong1-0/+22
nixos/pam: add option failDelay
2022-11-07nixos/pam: add option failDelayocfox1-0/+22
Co-authored-by: Bobby Rong <rjl931189261@126.com>
2022-10-22nixos/pam: fix pam_tty_audit configTobias Stenzel1-6/+6
Escape the line breaks to render a valid config. Module arguments have to be at the same line or line endings have to be escaped with a backslash.
2022-09-25nixos/pam: fix deprecated gnome3 referenceFabián Heredia Montiel1-1/+1
2022-08-31nixos/*: automatically convert option descriptionspennae1-9/+9
conversions were done using https://github.com/pennae/nix-doc-munge using (probably) rev f34e145 running nix-doc-munge nixos/**/*.nix nix-doc-munge --import nixos/**/*.nix the tool ensures that only changes that could affect the generated manual *but don't* are committed, other changes require manual review and are discarded.
2022-08-21Merge pull request #173495 from wucke13/pam-fixLassulus1-2/+2
2022-08-19nixos/*: automatically convert option docspennae1-3/+3
2022-08-19nixos/*: use properly indented strings for option docspennae1-12/+12
using regular strings works well for docbook because docbook is not as whitespace-sensitive as markdown. markdown would render all of these as code blocks when given the chance.
2022-08-19nixos/* eliminate inner whitespace in tags that was missed earlierpennae1-2/+1
nix-doc-munge won't match tags that contain newlines anywhere. most of these have already been removed, but a few obviously made it through.
2022-08-16Merge pull request #183717 from NetaliDev/mysql-authMaximilian Bosch1-1/+29
nixos: add mysql/mariadb user authentication module
2022-08-06nixos/*: automatically convert option docspennae1-8/+8
2022-08-06nixos/pam: move pam_unix to the end of the account chainNetali1-1/+4
2022-08-06nixos: add mysql/mariadb user authenticationNetali1-0/+25
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-31 08:02:27 +0000