2017-01-16 23:54:45 +01:00
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
|
|
|
|
with lib;
|
|
|
|
|
|
|
|
let
|
|
|
|
|
2021-11-22 12:10:11 +01:00
|
|
|
cfg = config.pam;
|
2018-01-04 16:11:23 +01:00
|
|
|
|
2020-02-02 00:39:17 +01:00
|
|
|
in {
|
2021-11-22 12:10:11 +01:00
|
|
|
meta.maintainers = with maintainers; [ rycee veehaitch ];
|
2017-09-26 23:40:31 +02:00
|
|
|
|
2018-01-04 16:11:23 +01:00
|
|
|
options = {
|
|
|
|
pam.sessionVariables = mkOption {
|
2020-02-02 00:39:17 +01:00
|
|
|
default = { };
|
2019-04-27 00:21:18 +02:00
|
|
|
type = types.attrs;
|
2018-01-04 16:11:23 +01:00
|
|
|
example = { EDITOR = "vim"; };
|
|
|
|
description = ''
|
|
|
|
Environment variables that will be set for the PAM session.
|
|
|
|
The variable values must be as described in
|
|
|
|
<citerefentry>
|
|
|
|
<refentrytitle>pam_env.conf</refentrytitle>
|
|
|
|
<manvolnum>5</manvolnum>
|
|
|
|
</citerefentry>.
|
2020-12-31 14:29:35 +01:00
|
|
|
</para><para>
|
|
|
|
Note, this option will become deprecated in the future and its use is
|
|
|
|
therefore discouraged.
|
2018-01-04 16:11:23 +01:00
|
|
|
'';
|
|
|
|
};
|
2017-01-16 23:54:45 +01:00
|
|
|
|
2021-11-22 12:10:11 +01:00
|
|
|
pam.yubico.authorizedYubiKeys = {
|
|
|
|
ids = mkOption {
|
|
|
|
type = with types;
|
|
|
|
let
|
|
|
|
yubiKeyId = addCheck str (s: stringLength s == 12) // {
|
|
|
|
name = "yubiKeyId";
|
|
|
|
description = "string of length 12";
|
|
|
|
};
|
|
|
|
in listOf yubiKeyId;
|
|
|
|
default = [ ];
|
|
|
|
description = ''
|
|
|
|
List of authorized YubiKey token IDs. Refer to
|
|
|
|
<link xlink:href="https://developers.yubico.com/yubico-pam"/>
|
|
|
|
for details on how to obtain the token ID of a YubiKey.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
path = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
default = ".yubico/authorized_yubikeys";
|
|
|
|
description = ''
|
|
|
|
File path to write the authorized YubiKeys,
|
|
|
|
relative to <envar>HOME</envar>.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
2017-01-16 23:54:45 +01:00
|
|
|
};
|
2021-11-22 12:10:11 +01:00
|
|
|
|
|
|
|
config = mkMerge [
|
|
|
|
(mkIf (cfg.sessionVariables != { }) {
|
|
|
|
home.file.".pam_environment".text = concatStringsSep "\n"
|
|
|
|
(mapAttrsToList (n: v: ''${n} OVERRIDE="${toString v}"'')
|
|
|
|
cfg.sessionVariables) + "\n";
|
|
|
|
})
|
|
|
|
|
|
|
|
(mkIf (cfg.yubico.authorizedYubiKeys.ids != [ ]) {
|
|
|
|
home.file.${cfg.yubico.authorizedYubiKeys.path}.text =
|
|
|
|
concatStringsSep ":"
|
|
|
|
([ config.home.username ] ++ cfg.yubico.authorizedYubiKeys.ids);
|
|
|
|
})
|
|
|
|
];
|
2017-01-16 23:54:45 +01:00
|
|
|
}
|