1
0
Fork 0
mirror of https://github.com/nix-community/home-manager synced 2025-01-12 20:19:50 +01:00
home-manager/modules/misc/pam.nix
Emily 9f9e277b60 treewide: remove now-redundant lib.mdDoc calls
These (and the `*MD` functions apart from `literalMD`) are now no-ops
in nixpkgs and serve no purpose other than to add additional noise and
potentially mislead people into thinking unmarked DocBook documentation
will still be accepted.

Note that if backporting changes including documentation to 23.05,
the `mdDoc` calls will need to be re-added.

To reproduce this commit, run:

    $ NIX_PATH=nixpkgs=flake:nixpkgs/e7e69199f0372364a6106a1e735f68604f4c5a25 \
      nix shell nixpkgs#coreutils \
      -c find . -name '*.nix' \
      -exec nix run -- github:emilazy/nix-doc-munge/98dadf1f77351c2ba5dcb709a2a171d655f15099 \
      --strip {} +
    $ ./format
2023-07-17 18:49:09 +01:00

68 lines
1.8 KiB
Nix

{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.pam;
in {
meta.maintainers = with maintainers; [ rycee veehaitch ];
options = {
pam.sessionVariables = mkOption {
default = { };
type = types.attrs;
example = { EDITOR = "vim"; };
description = ''
Environment variables that will be set for the PAM session.
The variable values must be as described in
{manpage}`pam_env.conf(5)`.
Note, this option will become deprecated in the future and its use is
therefore discouraged.
'';
};
pam.yubico.authorizedYubiKeys = {
ids = mkOption {
type = with types;
let
yubiKeyId = addCheck str (s: stringLength s == 12) // {
name = "yubiKeyId";
description = "string of length 12";
};
in listOf yubiKeyId;
default = [ ];
description = ''
List of authorized YubiKey token IDs. Refer to
<https://developers.yubico.com/yubico-pam>
for details on how to obtain the token ID of a YubiKey.
'';
};
path = mkOption {
type = types.str;
default = ".yubico/authorized_yubikeys";
description = ''
File path to write the authorized YubiKeys,
relative to {env}`HOME`.
'';
};
};
};
config = mkMerge [
(mkIf (cfg.sessionVariables != { }) {
home.file.".pam_environment".text = concatStringsSep "\n"
(mapAttrsToList (n: v: ''${n} OVERRIDE="${toString v}"'')
cfg.sessionVariables) + "\n";
})
(mkIf (cfg.yubico.authorizedYubiKeys.ids != [ ]) {
home.file.${cfg.yubico.authorizedYubiKeys.path}.text =
concatStringsSep ":"
([ config.home.username ] ++ cfg.yubico.authorizedYubiKeys.ids);
})
];
}