movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-12 04:35:41 +03:00
Code Issues Projects Releases Packages Wiki Activity

nixos/duosec: fix indentation

Browse source
This commit is contained in:
Aaron Andersen 2020-01-30 21:15:56 -05:00
parent 0b08c636f2
commit 4f9cea70bd
1 changed files with 14 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

28
nixos/modules/security/duosec.nix
View file

@ -195,21 +195,21 @@ in
}; };
config = mkIf (cfg.ssh.enable || cfg.pam.enable) { config = mkIf (cfg.ssh.enable || cfg.pam.enable) {
environment.systemPackages = [ pkgs.duo-unix ]; environment.systemPackages = [ pkgs.duo-unix ];
security.wrappers.login_duo.source = "${pkgs.duo-unix.out}/bin/login_duo"; security.wrappers.login_duo.source = "${pkgs.duo-unix.out}/bin/login_duo";
environment.etc = loginCfgFile // pamCfgFile; environment.etc = loginCfgFile // pamCfgFile;
/* If PAM *and* SSH are enabled, then don't do anything special. /* If PAM *and* SSH are enabled, then don't do anything special.
If PAM isn't used, set the default SSH-only options. */ If PAM isn't used, set the default SSH-only options. */
services.openssh.extraConfig = mkIf (cfg.ssh.enable || cfg.pam.enable) ( services.openssh.extraConfig = mkIf (cfg.ssh.enable || cfg.pam.enable) (
if cfg.pam.enable then "UseDNS no" else '' if cfg.pam.enable then "UseDNS no" else ''
# Duo Security configuration # Duo Security configuration
ForceCommand ${config.security.wrapperDir}/login_duo ForceCommand ${config.security.wrapperDir}/login_duo
PermitTunnel no PermitTunnel no
${optionalString (!cfg.allowTcpForwarding) '' ${optionalString (!cfg.allowTcpForwarding) ''
AllowTcpForwarding no AllowTcpForwarding no
''} ''}
''); '');
}; };
} }