nixos/pam: fix pam_tty_audit config

Escape the line breaks to render a valid config. Module arguments have to be at the same line or line endings have to be escaped with a backslash.
2025-06-13 05:05:29 +03:00 · 2022-10-22 23:20:09 +02:00 · 2022-10-22 23:20:09 +02:00 · 8111e4f113
commit 8111e4f113
parent 301aada7a6
1 changed files with 6 additions and 6 deletions
--- a/nixos/modules/security/pam.nix
+++ b/nixos/modules/security/pam.nix
@ -615,12 +615,12 @@ let
          optionalString cfg.setLoginUid ''
            session ${if config.boot.isContainer then "optional" else "required"} pam_loginuid.so
          '' +
-          optionalString cfg.ttyAudit.enable ''
+          optionalString cfg.ttyAudit.enable (concatStringsSep " \\\n  " ([
-            session required ${pkgs.pam}/lib/security/pam_tty_audit.so
+            "session required ${pkgs.pam}/lib/security/pam_tty_audit.so"
-                open_only=${toString cfg.ttyAudit.openOnly}
+          ] ++ optional cfg.ttyAudit.openOnly "open_only"
-                ${optionalString (cfg.ttyAudit.enablePattern != null) "enable=${cfg.ttyAudit.enablePattern}"}
+          ++ optional (cfg.ttyAudit.enablePattern != null) "enable=${cfg.ttyAudit.enablePattern}"
-                ${optionalString (cfg.ttyAudit.disablePattern != null) "disable=${cfg.ttyAudit.disablePattern}"}
+          ++ optional (cfg.ttyAudit.disablePattern != null) "disable=${cfg.ttyAudit.disablePattern}"
-          '' +
+          )) +
          optionalString cfg.makeHomeDir ''
            session required ${pkgs.pam}/lib/security/pam_mkhomedir.so silent skel=${config.security.pam.makeHomeDir.skelDirectory} umask=0077
          '' +