Loading nixos/modules/programs/i3lock.nix +2 −2 Original line number Diff line number Diff line Loading @@ -32,7 +32,7 @@ in description = '' Whether to enable U2F support in the i3lock program. U2F enables authentication using a hardware device, such as a security key. When U2F support is enabled, the i3lock program will set the setuid bit on the i3lock binary and enable the pam u2fAuth service, When U2F support is enabled, the i3lock program will set the setuid bit on the i3lock binary and enable the pam u2f service, ''; }; }; Loading @@ -51,7 +51,7 @@ in source = "${cfg.package.out}/bin/i3lock"; }; security.pam.services.i3lock.u2fAuth = cfg.u2fSupport; security.pam.services.i3lock.u2f.enable = cfg.u2fSupport; }; Loading nixos/modules/security/pam.nix +36 −13 Original line number Diff line number Diff line Loading @@ -135,6 +135,7 @@ let imports = [ (lib.mkRenamedOptionModule [ "enableKwallet" ] [ "kwallet" "enable" ]) (lib.mkRenamedOptionModule [ "u2fAuth" ] [ "u2f" "enable" ]) ]; options = { Loading Loading @@ -202,7 +203,8 @@ let ''; }; u2fAuth = lib.mkOption { u2f = { enable = lib.mkOption { default = config.security.pam.u2f.enable; defaultText = lib.literalExpression "config.security.pam.u2f.enable"; type = lib.types.bool; Loading @@ -215,6 +217,27 @@ let ''; }; control = lib.mkOption { default = config.security.pam.u2f.control; defaultText = lib.literalExpression "config.security.pam.u2f.control"; type = lib.types.enum [ "required" "requisite" "sufficient" "optional" ]; description = '' This option sets pam "control". If you want to have multi factor authentication, use "required". If you want to use U2F device instead of regular password, use "sufficient". Read {manpage}`pam.conf(5)` for better understanding of this option. ''; }; }; usshAuth = lib.mkOption { default = false; type = lib.types.bool; Loading Loading @@ -1045,8 +1068,8 @@ let in { name = "u2f"; enable = cfg.u2fAuth; control = u2f.control; enable = cfg.u2f.enable; control = cfg.u2f.control; modulePath = "${pkgs.pam_u2f}/lib/security/pam_u2f.so"; inherit (u2f) settings; } Loading Loading
nixos/modules/programs/i3lock.nix +2 −2 Original line number Diff line number Diff line Loading @@ -32,7 +32,7 @@ in description = '' Whether to enable U2F support in the i3lock program. U2F enables authentication using a hardware device, such as a security key. When U2F support is enabled, the i3lock program will set the setuid bit on the i3lock binary and enable the pam u2fAuth service, When U2F support is enabled, the i3lock program will set the setuid bit on the i3lock binary and enable the pam u2f service, ''; }; }; Loading @@ -51,7 +51,7 @@ in source = "${cfg.package.out}/bin/i3lock"; }; security.pam.services.i3lock.u2fAuth = cfg.u2fSupport; security.pam.services.i3lock.u2f.enable = cfg.u2fSupport; }; Loading
nixos/modules/security/pam.nix +36 −13 Original line number Diff line number Diff line Loading @@ -135,6 +135,7 @@ let imports = [ (lib.mkRenamedOptionModule [ "enableKwallet" ] [ "kwallet" "enable" ]) (lib.mkRenamedOptionModule [ "u2fAuth" ] [ "u2f" "enable" ]) ]; options = { Loading Loading @@ -202,7 +203,8 @@ let ''; }; u2fAuth = lib.mkOption { u2f = { enable = lib.mkOption { default = config.security.pam.u2f.enable; defaultText = lib.literalExpression "config.security.pam.u2f.enable"; type = lib.types.bool; Loading @@ -215,6 +217,27 @@ let ''; }; control = lib.mkOption { default = config.security.pam.u2f.control; defaultText = lib.literalExpression "config.security.pam.u2f.control"; type = lib.types.enum [ "required" "requisite" "sufficient" "optional" ]; description = '' This option sets pam "control". If you want to have multi factor authentication, use "required". If you want to use U2F device instead of regular password, use "sufficient". Read {manpage}`pam.conf(5)` for better understanding of this option. ''; }; }; usshAuth = lib.mkOption { default = false; type = lib.types.bool; Loading Loading @@ -1045,8 +1068,8 @@ let in { name = "u2f"; enable = cfg.u2fAuth; control = u2f.control; enable = cfg.u2f.enable; control = cfg.u2f.control; modulePath = "${pkgs.pam_u2f}/lib/security/pam_u2f.so"; inherit (u2f) settings; } Loading
