Merge pull request #78902 from aanderse/duo-unix

nixos/duosec: fix configuration issue with "groups" option
This commit is contained in:
Aaron Andersen 2020-01-31 14:19:54 -05:00 committed by GitHub
commit bf348f07d7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -12,7 +12,7 @@ let
ikey=${cfg.ikey}
skey=${cfg.skey}
host=${cfg.host}
${optionalString (cfg.group != "") ("group="+cfg.group)}
${optionalString (cfg.groups != "") ("groups="+cfg.groups)}
failmode=${cfg.failmode}
pushinfo=${boolToStr cfg.pushinfo}
autopush=${boolToStr cfg.autopush}
@ -42,6 +42,10 @@ let
};
in
{
imports = [
(mkRenamedOptionModule [ "security" "duosec" "group" ] [ "security" "duosec" "groups" ])
];
options = {
security.duosec = {
ssh.enable = mkOption {
@ -71,10 +75,16 @@ in
description = "Duo API hostname.";
};
group = mkOption {
groups = mkOption {
type = types.str;
default = "";
description = "Use Duo authentication for users only in this group.";
example = "users,!wheel,!*admin guests";
description = ''
If specified, Duo authentication is required only for users
whose primary group or supplementary group list matches one
of the space-separated pattern lists. Refer to
<link xlink:href="https://duo.com/docs/duounix"/> for details.
'';
};
failmode = mkOption {