diff options
author | nikstur <nikstur@outlook.com> | 2023-10-20 13:33:58 +0200 |
---|---|---|
committer | nikstur <nikstur@outlook.com> | 2023-10-26 01:51:07 +0200 |
commit | 47ff8d20d752b95befaa2ebb3f6bae4d3eb37a18 (patch) | |
tree | d29b80134b881115dcc9735900d675c31e2daf8b /nixos/modules/security/duosec.nix | |
parent | b16365b3938fc34bda35a55e133b174edd5abf65 (diff) | |
download | nixpkgs-47ff8d20d752b95befaa2ebb3f6bae4d3eb37a18.tar nixpkgs-47ff8d20d752b95befaa2ebb3f6bae4d3eb37a18.tar.gz nixpkgs-47ff8d20d752b95befaa2ebb3f6bae4d3eb37a18.tar.bz2 nixpkgs-47ff8d20d752b95befaa2ebb3f6bae4d3eb37a18.tar.lz nixpkgs-47ff8d20d752b95befaa2ebb3f6bae4d3eb37a18.tar.xz nixpkgs-47ff8d20d752b95befaa2ebb3f6bae4d3eb37a18.tar.zst nixpkgs-47ff8d20d752b95befaa2ebb3f6bae4d3eb37a18.zip |
nixos/duosec: replace activationScript
Replace with a separate systemd service.
Diffstat (limited to 'nixos/modules/security/duosec.nix')
-rw-r--r-- | nixos/modules/security/duosec.nix | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/nixos/modules/security/duosec.nix b/nixos/modules/security/duosec.nix index 02b11766b3c..2a855a77e3a 100644 --- a/nixos/modules/security/duosec.nix +++ b/nixos/modules/security/duosec.nix @@ -193,8 +193,11 @@ in source = "${pkgs.duo-unix.out}/bin/login_duo"; }; - system.activationScripts = { - login_duo = mkIf cfg.ssh.enable '' + systemd.services.login-duo = lib.mkIf cfg.ssh.enable { + wantedBy = [ "sysinit.target" ]; + before = [ "sysinit.target" ]; + unitConfig.DefaultDependencies = false; + script = '' if test -f "${cfg.secretKeyFile}"; then mkdir -m 0755 -p /etc/duo @@ -209,7 +212,13 @@ in mv -fT "$conf" /etc/duo/login_duo.conf fi ''; - pam_duo = mkIf cfg.pam.enable '' + }; + + systemd.services.pam-duo = lib.mkIf cfg.ssh.enable { + wantedBy = [ "sysinit.target" ]; + before = [ "sysinit.target" ]; + unitConfig.DefaultDependencies = false; + script = '' if test -f "${cfg.secretKeyFile}"; then mkdir -m 0755 -p /etc/duo |