diff options
author | Aaron Andersen <aaron@fosslib.net> | 2020-01-30 21:15:56 -0500 |
---|---|---|
committer | Aaron Andersen <aaron@fosslib.net> | 2020-03-21 10:34:12 -0400 |
commit | 4f9cea70bd75b812ccd7edc4e23e95da08eb3d9b (patch) | |
tree | 578e69830455bcd4c162bacd02fe407526a452bb /nixos/modules/security/duosec.nix | |
parent | 0b08c636f2baddd4ab40af47916ed1099c13b8bb (diff) | |
download | nixpkgs-4f9cea70bd75b812ccd7edc4e23e95da08eb3d9b.tar nixpkgs-4f9cea70bd75b812ccd7edc4e23e95da08eb3d9b.tar.gz nixpkgs-4f9cea70bd75b812ccd7edc4e23e95da08eb3d9b.tar.bz2 nixpkgs-4f9cea70bd75b812ccd7edc4e23e95da08eb3d9b.tar.lz nixpkgs-4f9cea70bd75b812ccd7edc4e23e95da08eb3d9b.tar.xz nixpkgs-4f9cea70bd75b812ccd7edc4e23e95da08eb3d9b.tar.zst nixpkgs-4f9cea70bd75b812ccd7edc4e23e95da08eb3d9b.zip |
nixos/duosec: fix indentation
Diffstat (limited to 'nixos/modules/security/duosec.nix')
-rw-r--r-- | nixos/modules/security/duosec.nix | 32 |
1 files changed, 16 insertions, 16 deletions
diff --git a/nixos/modules/security/duosec.nix b/nixos/modules/security/duosec.nix index c686a6861d0..2d5596738ce 100644 --- a/nixos/modules/security/duosec.nix +++ b/nixos/modules/security/duosec.nix @@ -195,21 +195,21 @@ in }; config = mkIf (cfg.ssh.enable || cfg.pam.enable) { - environment.systemPackages = [ pkgs.duo-unix ]; - - security.wrappers.login_duo.source = "${pkgs.duo-unix.out}/bin/login_duo"; - environment.etc = loginCfgFile // pamCfgFile; - - /* If PAM *and* SSH are enabled, then don't do anything special. - If PAM isn't used, set the default SSH-only options. */ - services.openssh.extraConfig = mkIf (cfg.ssh.enable || cfg.pam.enable) ( - if cfg.pam.enable then "UseDNS no" else '' - # Duo Security configuration - ForceCommand ${config.security.wrapperDir}/login_duo - PermitTunnel no - ${optionalString (!cfg.allowTcpForwarding) '' - AllowTcpForwarding no - ''} - ''); + environment.systemPackages = [ pkgs.duo-unix ]; + + security.wrappers.login_duo.source = "${pkgs.duo-unix.out}/bin/login_duo"; + environment.etc = loginCfgFile // pamCfgFile; + + /* If PAM *and* SSH are enabled, then don't do anything special. + If PAM isn't used, set the default SSH-only options. */ + services.openssh.extraConfig = mkIf (cfg.ssh.enable || cfg.pam.enable) ( + if cfg.pam.enable then "UseDNS no" else '' + # Duo Security configuration + ForceCommand ${config.security.wrapperDir}/login_duo + PermitTunnel no + ${optionalString (!cfg.allowTcpForwarding) '' + AllowTcpForwarding no + ''} + ''); }; } |