diff options
| author | Nikolay Amiantov <ab@fmap.me> | 2021-03-18 20:02:07 +0300 |
|---|---|---|
| committer | Nikolay Amiantov <ab@fmap.me> | 2022-02-05 23:33:10 +0300 |
| commit | 524aecf61e11663a3e841bee2e2b3a45a64ffdc2 (patch) | |
| tree | e92e82fd434c0754e29bc83dacd98cf1fc981df7 /nixos/modules/security/google_oslogin.nix | |
| parent | 077d0524ccfec44c00b469833ad7b5d8a984e7f6 (diff) | |
| download | nixpkgs-524aecf61e11663a3e841bee2e2b3a45a64ffdc2.tar nixpkgs-524aecf61e11663a3e841bee2e2b3a45a64ffdc2.tar.gz nixpkgs-524aecf61e11663a3e841bee2e2b3a45a64ffdc2.tar.bz2 nixpkgs-524aecf61e11663a3e841bee2e2b3a45a64ffdc2.tar.lz nixpkgs-524aecf61e11663a3e841bee2e2b3a45a64ffdc2.tar.xz nixpkgs-524aecf61e11663a3e841bee2e2b3a45a64ffdc2.tar.zst nixpkgs-524aecf61e11663a3e841bee2e2b3a45a64ffdc2.zip | |
google-compute-config: update config
Diffstat (limited to 'nixos/modules/security/google_oslogin.nix')
| -rw-r--r-- | nixos/modules/security/google_oslogin.nix | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/nixos/modules/security/google_oslogin.nix b/nixos/modules/security/google_oslogin.nix index c2889a0f0d1..cf416035ef6 100644 --- a/nixos/modules/security/google_oslogin.nix +++ b/nixos/modules/security/google_oslogin.nix @@ -5,7 +5,7 @@ with lib; let cfg = config.security.googleOsLogin; - package = pkgs.google-compute-engine-oslogin; + package = pkgs.google-guest-oslogin; in @@ -17,7 +17,7 @@ in type = types.bool; default = false; description = '' - Whether to enable Google OS Login + Whether to enable Google OS Login. The OS Login package enables the following components: AuthorizedKeysCommand to query valid SSH keys from the user's OS Login @@ -36,7 +36,7 @@ in security.pam.services.sshd = { makeHomeDir = true; googleOsLoginAccountVerification = true; - # disabled for now: googleOsLoginAuthentication = true; + googleOsLoginAuthentication = true; }; security.sudo.extraConfig = '' @@ -47,6 +47,9 @@ in "d /var/google-users.d 750 root root -" ]; + systemd.packages = [ package ]; + systemd.timers.google-oslogin-cache.wantedBy = [ "timers.target" ]; + # enable the nss module, so user lookups etc. work system.nssModules = [ package ]; system.nssDatabases.passwd = [ "cache_oslogin" "oslogin" ]; |