diff options
| author | Julien Moutinho <julm+nixpkgs@sourcephile.fr> | 2021-02-27 21:26:47 +0100 |
|---|---|---|
| committer | Julien Moutinho <julm+nixpkgs@sourcephile.fr> | 2021-04-23 07:20:19 +0200 |
| commit | 45e5d726b22db783731f0460870e9ab4f06bc5c4 (patch) | |
| tree | c13096f59afb2ff5428a232b84d20edae1d0c650 /nixos/modules/security/pam.nix | |
| parent | b280e64078d69c59cf4fccfcaa9d56a59d789dc9 (diff) | |
| download | nixpkgs-45e5d726b22db783731f0460870e9ab4f06bc5c4.tar nixpkgs-45e5d726b22db783731f0460870e9ab4f06bc5c4.tar.gz nixpkgs-45e5d726b22db783731f0460870e9ab4f06bc5c4.tar.bz2 nixpkgs-45e5d726b22db783731f0460870e9ab4f06bc5c4.tar.lz nixpkgs-45e5d726b22db783731f0460870e9ab4f06bc5c4.tar.xz nixpkgs-45e5d726b22db783731f0460870e9ab4f06bc5c4.tar.zst nixpkgs-45e5d726b22db783731f0460870e9ab4f06bc5c4.zip | |
nixos/apparmor: improve code readability
Diffstat (limited to 'nixos/modules/security/pam.nix')
| -rw-r--r-- | nixos/modules/security/pam.nix | 112 |
1 files changed, 66 insertions, 46 deletions
diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index 8216c03795a..1c49131d789 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -897,59 +897,79 @@ in security.apparmor.includes."abstractions/pam" = let isEnabled = test: fold or false (map test (attrValues config.security.pam.services)); - in '' - ${lib.concatMapStringsSep "\n" - (name: "r ${config.environment.etc."pam.d/${name}".source},") - (attrNames config.security.pam.services)} + in + lib.concatMapStringsSep "\n" + (name: "r ${config.environment.etc."pam.d/${name}".source},") + (attrNames config.security.pam.services) + + '' mr ${getLib pkgs.pam}/lib/security/pam_filter/*, mr ${getLib pkgs.pam}/lib/security/pam_*.so, r ${getLib pkgs.pam}/lib/security/, - ${optionalString use_ldap - "mr ${pam_ldap}/lib/security/pam_ldap.so,"} - ${optionalString config.services.sssd.enable - "mr ${pkgs.sssd}/lib/security/pam_sss.so,"} - ${optionalString config.krb5.enable '' + '' + + optionalString use_ldap '' + mr ${pam_ldap}/lib/security/pam_ldap.so, + '' + + optionalString config.services.sssd.enable '' + mr ${pkgs.sssd}/lib/security/pam_sss.so, + '' + + optionalString config.krb5.enable '' mr ${pam_krb5}/lib/security/pam_krb5.so, mr ${pam_ccreds}/lib/security/pam_ccreds.so, - ''} - ${optionalString (isEnabled (cfg: cfg.googleOsLoginAccountVerification)) '' + '' + + optionalString (isEnabled (cfg: cfg.googleOsLoginAccountVerification)) '' mr ${pkgs.google-compute-engine-oslogin}/lib/pam_oslogin_login.so, mr ${pkgs.google-compute-engine-oslogin}/lib/pam_oslogin_admin.so, - ''} - ${optionalString (isEnabled (cfg: cfg.googleOsLoginAuthentication)) - "mr ${pkgs.google-compute-engine-oslogin}/lib/pam_oslogin_login.so,"} - ${optionalString (config.security.pam.enableSSHAgentAuth && isEnabled (cfg: cfg.sshAgentAuth)) - "mr ${pkgs.pam_ssh_agent_auth}/libexec/pam_ssh_agent_auth.so,"} - ${optionalString (isEnabled (cfg: cfg.fprintAuth)) - "mr ${pkgs.fprintd}/lib/security/pam_fprintd.so,"} - ${optionalString (isEnabled (cfg: cfg.u2fAuth)) - "mr ${pkgs.pam_u2f}/lib/security/pam_u2f.so,"} - ${optionalString (isEnabled (cfg: cfg.usbAuth)) - "mr ${pkgs.pam_usb}/lib/security/pam_usb.so,"} - ${optionalString (isEnabled (cfg: cfg.oathAuth)) - "mr ${pkgs.oathToolkit}/lib/security/pam_oath.so,"} - ${optionalString (isEnabled (cfg: cfg.yubicoAuth)) - "mr ${pkgs.yubico-pam}/lib/security/pam_yubico.so,"} - ${optionalString (isEnabled (cfg: cfg.duoSecurity.enable)) - "mr ${pkgs.duo-unix}/lib/security/pam_duo.so,"} - ${optionalString (isEnabled (cfg: cfg.otpwAuth)) - "mr ${pkgs.otpw}/lib/security/pam_otpw.so,"} - ${optionalString config.security.pam.enableEcryptfs - "mr ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so,"} - ${optionalString (isEnabled (cfg: cfg.pamMount)) - "mr ${pkgs.pam_mount}/lib/security/pam_mount.so,"} - ${optionalString (isEnabled (cfg: cfg.enableGnomeKeyring)) - "mr ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so,"} - ${optionalString (isEnabled (cfg: cfg.startSession)) - "mr ${pkgs.systemd}/lib/security/pam_systemd.so,"} - ${optionalString (isEnabled (cfg: cfg.enableAppArmor) && config.security.apparmor.enable) - "mr ${pkgs.apparmor-pam}/lib/security/pam_apparmor.so,"} - ${optionalString (isEnabled (cfg: cfg.enableKwallet)) - "mr ${pkgs.plasma5.kwallet-pam}/lib/security/pam_kwallet5.so,"} - ${optionalString config.virtualisation.lxc.lxcfs.enable - "mr ${pkgs.lxc}/lib/security/pam_cgfs.so"} - ''; - + '' + + optionalString (isEnabled (cfg: cfg.googleOsLoginAuthentication)) '' + mr ${pkgs.google-compute-engine-oslogin}/lib/pam_oslogin_login.so, + '' + + optionalString (config.security.pam.enableSSHAgentAuth + && isEnabled (cfg: cfg.sshAgentAuth)) '' + mr ${pkgs.pam_ssh_agent_auth}/libexec/pam_ssh_agent_auth.so, + '' + + optionalString (isEnabled (cfg: cfg.fprintAuth)) '' + mr ${pkgs.fprintd}/lib/security/pam_fprintd.so, + '' + + optionalString (isEnabled (cfg: cfg.u2fAuth)) '' + mr ${pkgs.pam_u2f}/lib/security/pam_u2f.so, + '' + + optionalString (isEnabled (cfg: cfg.usbAuth)) '' + mr ${pkgs.pam_usb}/lib/security/pam_usb.so, + '' + + optionalString (isEnabled (cfg: cfg.oathAuth)) '' + "mr ${pkgs.oathToolkit}/lib/security/pam_oath.so, + '' + + optionalString (isEnabled (cfg: cfg.yubicoAuth)) '' + mr ${pkgs.yubico-pam}/lib/security/pam_yubico.so, + '' + + optionalString (isEnabled (cfg: cfg.duoSecurity.enable)) '' + mr ${pkgs.duo-unix}/lib/security/pam_duo.so, + '' + + optionalString (isEnabled (cfg: cfg.otpwAuth)) '' + mr ${pkgs.otpw}/lib/security/pam_otpw.so, + '' + + optionalString config.security.pam.enableEcryptfs '' + mr ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so, + '' + + optionalString (isEnabled (cfg: cfg.pamMount)) '' + mr ${pkgs.pam_mount}/lib/security/pam_mount.so, + '' + + optionalString (isEnabled (cfg: cfg.enableGnomeKeyring)) '' + mr ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so, + '' + + optionalString (isEnabled (cfg: cfg.startSession)) '' + mr ${pkgs.systemd}/lib/security/pam_systemd.so, + '' + + optionalString (isEnabled (cfg: cfg.enableAppArmor) + && config.security.apparmor.enable) '' + mr ${pkgs.apparmor-pam}/lib/security/pam_apparmor.so, + '' + + optionalString (isEnabled (cfg: cfg.enableKwallet)) '' + mr ${pkgs.plasma5.kwallet-pam}/lib/security/pam_kwallet5.so, + '' + + optionalString config.virtualisation.lxc.lxcfs.enable '' + mr ${pkgs.lxc}/lib/security/pam_cgfs.so + ''; }; } |