summary refs log tree commit diff
path: root/nixos/modules/security
diff options
context:
space:
mode:
authorLucas Savva <lucas@m1cr0man.com>2020-02-09 16:31:07 +0000
committerLucas Savva <lucas@m1cr0man.com>2020-02-09 16:31:07 +0000
commit75fa8027ebbfaa31e67bf2e931b8b3d428494692 (patch)
tree3b6939b1bfc774c78ac47b3befe690a70c3ea582 /nixos/modules/security
parentd8e697b4fcfd929d05221ac3e67b9c04ac69df86 (diff)
parenta8f3903ba5ac2899d059b7586f1f047df23b25b5 (diff)
downloadnixpkgs-75fa8027ebbfaa31e67bf2e931b8b3d428494692.tar
nixpkgs-75fa8027ebbfaa31e67bf2e931b8b3d428494692.tar.gz
nixpkgs-75fa8027ebbfaa31e67bf2e931b8b3d428494692.tar.bz2
nixpkgs-75fa8027ebbfaa31e67bf2e931b8b3d428494692.tar.lz
nixpkgs-75fa8027ebbfaa31e67bf2e931b8b3d428494692.tar.xz
nixpkgs-75fa8027ebbfaa31e67bf2e931b8b3d428494692.tar.zst
nixpkgs-75fa8027ebbfaa31e67bf2e931b8b3d428494692.zip
nixos/acme: Update release note, remove redundant requires
Merge remote-tracking branch 'remotes/upstream/master'
Diffstat (limited to 'nixos/modules/security')
-rw-r--r--nixos/modules/security/duosec.nix16
1 files changed, 13 insertions, 3 deletions
diff --git a/nixos/modules/security/duosec.nix b/nixos/modules/security/duosec.nix
index 78a82b7154e..c686a6861d0 100644
--- a/nixos/modules/security/duosec.nix
+++ b/nixos/modules/security/duosec.nix
@@ -12,7 +12,7 @@ let
     ikey=${cfg.ikey}
     skey=${cfg.skey}
     host=${cfg.host}
-    ${optionalString (cfg.group != "") ("group="+cfg.group)}
+    ${optionalString (cfg.groups != "") ("groups="+cfg.groups)}
     failmode=${cfg.failmode}
     pushinfo=${boolToStr cfg.pushinfo}
     autopush=${boolToStr cfg.autopush}
@@ -42,6 +42,10 @@ let
   };
 in
 {
+  imports = [
+    (mkRenamedOptionModule [ "security" "duosec" "group" ] [ "security" "duosec" "groups" ])
+  ];
+
   options = {
     security.duosec = {
       ssh.enable = mkOption {
@@ -71,10 +75,16 @@ in
         description = "Duo API hostname.";
       };
 
-      group = mkOption {
+      groups = mkOption {
         type = types.str;
         default = "";
-        description = "Use Duo authentication for users only in this group.";
+        example = "users,!wheel,!*admin guests";
+        description = ''
+          If specified, Duo authentication is required only for users
+          whose primary group or supplementary group list matches one
+          of the space-separated pattern lists. Refer to
+          <link xlink:href="https://duo.com/docs/duounix"/> for details.
+        '';
       };
 
       failmode = mkOption {
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-14 02:51:35 +0000