diff options
author | Lucas Savva <lucas@m1cr0man.com> | 2020-02-09 16:31:07 +0000 |
---|---|---|
committer | Lucas Savva <lucas@m1cr0man.com> | 2020-02-09 16:31:07 +0000 |
commit | 75fa8027ebbfaa31e67bf2e931b8b3d428494692 (patch) | |
tree | 3b6939b1bfc774c78ac47b3befe690a70c3ea582 /nixos/modules/security | |
parent | d8e697b4fcfd929d05221ac3e67b9c04ac69df86 (diff) | |
parent | a8f3903ba5ac2899d059b7586f1f047df23b25b5 (diff) | |
download | nixpkgs-75fa8027ebbfaa31e67bf2e931b8b3d428494692.tar nixpkgs-75fa8027ebbfaa31e67bf2e931b8b3d428494692.tar.gz nixpkgs-75fa8027ebbfaa31e67bf2e931b8b3d428494692.tar.bz2 nixpkgs-75fa8027ebbfaa31e67bf2e931b8b3d428494692.tar.lz nixpkgs-75fa8027ebbfaa31e67bf2e931b8b3d428494692.tar.xz nixpkgs-75fa8027ebbfaa31e67bf2e931b8b3d428494692.tar.zst nixpkgs-75fa8027ebbfaa31e67bf2e931b8b3d428494692.zip |
nixos/acme: Update release note, remove redundant requires
Merge remote-tracking branch 'remotes/upstream/master'
Diffstat (limited to 'nixos/modules/security')
-rw-r--r-- | nixos/modules/security/duosec.nix | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/nixos/modules/security/duosec.nix b/nixos/modules/security/duosec.nix index 78a82b7154e..c686a6861d0 100644 --- a/nixos/modules/security/duosec.nix +++ b/nixos/modules/security/duosec.nix @@ -12,7 +12,7 @@ let ikey=${cfg.ikey} skey=${cfg.skey} host=${cfg.host} - ${optionalString (cfg.group != "") ("group="+cfg.group)} + ${optionalString (cfg.groups != "") ("groups="+cfg.groups)} failmode=${cfg.failmode} pushinfo=${boolToStr cfg.pushinfo} autopush=${boolToStr cfg.autopush} @@ -42,6 +42,10 @@ let }; in { + imports = [ + (mkRenamedOptionModule [ "security" "duosec" "group" ] [ "security" "duosec" "groups" ]) + ]; + options = { security.duosec = { ssh.enable = mkOption { @@ -71,10 +75,16 @@ in description = "Duo API hostname."; }; - group = mkOption { + groups = mkOption { type = types.str; default = ""; - description = "Use Duo authentication for users only in this group."; + example = "users,!wheel,!*admin guests"; + description = '' + If specified, Duo authentication is required only for users + whose primary group or supplementary group list matches one + of the space-separated pattern lists. Refer to + <link xlink:href="https://duo.com/docs/duounix"/> for details. + ''; }; failmode = mkOption { |