diff options
author | Janne Heß <janne@hess.ooo> | 2021-12-07 18:26:25 +0100 |
---|---|---|
committer | Janne Heß <janne@hess.ooo> | 2021-12-09 12:48:02 +0100 |
commit | 7b5fb05a0d436a20bc25d820f4ee659ad329c035 (patch) | |
tree | 222b09589597a43080e3e01d4e966e06e6c82da3 /nixos/modules | |
parent | 8dacfbe41ef10ab7a3968e9556e0b7ba83a41471 (diff) | |
download | nixpkgs-7b5fb05a0d436a20bc25d820f4ee659ad329c035.tar nixpkgs-7b5fb05a0d436a20bc25d820f4ee659ad329c035.tar.gz nixpkgs-7b5fb05a0d436a20bc25d820f4ee659ad329c035.tar.bz2 nixpkgs-7b5fb05a0d436a20bc25d820f4ee659ad329c035.tar.lz nixpkgs-7b5fb05a0d436a20bc25d820f4ee659ad329c035.tar.xz nixpkgs-7b5fb05a0d436a20bc25d820f4ee659ad329c035.tar.zst nixpkgs-7b5fb05a0d436a20bc25d820f4ee659ad329c035.zip |
nixos/pam: Type all limit options
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/security/pam.nix | 54 |
1 files changed, 53 insertions, 1 deletions
diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index 8ed7a721a3e..0944b36c6d1 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -295,9 +295,14 @@ let }; limits = mkOption { + default = []; + type = limitsType; description = '' Attribute set describing resource limits. Defaults to the value of <option>security.pam.loginLimits</option>. + The meaning of the values is explained in <citerefentry> + <refentrytitle>limits.conf</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>. ''; }; @@ -648,6 +653,51 @@ let "${domain} ${type} ${item} ${toString value}\n") limits); + limitsType = with lib.types; listOf (submodule ({ ... }: { + options = { + domain = mkOption { + description = "Username, groupname, or wildcard this limit applies to"; + example = "@wheel"; + type = str; + }; + + type = mkOption { + description = "Type of this limit"; + type = enum [ "-" "hard" "soft" ]; + default = "-"; + }; + + item = mkOption { + description = "Item this limit applies to"; + type = enum [ + "core" + "data" + "fsize" + "memlock" + "nofile" + "rss" + "stack" + "cpu" + "nproc" + "as" + "maxlogins" + "maxsyslogins" + "priority" + "locks" + "sigpending" + "msgqueue" + "nice" + "rtprio" + ]; + }; + + value = mkOption { + description = "Value of this limit"; + type = oneOf [ str int ]; + }; + }; + })); + motd = pkgs.writeText "motd" config.users.motd; makePAMService = name: service: @@ -669,6 +719,7 @@ in security.pam.loginLimits = mkOption { default = []; + type = limitsType; example = [ { domain = "ftp"; type = "hard"; @@ -688,7 +739,8 @@ in <varname>domain</varname>, <varname>type</varname>, <varname>item</varname>, and <varname>value</varname> attribute. The syntax and semantics of these attributes - must be that described in the limits.conf(5) man page. + must be that described in <citerefentry><refentrytitle>limits.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry>. Note that these limits do not apply to systemd services, whose limits can be changed via <option>systemd.extraConfig</option> |