9f9e277b60
These (and the `*MD` functions apart from `literalMD`) are now no-ops in nixpkgs and serve no purpose other than to add additional noise and potentially mislead people into thinking unmarked DocBook documentation will still be accepted. Note that if backporting changes including documentation to 23.05, the `mdDoc` calls will need to be re-added. To reproduce this commit, run: $ NIX_PATH=nixpkgs=flake:nixpkgs/e7e69199f0372364a6106a1e735f68604f4c5a25 \ nix shell nixpkgs#coreutils \ -c find . -name '*.nix' \ -exec nix run -- github:emilazy/nix-doc-munge/98dadf1f77351c2ba5dcb709a2a171d655f15099 \ --strip {} + $ ./format
68 lines
1.8 KiB
Nix
68 lines
1.8 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
|
|
cfg = config.pam;
|
|
|
|
in {
|
|
meta.maintainers = with maintainers; [ rycee veehaitch ];
|
|
|
|
options = {
|
|
pam.sessionVariables = mkOption {
|
|
default = { };
|
|
type = types.attrs;
|
|
example = { EDITOR = "vim"; };
|
|
description = ''
|
|
Environment variables that will be set for the PAM session.
|
|
The variable values must be as described in
|
|
{manpage}`pam_env.conf(5)`.
|
|
|
|
Note, this option will become deprecated in the future and its use is
|
|
therefore discouraged.
|
|
'';
|
|
};
|
|
|
|
pam.yubico.authorizedYubiKeys = {
|
|
ids = mkOption {
|
|
type = with types;
|
|
let
|
|
yubiKeyId = addCheck str (s: stringLength s == 12) // {
|
|
name = "yubiKeyId";
|
|
description = "string of length 12";
|
|
};
|
|
in listOf yubiKeyId;
|
|
default = [ ];
|
|
description = ''
|
|
List of authorized YubiKey token IDs. Refer to
|
|
<https://developers.yubico.com/yubico-pam>
|
|
for details on how to obtain the token ID of a YubiKey.
|
|
'';
|
|
};
|
|
|
|
path = mkOption {
|
|
type = types.str;
|
|
default = ".yubico/authorized_yubikeys";
|
|
description = ''
|
|
File path to write the authorized YubiKeys,
|
|
relative to {env}`HOME`.
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
|
|
config = mkMerge [
|
|
(mkIf (cfg.sessionVariables != { }) {
|
|
home.file.".pam_environment".text = concatStringsSep "\n"
|
|
(mapAttrsToList (n: v: ''${n} OVERRIDE="${toString v}"'')
|
|
cfg.sessionVariables) + "\n";
|
|
})
|
|
|
|
(mkIf (cfg.yubico.authorizedYubiKeys.ids != [ ]) {
|
|
home.file.${cfg.yubico.authorizedYubiKeys.path}.text =
|
|
concatStringsSep ":"
|
|
([ config.home.username ] ++ cfg.yubico.authorizedYubiKeys.ids);
|
|
})
|
|
];
|
|
}
|