pyrox.dev / nixpkgs
lol
fork atom

Merge pull request #186628 from ocfox/pam_faildelay

nixos/pam: add option failDelay

authored by

Bobby Rong and committed by
GitHub 03e68946 590a40e1

+22
unified split
+22
nixos/modules/security/pam.nix
··· 392 392 ''; 393 393 }; 394 394 395 + failDelay = { 396 + enable = mkOption { 397 + type = types.bool; 398 + default = false; 399 + description = lib.mdDoc '' 400 + If enabled, this will replace the `FAIL_DELAY` setting from `login.defs`. 401 + Change the delay on failure per-application. 402 + ''; 403 + }; 404 + 405 + delay = mkOption { 406 + default = 3000000; 407 + type = types.int; 408 + example = 1000000; 409 + description = lib.mdDoc "The delay time (in microseconds) on failure."; 410 + }; 411 + }; 412 + 395 413 gnupg = { 396 414 enable = mkOption { 397 415 type = types.bool; ··· 531 549 || cfg.enableGnomeKeyring 532 550 || cfg.googleAuthenticator.enable 533 551 || cfg.gnupg.enable 552 + || cfg.failDelay.enable 534 553 || cfg.duoSecurity.enable)) 535 554 ( 536 555 '' ··· 550 569 '' + 551 570 optionalString cfg.gnupg.enable '' 552 571 auth optional ${pkgs.pam_gnupg}/lib/security/pam_gnupg.so ${optionalString cfg.gnupg.storeOnly " store-only"} 572 + '' + 573 + optionalString cfg.failDelay.enable '' 574 + auth optional ${pkgs.pam}/lib/security/pam_faildelay.so delay=${toString cfg.failDelay.delay} 553 575 '' + 554 576 optionalString cfg.googleAuthenticator.enable '' 555 577 auth required ${pkgs.google-authenticator}/lib/security/pam_google_authenticator.so no_increment_hotp