pyrox.dev
lol
duosec module: use enum
+3
-9
nixos/modules/security/duosec.nix
+3
-9
nixos/modules/security/duosec.nix
···
73
73
};
74
74
75
75
failmode = mkOption {
76
-
type = types.str;
76
+
type = types.enum [ "safe" "enum" ];
77
77
default = "safe";
78
78
description = ''
79
79
On service or configuration errors that prevent Duo
···
115
115
};
116
116
117
117
prompts = mkOption {
118
-
type = types.int;
118
+
type = types.enum [ 1 2 3 ];
119
119
default = 3;
120
120
description = ''
121
121
If a user fails to authenticate with a second factor, Duo
···
181
181
182
182
config = mkIf (cfg.ssh.enable || cfg.pam.enable) {
183
183
assertions =
184
-
[ { assertion = cfg.failmode == "safe" || cfg.failmode == "secure";
185
-
message = "Invalid value for failmode (must be safe or secure).";
186
-
}
187
-
{ assertion = cfg.prompts == 1 || cfg.prompts == 2 || cfg.prompts == 3;
188
-
message = "Invalid value for prompts (must be 1, 2, or 3).";
189
-
}
190
-
{ assertion = !cfg.pam.enable;
184
+
[ { assertion = !cfg.pam.enable;
191
185
message = "PAM support is currently not implemented.";
192
186
}
193
187
];