commit 47ff8d20d752b95befaa2ebb3f6bae4d3eb37a18 · tjh.dev/nixpkgs

tjh.dev / nixpkgs

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

fork atom

nixos/duosec: replace activationScript

Replace with a separate systemd service.

nikstur 2 years ago 47ff8d20 b16365b3

+12 -3

1 changed file

expand all

unified split

nixos

modules

security

duosec.nix

+12 -3

nixos/modules/security/duosec.nix

··· 193 193 source = "${pkgs.duo-unix.out}/bin/login_duo"; 194 194 }; 195 195 196 - system.activationScripts = { 197 - login_duo = mkIf cfg.ssh.enable '' 196 + systemd.services.login-duo = lib.mkIf cfg.ssh.enable { 197 + wantedBy = [ "sysinit.target" ]; 198 + before = [ "sysinit.target" ]; 199 + unitConfig.DefaultDependencies = false; 200 + script = '' 198 201 if test -f "${cfg.secretKeyFile}"; then 199 202 mkdir -m 0755 -p /etc/duo 200 203 ··· 209 212 mv -fT "$conf" /etc/duo/login_duo.conf 210 213 fi 211 214 ''; 212 - pam_duo = mkIf cfg.pam.enable '' 215 + }; 216 + 217 + systemd.services.pam-duo = lib.mkIf cfg.ssh.enable { 218 + wantedBy = [ "sysinit.target" ]; 219 + before = [ "sysinit.target" ]; 220 + unitConfig.DefaultDependencies = false; 221 + script = '' 213 222 if test -f "${cfg.secretKeyFile}"; then 214 223 mkdir -m 0755 -p /etc/duo 215 224