nixos: add Duo Security module - nixlib - Alyssa's collection of Nix expressions

diff options

author	Austin Seipp <aseipp@pobox.com>	2014-02-18 03:38:35 -0600
committer	Austin Seipp <aseipp@pobox.com>	2014-03-16 07:11:50 -0500
commit	29d46452dd772c449adbd951e8099320705241fd (patch)
tree	bd7a947a8f0cd4ead3559342882b76f20d965c0f /nixos/modules/module-list.nix
parent	ff79e2f9005b8e0c973a5ee91358e1730fe78eef (diff)
download	nixlib-29d46452dd772c449adbd951e8099320705241fd.tar nixlib-29d46452dd772c449adbd951e8099320705241fd.tar.gz nixlib-29d46452dd772c449adbd951e8099320705241fd.tar.bz2 nixlib-29d46452dd772c449adbd951e8099320705241fd.tar.lz nixlib-29d46452dd772c449adbd951e8099320705241fd.tar.xz nixlib-29d46452dd772c449adbd951e8099320705241fd.tar.zst nixlib-29d46452dd772c449adbd951e8099320705241fd.zip

nixos: add Duo Security module

This module adds the security.duosec attributes, which you can use to
enable simple two-factor authentication for NixOS logins.

The module currently provides PAM and SSH support, although the PAM unix
system configuration isn't automatically dealt with (although the
configuration is automatically built).

Enabling it is as easy as saying:

  security.duosec.ssh.enable = true;
  security.duosec.ikey       = "XXXXXXXX...";
  security.duosec.skey       = "XXXXXXXX...";
  security.duosec.host       = "api-XXXXXXX.duosecurity.com";
  security.duosec.group      = "duosec";

which will enforce two-factor authentication for SSH logins for users in
the 'duosec' group.

This requires uid/gid support in the environment.etc module.

Signed-off-by: Austin Seipp <aseipp@pobox.com>

Diffstat (limited to 'nixos/modules/module-list.nix')

-rw-r--r--

nixos/modules/module-list.nix

1 files changed, 1 insertions, 0 deletions


context:
space:
mode: