about summary refs log tree commit diff
path: root/nixos/modules/security/duosec.nix
diff options
context:
space:
mode:
authorAaron Andersen <aaron@fosslib.net>2020-01-30 14:16:17 -0500
committerAaron Andersen <aaron@fosslib.net>2020-01-30 14:16:17 -0500
commit28c815e34b90337e699432fffed2efc1b31fc6d0 (patch)
treebfe68187e24d3f9ccabf092990b402315a62eba2 /nixos/modules/security/duosec.nix
parent109f179e445f73e5740028cffd2e44741dcdb5e8 (diff)
downloadnixlib-28c815e34b90337e699432fffed2efc1b31fc6d0.tar
nixlib-28c815e34b90337e699432fffed2efc1b31fc6d0.tar.gz
nixlib-28c815e34b90337e699432fffed2efc1b31fc6d0.tar.bz2
nixlib-28c815e34b90337e699432fffed2efc1b31fc6d0.tar.lz
nixlib-28c815e34b90337e699432fffed2efc1b31fc6d0.tar.xz
nixlib-28c815e34b90337e699432fffed2efc1b31fc6d0.tar.zst
nixlib-28c815e34b90337e699432fffed2efc1b31fc6d0.zip
nixos/duosec: fix configuration issue with "groups" option
Diffstat (limited to 'nixos/modules/security/duosec.nix')
-rw-r--r--nixos/modules/security/duosec.nix16


1 files changed, 13 insertions, 3 deletions
diff --git a/nixos/modules/security/duosec.nix b/nixos/modules/security/duosec.nix
index 78a82b7154e7..c686a6861d0f 100644
--- a/nixos/modules/security/duosec.nix
+++ b/nixos/modules/security/duosec.nix
@@ -12,7 +12,7 @@ let
     ikey=${cfg.ikey}
     skey=${cfg.skey}
     host=${cfg.host}
-    ${optionalString (cfg.group != "") ("group="+cfg.group)}
+    ${optionalString (cfg.groups != "") ("groups="+cfg.groups)}
     failmode=${cfg.failmode}
     pushinfo=${boolToStr cfg.pushinfo}
     autopush=${boolToStr cfg.autopush}
@@ -42,6 +42,10 @@ let
   };
 in
 {
+  imports = [
+    (mkRenamedOptionModule [ "security" "duosec" "group" ] [ "security" "duosec" "groups" ])
+  ];
+
   options = {
     security.duosec = {
       ssh.enable = mkOption {
@@ -71,10 +75,16 @@ in
         description = "Duo API hostname.";
       };
 
-      group = mkOption {
+      groups = mkOption {
         type = types.str;
         default = "";
-        description = "Use Duo authentication for users only in this group.";
+        example = "users,!wheel,!*admin guests";
+        description = ''
+          If specified, Duo authentication is required only for users
+          whose primary group or supplementary group list matches one
+          of the space-separated pattern lists. Refer to
+          <link xlink:href="https://duo.com/docs/duounix"/> for details.
+        '';
       };
 
       failmode = mkOption {

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-02 20:52:40 +0000