diff options
author | edef <edef@edef.eu> | 2017-10-07 17:27:46 +0200 |
---|---|---|
committer | obadz <obadz-git@obadz.com> | 2017-10-20 17:42:04 +0100 |
commit | ea35bc94bf0efd28e39cf4e8212f7df5b6e78aba (patch) | |
tree | 1eebdaa574d935def3e7f988271d0af44df7ba9b /nixos/modules/security/pam.nix | |
parent | 7867b508817f1acfe3a524ed93ac83cb45e87720 (diff) | |
download | nixlib-ea35bc94bf0efd28e39cf4e8212f7df5b6e78aba.tar nixlib-ea35bc94bf0efd28e39cf4e8212f7df5b6e78aba.tar.gz nixlib-ea35bc94bf0efd28e39cf4e8212f7df5b6e78aba.tar.bz2 nixlib-ea35bc94bf0efd28e39cf4e8212f7df5b6e78aba.tar.lz nixlib-ea35bc94bf0efd28e39cf4e8212f7df5b6e78aba.tar.xz nixlib-ea35bc94bf0efd28e39cf4e8212f7df5b6e78aba.tar.zst nixlib-ea35bc94bf0efd28e39cf4e8212f7df5b6e78aba.zip |
nixos/ecryptfs: init
Currently, ecryptfs support is coupled to `security.pam.enableEcryptfs`, but one might want to use ecryptfs without enabling the PAM functionality. This commit splits it out into a `boot.supportedFilesystems` switch.
Diffstat (limited to 'nixos/modules/security/pam.nix')
-rw-r--r-- | nixos/modules/security/pam.nix | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index 1e8ca4f90223..5ded36329f33 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -486,8 +486,9 @@ in ++ optionals config.krb5.enable [pam_krb5 pam_ccreds] ++ optionals config.security.pam.enableOTPW [ pkgs.otpw ] ++ optionals config.security.pam.oath.enable [ pkgs.oathToolkit ] - ++ optionals config.security.pam.enableU2F [ pkgs.pam_u2f ] - ++ optionals config.security.pam.enableEcryptfs [ pkgs.ecryptfs ]; + ++ optionals config.security.pam.enableU2F [ pkgs.pam_u2f ]; + + boot.supportedFilesystems = optionals config.security.pam.enableEcryptfs [ "ecryptfs" ]; security.wrappers = { unix_chkpwd = { @@ -495,10 +496,7 @@ in owner = "root"; setuid = true; }; - } // (if config.security.pam.enableEcryptfs then { - "mount.ecryptfs_private".source = "${pkgs.ecryptfs.out}/bin/mount.ecryptfs_private"; - "umount.ecryptfs_private".source = "${pkgs.ecryptfs.out}/bin/umount.ecryptfs_private"; - } else {}); + }; environment.etc = mapAttrsToList (n: v: makePAMService v) config.security.pam.services; |