Turn security.pam.services into an attribute set

That is, you can say

  security.pam.services.sshd = { options... };

instead of

  security.pam.services = [ { name = "sshd"; options... } ];

making it easier to override PAM settings from other modules.

10 files changed, 21 insertions, 16 deletions

diff --git a/nixos/modules/services/mail/dovecot.nix b/nixos/modules/services/mail/dovecot.nix
index 5f8e8e1ade3b..92682d644f41 100644
--- a/nixos/modules/services/mail/dovecot.nix
+++ b/nixos/modules/services/mail/dovecot.nix
@@ -124,7 +124,7 @@ in
 
   config = mkIf config.services.dovecot2.enable {
 
-    security.pam.services = [ { name = "dovecot2"; } ];
+    security.pam.services.dovecot2 = {};
 
     users.extraUsers = [
       { name = cfg.user;
diff --git a/nixos/modules/services/network-filesystems/samba.nix b/nixos/modules/services/network-filesystems/samba.nix
index 70a14487ea59..e18d9d7b67b5 100644
--- a/nixos/modules/services/network-filesystems/samba.nix
+++ b/nixos/modules/services/network-filesystems/samba.nix
@@ -198,6 +198,7 @@ in
       }
 
       (mkIf config.services.samba.enable {
+
         users.extraUsers.smbguest = {
           description = "Samba service user";
           group = group;
@@ -228,6 +229,8 @@ in
           };
         };
 
+        security.pam.services.sambda = {};
+
       })
     ];
 
diff --git a/nixos/modules/services/networking/ejabberd.nix b/nixos/modules/services/networking/ejabberd.nix
index 6d233e543e23..05e0aba7d70e 100644
--- a/nixos/modules/services/networking/ejabberd.nix
+++ b/nixos/modules/services/networking/ejabberd.nix
@@ -130,6 +130,8 @@ in
           '';
       };
 
+    security.pam.services.ejabberd = {};
+
   };
 
 }
diff --git a/nixos/modules/services/networking/ssh/lshd.nix b/nixos/modules/services/networking/ssh/lshd.nix
index d32fabbde24b..04ef76f1e4d4 100644
--- a/nixos/modules/services/networking/ssh/lshd.nix
+++ b/nixos/modules/services/networking/ssh/lshd.nix
@@ -170,6 +170,8 @@ in
           '';
       };
 
+    security.pam.services.lshd = {};
+
   };
 
 }
diff --git a/nixos/modules/services/printing/cupsd.nix b/nixos/modules/services/printing/cupsd.nix
index c9a4a9087e56..1c3dc9d90b1d 100644
--- a/nixos/modules/services/printing/cupsd.nix
+++ b/nixos/modules/services/printing/cupsd.nix
@@ -219,5 +219,7 @@ in
     # Allow CUPS to receive IPP printer announcements via UDP.
     networking.firewall.allowedUDPPorts = [ 631 ];
 
+    security.pam.services.cups = {};
+
   };
 }
diff --git a/nixos/modules/services/scheduling/atd.nix b/nixos/modules/services/scheduling/atd.nix
index 88bec2cb2f3e..8c96252668e3 100644
--- a/nixos/modules/services/scheduling/atd.nix
+++ b/nixos/modules/services/scheduling/atd.nix
@@ -49,7 +49,7 @@ in
 
     environment.systemPackages = [ at ];
 
-    security.pam.services = [ { name = "atd"; } ];
+    security.pam.services.atd = {};
 
     users.extraUsers = singleton
       { name = "atd";
diff --git a/nixos/modules/services/x11/desktop-managers/kde4.nix b/nixos/modules/services/x11/desktop-managers/kde4.nix
index c76acfbcd4e2..d1eb1799bc84 100644
--- a/nixos/modules/services/x11/desktop-managers/kde4.nix
+++ b/nixos/modules/services/x11/desktop-managers/kde4.nix
@@ -162,7 +162,7 @@ in
     services.udisks2.enable = wantsUdisks2;
     services.upower.enable = config.powerManagement.enable;
 
-    security.pam.services = [ { name = "kde"; allowNullPassword = true; startSession = true; } ];
+    security.pam.services.kde = { allowNullPassword = true; };
 
   };
 
diff --git a/nixos/modules/services/x11/display-managers/kdm.nix b/nixos/modules/services/x11/display-managers/kdm.nix
index 229ab12c6e1b..2e84adcb4cef 100644
--- a/nixos/modules/services/x11/display-managers/kdm.nix
+++ b/nixos/modules/services/x11/display-managers/kdm.nix
@@ -138,7 +138,7 @@ in
         logsXsession = true;
       };
 
-    security.pam.services = [ { name = "kde"; allowNullPassword = true; startSession = true; } ];
+    security.pam.services.kde = { allowNullPassword = true; startSession = true; };
 
     users.extraUsers = singleton
       { name = "kdm";
diff --git a/nixos/modules/services/x11/display-managers/lightdm.nix b/nixos/modules/services/x11/display-managers/lightdm.nix
index c2b90d239eaa..266f16e18e30 100644
--- a/nixos/modules/services/x11/display-managers/lightdm.nix
+++ b/nixos/modules/services/x11/display-managers/lightdm.nix
@@ -102,10 +102,8 @@ in
     services.dbus.enable = true;
     services.dbus.packages = [ lightdm ];
 
-    security.pam.services = [
-      { name = "lightdm"; allowNullPassword = true; startSession = true; }
-      { name = "lightdm-greeter"; allowNullPassword = true; startSession = true; }
-    ];
+    security.pam.services.lightdm = { allowNullPassword = true; startSession = true; };
+    security.pam.services.lightdm-greeter = { allowNullPassword = true; startSession = true; };
 
     users.extraUsers.lightdm = {
       createHome = true;
diff --git a/nixos/modules/services/x11/display-managers/slim.nix b/nixos/modules/services/x11/display-managers/slim.nix
index f9b81f8f0407..7b2c52ca3989 100644
--- a/nixos/modules/services/x11/display-managers/slim.nix
+++ b/nixos/modules/services/x11/display-managers/slim.nix
@@ -104,14 +104,12 @@ in
         execCmd = "exec ${pkgs.slim}/bin/slim";
       };
 
-    security.pam.services =
-      [ # Allow null passwords so that the user can login as root on the
-        # installation CD.
-        { name = "slim"; allowNullPassword = true; startSession = true; }
-
-        # Allow slimlock to work.
-        { name = "slimlock"; }
-      ];
+    # Allow null passwords so that the user can login as root on the
+    # installation CD.
+    security.pam.services.slim = { allowNullPassword = true; startSession = true; };
+
+    # Allow slimlock to work.
+    security.pam.services.slimlock = {};
 
     environment.systemPackages = [ pkgs.slim ];