diff options
| author | Artturi <Artturin@artturin.com> | 2024-02-04 17:31:58 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-02-04 17:31:58 +0200 |
| commit | 8f893ff1dadba01ae14fa99fb69abba64d5b4a21 (patch) | |
| tree | 22d2e76b386d542afe92a3ed6f79ef65d33f6f3f /nixos/modules | |
| parent | 420855783d75922be8c0ed1da6e6ac10ba400f0e (diff) | |
| parent | d102910f4748c8aeb0414fca138976e7b6e31ead (diff) | |
| download | nixlib-8f893ff1dadba01ae14fa99fb69abba64d5b4a21.tar nixlib-8f893ff1dadba01ae14fa99fb69abba64d5b4a21.tar.gz nixlib-8f893ff1dadba01ae14fa99fb69abba64d5b4a21.tar.bz2 nixlib-8f893ff1dadba01ae14fa99fb69abba64d5b4a21.tar.lz nixlib-8f893ff1dadba01ae14fa99fb69abba64d5b4a21.tar.xz nixlib-8f893ff1dadba01ae14fa99fb69abba64d5b4a21.tar.zst nixlib-8f893ff1dadba01ae14fa99fb69abba64d5b4a21.zip | |
Merge pull request #221628 from rhysmdnz/intune
Microsoft Intune
Diffstat (limited to 'nixos/modules')
| -rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/security/pam.nix | 3 | ||||
| -rw-r--r-- | nixos/modules/services/security/intune.nix | 32 |
3 files changed, 36 insertions, 0 deletions
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 37f822721f48..e97fb45e769c 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1202,6 +1202,7 @@ ./services/security/hologram-agent.nix ./services/security/hologram-server.nix ./services/security/infnoise.nix + ./services/security/intune.nix ./services/security/jitterentropy-rngd.nix ./services/security/kanidm.nix ./services/security/munge.nix diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index ffbb558549f6..f809848fd428 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -700,6 +700,7 @@ let || cfg.pamMount || cfg.enableKwallet || cfg.enableGnomeKeyring + || config.services.intune.enable || cfg.googleAuthenticator.enable || cfg.gnupg.enable || cfg.failDelay.enable @@ -726,6 +727,7 @@ let kwalletd = "${pkgs.plasma5Packages.kwallet.bin}/bin/kwalletd5"; }; } { name = "gnome_keyring"; enable = cfg.enableGnomeKeyring; control = "optional"; modulePath = "${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so"; } + { name = "intune"; enable = config.services.intune.enable; control = "optional"; modulePath = "${pkgs.intune-portal}/lib/security/pam_intune.so"; } { name = "gnupg"; enable = cfg.gnupg.enable; control = "optional"; modulePath = "${pkgs.pam_gnupg}/lib/security/pam_gnupg.so"; settings = { store-only = cfg.gnupg.storeOnly; }; } @@ -867,6 +869,7 @@ let { name = "gnupg"; enable = cfg.gnupg.enable; control = "optional"; modulePath = "${pkgs.pam_gnupg}/lib/security/pam_gnupg.so"; settings = { no-autostart = cfg.gnupg.noAutostart; }; } + { name = "intune"; enable = config.services.intune.enable; control = "optional"; modulePath = "${pkgs.intune-portal}/lib/security/pam_intune.so"; } ]; }; }; diff --git a/nixos/modules/services/security/intune.nix b/nixos/modules/services/security/intune.nix new file mode 100644 index 000000000000..93cecaca5f43 --- /dev/null +++ b/nixos/modules/services/security/intune.nix @@ -0,0 +1,32 @@ +{ config +, pkgs +, lib +, ... +}: +let + cfg = config.services.intune; +in +{ + options.services.intune = { + enable = lib.mkEnableOption (lib.mdDoc "Microsoft Intune"); + }; + + + config = lib.mkIf cfg.enable { + users.users.microsoft-identity-broker = { + group = "microsoft-identity-broker"; + isSystemUser = true; + }; + + users.groups.microsoft-identity-broker = { }; + environment.systemPackages = [ pkgs.microsoft-identity-broker pkgs.intune-portal ]; + systemd.packages = [ pkgs.microsoft-identity-broker pkgs.intune-portal ]; + + systemd.tmpfiles.packages = [ pkgs.intune-portal ]; + services.dbus.packages = [ pkgs.microsoft-identity-broker ]; + }; + + meta = { + maintainers = with lib.maintainers; [ rhysmdnz ]; + }; +} |