diff options
| author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2024-02-08 06:01:13 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-02-08 06:01:13 +0000 |
| commit | 74098fff8838394e2cdf78012bbc7f5bf835197e (patch) | |
| tree | 19a3a4f266b3157a29d70c8e8df2873608ae915c /nixos | |
| parent | 8cb642cb148be72ee9ff9ce83f0090e18e41b3b0 (diff) | |
| parent | 0302e47841653952b496fbe1a8be6fb2ebb1c8c4 (diff) | |
| download | nixlib-74098fff8838394e2cdf78012bbc7f5bf835197e.tar nixlib-74098fff8838394e2cdf78012bbc7f5bf835197e.tar.gz nixlib-74098fff8838394e2cdf78012bbc7f5bf835197e.tar.bz2 nixlib-74098fff8838394e2cdf78012bbc7f5bf835197e.tar.lz nixlib-74098fff8838394e2cdf78012bbc7f5bf835197e.tar.xz nixlib-74098fff8838394e2cdf78012bbc7f5bf835197e.tar.zst nixlib-74098fff8838394e2cdf78012bbc7f5bf835197e.zip | |
Merge master into staging-next
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/security/pam.nix | 12 | ||||
| -rw-r--r-- | nixos/modules/security/pam_usb.nix | 51 |
3 files changed, 0 insertions, 64 deletions
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 2996da3c2d55..1384c7c6dfa2 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -317,7 +317,6 @@ ./security/oath.nix ./security/pam.nix ./security/pam_mount.nix - ./security/pam_usb.nix ./security/please.nix ./security/polkit.nix ./security/rngd.nix diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index f809848fd428..ed03254cb5ee 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -205,17 +205,6 @@ let }; }; - usbAuth = mkOption { - default = config.security.pam.usb.enable; - defaultText = literalExpression "config.security.pam.usb.enable"; - type = types.bool; - description = lib.mdDoc '' - If set, users listed in - {file}`/etc/pamusb.conf` are able to log in - with the associated USB key. - ''; - }; - otpwAuth = mkOption { default = config.security.pam.enableOTPW; defaultText = literalExpression "config.security.pam.enableOTPW"; @@ -665,7 +654,6 @@ let authfile = u2f.authFile; appid = u2f.appId; }; }) - { name = "usb"; enable = cfg.usbAuth; control = "sufficient"; modulePath = "${pkgs.pam_usb}/lib/security/pam_usb.so"; } (let ussh = config.security.pam.ussh; in { name = "ussh"; enable = config.security.pam.ussh.enable && cfg.usshAuth; control = ussh.control; modulePath = "${pkgs.pam_ussh}/lib/security/pam_ussh.so"; settings = { ca_file = ussh.caFile; authorized_principals = ussh.authorizedPrincipals; diff --git a/nixos/modules/security/pam_usb.nix b/nixos/modules/security/pam_usb.nix deleted file mode 100644 index 4275c26c6bda..000000000000 --- a/nixos/modules/security/pam_usb.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - - cfg = config.security.pam.usb; - - anyUsbAuth = any (attrByPath ["usbAuth"] false) (attrValues config.security.pam.services); - -in - -{ - options = { - - security.pam.usb = { - enable = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc '' - Enable USB login for all login systems that support it. For - more information, visit <https://github.com/aluzzardi/pam_usb/wiki/Getting-Started#setting-up-devices-and-users>. - ''; - }; - - }; - - }; - - config = mkIf (cfg.enable || anyUsbAuth) { - - # Make sure pmount and pumount are setuid wrapped. - security.wrappers = { - pmount = - { setuid = true; - owner = "root"; - group = "root"; - source = "${pkgs.pmount.out}/bin/pmount"; - }; - pumount = - { setuid = true; - owner = "root"; - group = "root"; - source = "${pkgs.pmount.out}/bin/pumount"; - }; - }; - - environment.systemPackages = [ pkgs.pmount ]; - - }; -} |