diff options
Diffstat (limited to 'nixos/modules/security/duosec.nix')
| -rw-r--r-- | nixos/modules/security/duosec.nix | 12 |
1 files changed, 3 insertions, 9 deletions
diff --git a/nixos/modules/security/duosec.nix b/nixos/modules/security/duosec.nix index 0e3a54325cad..97e2d39dc076 100644 --- a/nixos/modules/security/duosec.nix +++ b/nixos/modules/security/duosec.nix @@ -73,7 +73,7 @@ in }; failmode = mkOption { - type = types.str; + type = types.enum [ "safe" "enum" ]; default = "safe"; description = '' On service or configuration errors that prevent Duo @@ -115,7 +115,7 @@ in }; prompts = mkOption { - type = types.int; + type = types.enum [ 1 2 3 ]; default = 3; description = '' If a user fails to authenticate with a second factor, Duo @@ -181,13 +181,7 @@ in config = mkIf (cfg.ssh.enable || cfg.pam.enable) { assertions = - [ { assertion = cfg.failmode == "safe" || cfg.failmode == "secure"; - message = "Invalid value for failmode (must be safe or secure)."; - } - { assertion = cfg.prompts == 1 || cfg.prompts == 2 || cfg.prompts == 3; - message = "Invalid value for prompts (must be 1, 2, or 3)."; - } - { assertion = !cfg.pam.enable; + [ { assertion = !cfg.pam.enable; message = "PAM support is currently not implemented."; } ]; |