nixos/duosec: replace activationScript

Replace with a separate systemd service.
2024-11-27 09:23:01 +00:00 · 2023-10-20 13:33:58 +02:00 · 2023-10-20 13:33:58 +02:00 · 47ff8d20d7
commit 47ff8d20d7
parent b16365b393
1 changed files with 12 additions and 3 deletions
--- a/nixos/modules/security/duosec.nix
+++ b/nixos/modules/security/duosec.nix
@ -193,8 +193,11 @@ in
        source = "${pkgs.duo-unix.out}/bin/login_duo";
      };

-    system.activationScripts = {
-      login_duo = mkIf cfg.ssh.enable ''
+    systemd.services.login-duo = lib.mkIf cfg.ssh.enable {
+      wantedBy = [ "sysinit.target" ];
+      before = [ "sysinit.target" ];
+      unitConfig.DefaultDependencies = false;
+      script = ''
        if test -f "${cfg.secretKeyFile}"; then
          mkdir -m 0755 -p /etc/duo

@ -209,7 +212,13 @@ in
          mv -fT "$conf" /etc/duo/login_duo.conf
        fi
      '';
-      pam_duo = mkIf cfg.pam.enable ''
+    };
+
+    systemd.services.pam-duo = lib.mkIf cfg.ssh.enable {
+      wantedBy = [ "sysinit.target" ];
+      before = [ "sysinit.target" ];
+      unitConfig.DefaultDependencies = false;
+      script = ''
        if test -f "${cfg.secretKeyFile}"; then
          mkdir -m 0755 -p /etc/duo