nixpkgs

mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-18 03:34:58 +00:00

Author	SHA1	Message	Date
nicoo	0e5c95035d	nixos/pam: Fix use of renamed `enableSSHAgentAuth` option	2024-01-08 18:13:46 +00:00
Maciej Krüger	b5b2f6bec4	Merge pull request #277620 from nbraud/nixos/pam/ssh-agent-auth-31611 nixos/pam: Add option for ssh-agent auth's trusted authorized_keys files	2024-01-08 17:42:02 +01:00
nicoo	9ed1423dcf	nixos/pam: Warn on insecure `sshAgentAuth` configurations	2024-01-04 17:30:09 +00:00
nicoo	822c0a86bd	nixos/pam: Add `sshAgentAuth.authorizedKeysFiles` option	2024-01-03 14:49:36 +00:00
nicoo	a46ea51ca3	nixos/pam: Rename option `enableSSHAgentAuth` to `sshAgentAuth.enable`	2024-01-03 14:49:36 +00:00
nicoo	607679c6d3	nixos/pam: Assert that `authorizedKeysFiles` is non-empty when using `pam_ssh_agent_auth`	2023-12-30 22:19:38 +00:00
nicoo	bcc2d1238a	nixos/sudo-rs: Move support for `pam_ssh_agent_auth(8)` to PAM's NixOS module Similar to delroth's suggestion in #262790.	2023-11-25 14:11:25 +00:00
nicoo	19e1420e13	nixos/sudo: Move support for `pam_ssh_agent_auth(8)` to PAM's NixOS module	2023-11-08 19:41:37 +00:00
Majiir Paktu	9d6e6e18bc	nixos/pam: add maintainer	2023-10-10 21:11:35 -04:00
Majiir Paktu	e712b6e81d	nixos/pam: generate apparmor includes from rules Removes redundant config from the module. Fixes a bug where some modules (e.g. ussh) were added to apparmor even though they had no rules enabled.	2023-10-10 21:11:35 -04:00
Majiir Paktu	43f7cb4a95	nixos/pam: add order comment to each rule line	2023-10-10 21:11:35 -04:00
Majiir Paktu	077cdcc7e9	nixos/pam: convert rules to attrs, add order field Makes it possible to override properties of a rule by name. Introduces an 'order' field that can be overridden to change the sequence of rules. For now, the order value for each built-in rule is derived from its place in the hardcoded list of rules.	2023-10-10 21:11:34 -04:00
Majiir Paktu	e86487e579	nixos/pam: remove empty text fields	2023-10-10 21:11:34 -04:00
Majiir Paktu	5b8439f966	nixos/pam: add settings option for common argument styles Adds easily overrideable settings for the most common PAM argument styles. These are: - Flag (e.g. "use_first_pass"): rendered for true boolean values. false values are ignored. - Key-value (e.g. "action=validate"): rendered for non-null, non-boolean values. Most PAM arguments can be configured this way. Others can still be configured with the 'args' option.	2023-10-10 21:11:34 -04:00
Majiir Paktu	6eea7fb194	nixos/pam: extract args field Module arguments have common escaping rules for all PAMs.	2023-10-09 23:17:37 -04:00
Majiir Paktu	12a488e89c	nixos/pam: extract modulePath field	2023-10-09 23:17:36 -04:00
Majiir Paktu	25bc21f19a	nixos/pam: extract control field	2023-10-09 23:17:36 -04:00
Majiir Paktu	0563e0a379	nixos/pam: give each rule a name These names are internal identifiers. They will be used as keys so that users can reconfigure rules by merging a rule config with the same name. The name is arbitrary. The built-in rules are named after the PAM where practical.	2023-10-09 23:17:36 -04:00
Majiir Paktu	fbd7427b14	nixos/pam: define rules as submodules Allows us to decompose rules into multiple fields that we later format as textual rules. Eventually allows users to override individual fields.	2023-10-09 23:17:36 -04:00
Majiir Paktu	3c85d159f7	nixos/pam: automatically populate rule type Eliminates a redundancy between the 'rules' suboptions and the type specified in each rule. We eventually want to give each rule a name so that we can merge config overrides. The PAM name is a natural choice for rule name, but a PAM is often used in multiple rule types. Organizing rules by type and rule name avoids name collisions.	2023-10-09 23:17:15 -04:00
Majiir Paktu	d6bb805932	nixos/pam: extract header comments Unblocks converting the rules from one big string to a rich data structure.	2023-10-09 20:40:19 -04:00
Majiir Paktu	0f9d719d8a	nixos/pam: split rule lists into individual rules	2023-09-24 18:37:10 -04:00
Majiir Paktu	dd458977a0	nixos/pam: clean up rules Makes the rules more uniform in structure and style. This makes it easier to automate subsequent commits. No behavior changes.	2023-09-24 18:37:10 -04:00
mib	2e66f109ed	nixos/pam: fix typo in fscrypt enable option mkEnableOption prepends "Whether to enable" to text, so this became "Whether to enable Enables fscrypt ..."	2023-09-11 12:06:39 +02:00
Aaron Andersen	9d56365451	security/pam: add umask option to configure pam_mkhomedir	2023-08-10 20:35:08 -04:00
Lin Jian	74fadae942	treewide: stop using types.string It is an error[1] now. [1]: https://github.com/NixOS/nixpkgs/pull/247848	2023-08-08 21:31:21 +08:00
Jacob Moody	5f97e78c64	pam_dp9ik: init at 1.5	2023-07-09 14:12:21 -05:00
Max	34a4165674	nixos/pam: support Kanidm	2023-06-11 17:17:42 +02:00
Raito Bezarius	3f446bfbd3	nixos/pam: fix ZFS support assertion It was always complaining even if you didn't enable PAM ZFS.	2023-05-15 12:06:04 +02:00
Nicola Squartini	87cbaf7ce3	nixos/pam: assert ZFS support for PAM module	2023-05-15 09:22:42 +02:00
Nicola Squartini	5466f76755	nixos/pam: improve documentation of ZFS module	2023-05-15 09:22:39 +02:00
Nicola Squartini	09f4bf7f16	nixos/pam: enable unlocking ZFS home dataset	2023-05-15 09:20:40 +02:00
s1341	e2d538fead	pam: remove unused try_first_pass	2023-05-09 13:45:15 +03:00
s1341	765ae4d581	nixos/pam: allow changing password using sssd	2023-05-09 13:43:06 +03:00
github-actions[bot]	455127ad5e	Merge master into staging-next	2023-03-16 18:01:20 +00:00
Martin Weinelt	4472cf44eb	treewide: Make yescrypt the default algorithm for pam_unix.so This ensures `passwd` will default to yescrypt for newly generated passwords.	2023-03-13 07:54:27 +01:00
Felix Buehler	d10e69c86b	treewide: deprecate isNull https://nixos.org/manual/nix/stable/language/builtins.html#builtins-isNull	2023-03-06 22:40:04 +01:00
Florian Klink	6b1a896570	Merge pull request #205121 from alaviss/homed nixos: systemd-homed support	2022-12-23 13:09:17 +01:00
figsoda	6bb0dbf91f	nixos: fix typos	2022-12-17 19:31:14 -05:00
Markus Napierkowski	192ae663cc	nixos/pam: allow backing the motd with a file	2022-12-15 11:54:26 +01:00
Leorize	05420f34cf	nixos: add systemd-homed support As a start, it's not very configurable, but works pretty well.	2022-12-09 12:10:51 -06:00
Franz Pletz	69f8e94c46	Merge pull request #199587 from lorenz/fscrypt nixos/pam: support fscrypt login protectors	2022-11-14 09:42:35 +01:00
Lorenz Brun	f046cc0923	nixos/pam: support fscrypt login protectors fscrypt can automatically unlock directories with the user's login password. To do this it ships a PAM module which reads the user's password and loads the respective keys into the user's kernel keyring. Significant inspiration was taken from the ecryptfs implementation.	2022-11-11 15:37:39 +01:00
Bobby Rong	03e68946a0	Merge pull request #186628 from ocfox/pam_faildelay nixos/pam: add option failDelay	2022-11-07 19:54:57 +08:00
ocfox	ab0ae8f5e1	nixos/pam: add option failDelay Co-authored-by: Bobby Rong <rjl931189261@126.com>	2022-11-07 19:16:35 +08:00
Tobias Stenzel	8111e4f113	nixos/pam: fix pam_tty_audit config Escape the line breaks to render a valid config. Module arguments have to be at the same line or line endings have to be escaped with a backslash.	2022-10-22 23:20:09 +02:00
Fabián Heredia Montiel	a233e59d19	nixos/pam: fix deprecated gnome3 reference	2022-09-25 00:39:27 -05:00
pennae	ef176dcf7e	nixos/: automatically convert option descriptions conversions were done using https://github.com/pennae/nix-doc-munge using (probably) rev f34e145 running nix-doc-munge nixos//.nix nix-doc-munge --import nixos/*/.nix the tool ensures that only changes that could affect the generated manual but don't are committed, other changes require manual review and are discarded.	2022-08-31 16:32:53 +02:00
Lassulus	f95d0b966e	Merge pull request #173495 from wucke13/pam-fix	2022-08-21 20:57:17 +02:00
pennae	6039648c50	nixos/*: automatically convert option docs	2022-08-19 22:40:58 +02:00

1 2 3 4 5

205 Commits