From 1d98da837f1e94c04209bce901d5b664b3cd0ec5 Mon Sep 17 00:00:00 2001 From: Malo Bourgon Date: Fri, 11 Sep 2020 12:14:44 -0700 Subject: Add option to enable sudo authentication with TouchID --- modules/system/etc-pam.d-sudo.patch | 8 ++++++++ modules/system/sudo.nix | 15 +++++++++++++++ 2 files changed, 23 insertions(+) create mode 100644 modules/system/etc-pam.d-sudo.patch create mode 100644 modules/system/sudo.nix (limited to 'modules/system') diff --git a/modules/system/etc-pam.d-sudo.patch b/modules/system/etc-pam.d-sudo.patch new file mode 100644 index 0000000..fa361b4 --- /dev/null +++ b/modules/system/etc-pam.d-sudo.patch @@ -0,0 +1,8 @@ +--- /etc/pam.d/sudo ++++ /etc/pam.d/sudo +@@ -1,4 +1,5 @@ + # sudo: auth account password session ++auth sufficient pam_tid.so + auth sufficient pam_smartcard.so + auth required pam_opendirectory.so + account required pam_permit.so diff --git a/modules/system/sudo.nix b/modules/system/sudo.nix new file mode 100644 index 0000000..d4112ed --- /dev/null +++ b/modules/system/sudo.nix @@ -0,0 +1,15 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.system.sudo; +in + +{ + options = { + system.sudo.touchid.enable = mkEnableOption "Enable sudo authentication with Touch ID"; + }; + + config = mkIf cfg.touchid.enable { system.patches = [ ./etc-pam.d-sudo.patch ]; }; +} -- cgit v1.2.3 From ca57e8bcdbf1c50846cf37abac8b18f8d0636160 Mon Sep 17 00:00:00 2001 From: Malo Bourgon Date: Mon, 14 Sep 2020 13:34:30 -0700 Subject: Change option name and switch to using activation script --- modules/system/activation-scripts.nix | 1 + modules/system/etc-pam.d-sudo.patch | 8 -------- modules/system/sudo.nix | 15 --------------- 3 files changed, 1 insertion(+), 23 deletions(-) delete mode 100644 modules/system/etc-pam.d-sudo.patch delete mode 100644 modules/system/sudo.nix (limited to 'modules/system') diff --git a/modules/system/activation-scripts.nix b/modules/system/activation-scripts.nix index 346fb97..8ade8ed 100644 --- a/modules/system/activation-scripts.nix +++ b/modules/system/activation-scripts.nix @@ -56,6 +56,7 @@ in ${cfg.activationScripts.groups.text} ${cfg.activationScripts.users.text} ${cfg.activationScripts.applications.text} + ${cfg.activationScripts.pam.text} ${cfg.activationScripts.patches.text} ${cfg.activationScripts.etc.text} ${cfg.activationScripts.defaults.text} diff --git a/modules/system/etc-pam.d-sudo.patch b/modules/system/etc-pam.d-sudo.patch deleted file mode 100644 index fa361b4..0000000 --- a/modules/system/etc-pam.d-sudo.patch +++ /dev/null @@ -1,8 +0,0 @@ ---- /etc/pam.d/sudo -+++ /etc/pam.d/sudo -@@ -1,4 +1,5 @@ - # sudo: auth account password session -+auth sufficient pam_tid.so - auth sufficient pam_smartcard.so - auth required pam_opendirectory.so - account required pam_permit.so diff --git a/modules/system/sudo.nix b/modules/system/sudo.nix deleted file mode 100644 index d4112ed..0000000 --- a/modules/system/sudo.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - cfg = config.system.sudo; -in - -{ - options = { - system.sudo.touchid.enable = mkEnableOption "Enable sudo authentication with Touch ID"; - }; - - config = mkIf cfg.touchid.enable { system.patches = [ ./etc-pam.d-sudo.patch ]; }; -} -- cgit v1.2.3