nixos/modules/security/oath.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / modules / security / oath.nix

at 25.11-pre 1.2 kB view raw

 1# This module provides configuration for the OATH PAM modules.
 2{ lib, ... }:
 3{
 4  options = {
 5
 6    security.pam.oath = {
 7      enable = lib.mkOption {
 8        type = lib.types.bool;
 9        default = false;
10        description = ''
11          Enable the OATH (one-time password) PAM module.
12        '';
13      };
14
15      digits = lib.mkOption {
16        type = lib.types.enum [
17          6
18          7
19          8
20        ];
21        default = 6;
22        description = ''
23          Specify the lib.length of the one-time password in number of
24          digits.
25        '';
26      };
27
28      window = lib.mkOption {
29        type = lib.types.int;
30        default = 5;
31        description = ''
32          Specify the number of one-time passwords to check in order
33          to accommodate for situations where the system and the
34          client are slightly out of sync (iteration for HOTP or time
35          steps for TOTP).
36        '';
37      };
38
39      usersFile = lib.mkOption {
40        type = lib.types.path;
41        default = "/etc/users.oath";
42        description = ''
43          Set the path to file where the user's credentials are
44          stored. This file must not be world readable!
45        '';
46      };
47    };
48
49  };
50}