nixos/pam: add defaults option

Changing all PAM configuration files derived from the default in pam.nix was impossible from outside the module.
NixOS · May 12, 2019 · 769f80e · 769f80e
1 parent ffc604e
commit 769f80e
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix
@@ -426,6 +426,11 @@ let
               "session optional ${pkgs.gnome3.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start"}
           ${optionalString (config.virtualisation.lxc.lxcfs.enable)
                "session optional ${pkgs.lxc}/lib/security/pam_cgfs.so -c all"}
+
+          ${optionalString (config.security.pam.defaults != null) ''
+            # Lines appended via security.pam.defaults.
+            ${config.security.pam.defaults}
+          ''}
         '');
     };
 
@@ -635,6 +640,12 @@ in
       description = "Message of the day shown to users when they log in.";
     };
 
+    security.pam.defaults = mkOption {
+      default = null;
+      type = types.nullOr types.lines;
+      description = "Lines to append to the default PAM configuration file.";
+    };
+
   };