This module adds the security.duosec attributes, which you can use to
enable simple two-factor authentication for NixOS logins.
The module currently provides PAM and SSH support, although the PAM unix
system configuration isn't automatically dealt with (although the
configuration is automatically built).
Enabling it is as easy as saying:
security.duosec.ssh.enable = true;
security.duosec.ikey = "XXXXXXXX...";
security.duosec.skey = "XXXXXXXX...";
security.duosec.host = "api-XXXXXXX.duosecurity.com";
security.duosec.group = "duosec";
which will enforce two-factor authentication for SSH logins for users in
the 'duosec' group.
This requires uid/gid support in the environment.etc module.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
Fixes this when building with nix.useChroot = true in configuration.nix:
sh: ./test_maidenhead.py: /usr/bin/env: bad interpreter: No such file or directory
scons: *** [maidenhead-locator-regress] Error 126
scons: building terminated because of errors.
* Don't repeat package name in description
* longDescription re-copied from homepage (gpsd now supports AIS...)
* The homepage has moved
* Add platforms and maintainers
Build system is changed, gpsd uses scons now.
The expressions needs some more work, TODO comments added. (xgps didn't
work before this change either.)
I added an option for the gpsd group, which is set to upstream default:
"dialout". Note that our default gpsd user is "gpsd", while upstream
uses "nobody" by default.
This has the nice side-effect of making gpsd actually run!
Old behaviour (debugLevel=2):
systemd[1]: gpsd.service holdoff time over, scheduling restart.
systemd[1]: Stopping GPSD daemon...
systemd[1]: Starting GPSD daemon...
systemd[1]: gpsd.service start request repeated too quickly, refusing to start.
systemd[1]: Failed to start GPSD daemon.
systemd[1]: Unit gpsd.service entered failed state.
New behaviour (debugLevel=2):
gpsd[945]: gpsd: launching (Version 2.95)
systemd[1]: Started GPSD daemon.
gpsd[945]: gpsd: listening on port 2947
gpsd[945]: gpsd: running with effective group ID 27
gpsd[945]: gpsd: running with effective user ID 23
gpsd[945]: gpsd: stashing device /dev/ttyUSB0 at slot 0
