Hello,
I’m experiencing with NixOS and would like to know what would be the nicest way to add a specific line to a system file.
As an example, how would you configure NixOS so the line
auth sufficient pam_fprintd.so
is added to the /etc/pam.d/doas file?
As a bonus, it would be nice to know how to change an option (and not add an entire line) to a system file for which there is no NixOS default extraConfig/extraRules support for.
This would allow me to add this line or not depending on the machine NixOS will be installed on.
Thanks in advance for your suggestions.
I did some digging around in the manual, and I tested this option which seems to work:
security.pam.services.doas.fprintAuth = true;On my machine that adds this line to
/etc/pam.d/doas:auth sufficient /nix/store/fq4vbhdk8dqywxirg3wb99zidfss7sbi-fprintd-1.94.2/lib/security/pam_fprintd.so # fprintd (order 11400)Edit: Note that the NixOS option puts in the full path to
pam_fprintd.so. That’s necessary because NixOS doesn’t putsofiles in search paths.Without doing more research I don’t know how to add arbitrary options to pam files in case you run into something that isn’t mapped to a NixOS option yet. The implementation for the pam options is here; there might be something in there that would work.
Thanks very much. That’s exactly what I needed. I’m still not used to the diversity of NixOS documentation and was not aware of this one.
Just realized that I had this line in my config already but the change was not applied until I reboot. 😳
Arbitrary options are internal so are not shown in the options search. They’re at security.pam.services.<name>.rules.
Here’s the options that get added using the public options including fprintAuth: https://github.com/NixOS/nixpkgs/blob/20d2649068508ea15323d8a7a9cbd3ddfd997103/nixos/modules/security/pam.nix#L621
Thanks! I’m still not used to the diversity of all the NixOS documentarian and was not aware that arbitrary options can be found there.
Although they’re not in the search, they are in the manual so you can find them searching that page. This one is listed as,
security.pam.services..fprintAuthBut it does take some inferences to find this, and to realize that you can put
doasin place of ``No, that one is in the search as well. It’s a normal option. https://search.nixos.org/options?show=security.pam.services.<name>.fprintAuth
What isn’t and also isn’t in the manual is the
rulesoptions. Those are all internal.As I said I’ve actually done it before asking… But I didn’t reboot and and that was needed for the change to take effect ¯\_(ツ)_/¯
