NixOS - edit system files - eviltoast

Hello,

I’m experiencing with NixOS and would like to know what would be the nicest way to add a specific line to a system file.

As an example, how would you configure NixOS so the line
auth sufficient pam_fprintd.so
is added to the /etc/pam.d/doas file? As a bonus, it would be nice to know how to change an option (and not add an entire line) to a system file for which there is no NixOS default extraConfig/extraRules support for.

This would allow me to add this line or not depending on the machine NixOS will be installed on.

Thanks in advance for your suggestions.

  • hallettj@beehaw.org
    link
    fedilink
    English
    arrow-up
    13
    ·
    edit-2
    10 months ago

    I did some digging around in the manual, and I tested this option which seems to work:

    security.pam.services.doas.fprintAuth = true;
    

    On my machine that adds this line to /etc/pam.d/doas:

    auth sufficient /nix/store/fq4vbhdk8dqywxirg3wb99zidfss7sbi-fprintd-1.94.2/lib/security/pam_fprintd.so # fprintd (order 11400)
    

    Edit: Note that the NixOS option puts in the full path to pam_fprintd.so. That’s necessary because NixOS doesn’t put so files in search paths.

    Without doing more research I don’t know how to add arbitrary options to pam files in case you run into something that isn’t mapped to a NixOS option yet. The implementation for the pam options is here; there might be something in there that would work.