NixOS - edit system files

Hello,

I’m experiencing with NixOS and would like to know what would be the nicest way to add a specific line to a system file.

As an example, how would you configure NixOS so the line
auth sufficient pam_fprintd.so
is added to the /etc/pam.d/doas file? As a bonus, it would be nice to know how to change an option (and not add an entire line) to a system file for which there is no NixOS default extraConfig/extraRules support for.

This would allow me to add this line or not depending on the machine NixOS will be installed on.

Thanks in advance for your suggestions.

hallettj, (edited )
@hallettj@beehaw.org avatar

I did some digging around in the manual, and I tested this option which seems to work:


<span style="color:#323232;">security.pam.services.doas.fprintAuth = true;
</span>

On my machine that adds this line to /etc/pam.d/doas:


<span style="color:#323232;">auth sufficient /nix/store/fq4vbhdk8dqywxirg3wb99zidfss7sbi-fprintd-1.94.2/lib/security/pam_fprintd.so # fprintd (order 11400)
</span>

Edit: Note that the NixOS option puts in the full path to pam_fprintd.so. That’s necessary because NixOS doesn’t put so files in search paths.

Without doing more research I don’t know how to add arbitrary options to pam files in case you run into something that isn’t mapped to a NixOS option yet. The implementation for the pam options is here; there might be something in there that would work.

wwwgem,
@wwwgem@lemmy.ml avatar

Thanks very much. That’s exactly what I needed. I’m still not used to the diversity of NixOS documentation and was not aware of this one.

wwwgem,
@wwwgem@lemmy.ml avatar

Just realized that I had this line in my config already but the change was not applied until I reboot. 😳

2xsaiko,
@2xsaiko@discuss.tchncs.de avatar

Arbitrary options are internal so are not shown in the options search. They’re at security.pam.services.<name>.rules.

Here’s the options that get added using the public options including fprintAuth: github.com/NixOS/nixpkgs/blob/…/pam.nix#L621

wwwgem,
@wwwgem@lemmy.ml avatar

Thanks! I’m still not used to the diversity of all the NixOS documentarian and was not aware that arbitrary options can be found there.

hallettj,
@hallettj@beehaw.org avatar

Although they’re not in the search, they are in the manual so you can find them searching that page. This one is listed as,


<span style="color:#323232;">security.pam.services..fprintAuth
</span>

But it does take some inferences to find this, and to realize that you can put doas in place of ``

2xsaiko,
@2xsaiko@discuss.tchncs.de avatar

No, that one is in the search as well. It’s a normal option. search.nixos.org/options?show=security.pam.servic…

What isn’t and also isn’t in the manual is the rules options. Those are all internal.

wwwgem,
@wwwgem@lemmy.ml avatar

As I said I’ve actually done it before asking… But I didn’t reboot and and that was needed for the change to take effect ¯_(ツ)_/¯

  • All
  • Subscribed
  • Moderated
  • Favorites
  • linux@lemmy.ml
  • localhost
  • All magazines
    •
    Loading…
    Loading the web debug toolbar…
    Attempt #