duosec module: use enum

2016-11-16 22:36:05 +09:00 · 2016-11-16 22:36:05 +09:00 · 9513ab45aa
parent 61efe92e68
commit 9513ab45aa
1 changed files with 3 additions and 9 deletions
--- a/nixos/modules/security/duosec.nix
+++ b/nixos/modules/security/duosec.nix
@ -73,7 +73,7 @@ in
      };

      failmode = mkOption {
-        type = types.str;
+        type = types.enum [ "safe" "enum" ];
        default = "safe";
        description = ''
          On service or configuration errors that prevent Duo
@ -115,7 +115,7 @@ in
      };

      prompts = mkOption {
-        type = types.int;
+        type = types.enum [ 1 2 3 ];
        default = 3;
        description = ''
          If a user fails to authenticate with a second factor, Duo
@ -181,13 +181,7 @@ in

  config = mkIf (cfg.ssh.enable || cfg.pam.enable) {
    assertions =
-      [ { assertion = cfg.failmode == "safe" || cfg.failmode == "secure";
-          message   = "Invalid value for failmode (must be safe or secure).";
-        }
-        { assertion = cfg.prompts == 1 || cfg.prompts == 2 || cfg.prompts == 3;
-          message   = "Invalid value for prompts (must be 1, 2, or 3).";
-        }
-        { assertion = !cfg.pam.enable;
+      [ { assertion = !cfg.pam.enable;
          message   = "PAM support is currently not implemented.";
        }
      ];