faillock.nix 721 B

12345678910111213141516171819202122232425262728
  1. { config, lib, ... }:
  2. with lib;
  3. {
  4. security.pam.services.login = {
  5. failDelay.enable = true;
  6. logFailures = true;
  7. rules = with config.security.pam.services.login.rules; {
  8. account.faillock = {
  9. inherit (auth.faillock) enable;
  10. args = [];
  11. inherit (auth.faillock) control;
  12. inherit (auth.faillock) modulePath;
  13. order = account.unix.order - 50;
  14. };
  15. auth = {
  16. faillock.args = [ "preauth" ];
  17. faillock-fail = {
  18. inherit (auth.faillock) enable;
  19. args = [ "authfail" ];
  20. inherit (auth.faillock) control;
  21. inherit (auth.faillock) modulePath;
  22. order = auth.unix.order + 50;
  23. };
  24. };
  25. };
  26. };
  27. }