Sshd *must* use PAM because we depend on it for proper session
management. The original goal of this option (disabling password
logins) can also be implemented by removing pam_auth authentication
from sshd's PAM service.
That is, you can say
security.pam.services.sshd = { options... };
instead of
security.pam.services = [ { name = "sshd"; options... } ];
making it easier to override PAM settings from other modules.
Previously logging in via SLiM more than once didn't work because SLiM
doesn't clean up its PAM session properly (that is, in a child rather
than in the parent). Thus the slim process becomes part of the user
session's cgroup, among other things. This patch causes SLiM to exit
after the session has finished, after which systemd will restart
display-manager.service.
FixesNixOS/nixops#137.
If this option is given, nixos-generate-config will write the
configuration to /etc/nixos under the given root, and only emit
fileSystems attributes for filesystems under the given root directory.
The typically use case is at installation time, where you can say:
$ nixos-generate-config --root /mnt
which will create /mnt/etc/nixos/{configuration.nix,hardware-configuration.nix}.
Also add a --force flag to force overwriting configuration.nix.
Having configuration.nix generation hidden underneath nixos-option
never made sense, also given that there was another command to
generate part of the configuration (nixos-hardware-scan). Now
nixos-generate-config produces both configuration.nix and
hardware-configuration.nix. The latter is overwritten while the
former is not.
