From 804a958663786be9067c2924c75f6406612fbc1b Mon Sep 17 00:00:00 2001
From: Luca Bruno <lethalman88@gmail.com>
Date: Fri, 16 May 2014 22:37:44 +0200
Subject: [PATCH] pam: add pam_wheel

---
 nixos/modules/security/pam.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix
index 3b5dd41868b..65761865859 100644
--- a/nixos/modules/security/pam.nix
+++ b/nixos/modules/security/pam.nix
@@ -122,6 +122,14 @@ let
         '';
       };
 
+      requireWheel = mkOption {
+        default = false;
+        type = types.bool;
+        description = ''
+          Whether to permit root access only to members of group wheel.
+        '';
+      };
+
       limits = mkOption {
         description = ''
           Attribute set describing resource limits.  Defaults to the
@@ -184,6 +192,8 @@ let
           # Authentication management.
           ${optionalString cfg.rootOK
               "auth sufficient pam_rootok.so"}
+          ${optionalString cfg.requireWheel
+              "auth required pam_wheel.so use_uid"}
           ${optionalString cfg.logFailures
               "auth required pam_tally.so"}
           ${optionalString (config.security.pam.enableSSHAgentAuth && cfg.sshAgentAuth)