pamconfig: move to new module tree

author: Silas Schöffel <sils@sils.li> 2024-12-18 00:08:13 +0100
committer: Silas Schöffel <sils@sils.li> 2024-12-18 00:24:14 +0100
commit: cbca4efd85d03c0595a23dab77c84013eb157c51 (patch)
tree: 440af921a26cefe818d2fe21c6e7567ca989bfcf /modules/nixos
parent: keyboard: move to basesystem (diff)
download: nix-config-cbca4efd85d03c0595a23dab77c84013eb157c51.tar.gz
nix-config-cbca4efd85d03c0595a23dab77c84013eb157c51.zip
3 files changed, 33 insertions, 0 deletions
diff --git a/modules/nixos/sils/default.nix b/modules/nixos/sils/default.nix
index 826004f..89fe3a2 100644
--- a/modules/nixos/sils/default.nix
+++ b/modules/nixos/sils/default.nix
@@ -14,6 +14,7 @@
     ./meta.nix
     ./networking.nix
     ./nix.nix
+    ./pamconfig.nix
     ./plymouth.nix
     ./roles.nix
     ./sudo.nix
diff --git a/modules/nixos/sils/pamconfig.nix b/modules/nixos/sils/pamconfig.nix
new file mode 100644
index 0000000..4e9f3eb
--- /dev/null
+++ b/modules/nixos/sils/pamconfig.nix
@@ -0,0 +1,29 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  cfg = config.sils.pamconfig;
+in {
+  options.sils.pamconfig.enable = lib.mkEnableOption "custom pamconfig";
+  config = lib.mkIf cfg.enable {
+    security.pam = {
+      services = {
+        swaylock = {};
+        sudo = {
+          u2fAuth = true;
+        };
+        login = {
+          u2fAuth = true;
+        };
+      };
+      u2f = {
+        enable = true;
+        settings = {
+          cue = true;
+          authFile = config.age.secrets.pamu2f-mappings.path;
+        };
+      };
+    };
+  };
+}
diff --git a/modules/nixos/sils/roles.nix b/modules/nixos/sils/roles.nix
index 7c8f4f5..1ea8748 100644
--- a/modules/nixos/sils/roles.nix
+++ b/modules/nixos/sils/roles.nix
@@ -21,6 +21,7 @@ in {
       impermanence.enable = lib.mkDefault true;
       networking.enable = lib.mkDefault true;
       nix-config.enable = lib.mkDefault true;
+      pamconfig.enable = lib.mkDefault true;
       plymouth.enable = lib.mkDefault true;
       sway.enable = lib.mkDefault false;
       theming.enable = lib.mkDefault true;
@@ -40,6 +41,7 @@ in {
       impermanence.enable = lib.mkDefault true;
       networking.enable = lib.mkDefault true;
       nix-config.enable = lib.mkDefault true;
+      pamconfig.enable = lib.mkDefault true;
       plymouth.enable = lib.mkDefault false;
       sway.enable = lib.mkDefault false;
       theming.enable = lib.mkDefault true;
@@ -61,6 +63,7 @@ in {
       impermanence.enable = lib.mkDefault true;
       networking.enable = lib.mkDefault true;
       nix-config.enable = lib.mkDefault true;
+      pamconfig.enable = lib.mkDefault true;
       plymouth.enable = lib.mkDefault false;
       sway.enable = lib.mkDefault false;
       theming.enable = lib.mkDefault true;
author	Silas Schöffel <sils@sils.li>	2024-12-18 00:08:13 +0100
committer	Silas Schöffel <sils@sils.li>	2024-12-18 00:24:14 +0100
commit	cbca4efd85d03c0595a23dab77c84013eb157c51 (patch)
tree	440af921a26cefe818d2fe21c6e7567ca989bfcf /modules/nixos
parent	keyboard: move to basesystem (diff)
download	nix-config-cbca4efd85d03c0595a23dab77c84013eb157c51.tar.gz nix-config-cbca4efd85d03c0595a23dab77c84013eb157c51.zip