diff options
| -rw-r--r-- | modules/nixos/sils/default.nix | 1 | ||||
| -rw-r--r-- | modules/nixos/sils/pamconfig.nix | 29 | ||||
| -rw-r--r-- | modules/nixos/sils/roles.nix | 3 | ||||
| -rw-r--r-- | sys/security/default.nix | 1 | ||||
| -rw-r--r-- | sys/security/pam/default.nix | 18 |
5 files changed, 33 insertions, 19 deletions
diff --git a/modules/nixos/sils/default.nix b/modules/nixos/sils/default.nix index 826004f..89fe3a2 100644 --- a/modules/nixos/sils/default.nix +++ b/modules/nixos/sils/default.nix @@ -14,6 +14,7 @@ ./meta.nix ./networking.nix ./nix.nix + ./pamconfig.nix ./plymouth.nix ./roles.nix ./sudo.nix diff --git a/modules/nixos/sils/pamconfig.nix b/modules/nixos/sils/pamconfig.nix new file mode 100644 index 0000000..4e9f3eb --- /dev/null +++ b/modules/nixos/sils/pamconfig.nix @@ -0,0 +1,29 @@ +{ + config, + lib, + ... +}: let + cfg = config.sils.pamconfig; +in { + options.sils.pamconfig.enable = lib.mkEnableOption "custom pamconfig"; + config = lib.mkIf cfg.enable { + security.pam = { + services = { + swaylock = {}; + sudo = { + u2fAuth = true; + }; + login = { + u2fAuth = true; + }; + }; + u2f = { + enable = true; + settings = { + cue = true; + authFile = config.age.secrets.pamu2f-mappings.path; + }; + }; + }; + }; +} diff --git a/modules/nixos/sils/roles.nix b/modules/nixos/sils/roles.nix index 7c8f4f5..1ea8748 100644 --- a/modules/nixos/sils/roles.nix +++ b/modules/nixos/sils/roles.nix @@ -21,6 +21,7 @@ in { impermanence.enable = lib.mkDefault true; networking.enable = lib.mkDefault true; nix-config.enable = lib.mkDefault true; + pamconfig.enable = lib.mkDefault true; plymouth.enable = lib.mkDefault true; sway.enable = lib.mkDefault false; theming.enable = lib.mkDefault true; @@ -40,6 +41,7 @@ in { impermanence.enable = lib.mkDefault true; networking.enable = lib.mkDefault true; nix-config.enable = lib.mkDefault true; + pamconfig.enable = lib.mkDefault true; plymouth.enable = lib.mkDefault false; sway.enable = lib.mkDefault false; theming.enable = lib.mkDefault true; @@ -61,6 +63,7 @@ in { impermanence.enable = lib.mkDefault true; networking.enable = lib.mkDefault true; nix-config.enable = lib.mkDefault true; + pamconfig.enable = lib.mkDefault true; plymouth.enable = lib.mkDefault false; sway.enable = lib.mkDefault false; theming.enable = lib.mkDefault true; diff --git a/sys/security/default.nix b/sys/security/default.nix index 234bf6d..699374b 100644 --- a/sys/security/default.nix +++ b/sys/security/default.nix @@ -1,6 +1,5 @@ {...}: { imports = [ - ./pam ./rtkit ]; } diff --git a/sys/security/pam/default.nix b/sys/security/pam/default.nix deleted file mode 100644 index ee0d843..0000000 --- a/sys/security/pam/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -{config, ...}: { - security.pam = { - services = { - swaylock = {}; - sudo = { - u2fAuth = true; - }; - login = { - u2fAuth = true; - }; - }; - u2f = { - enable = true; - cue = true; - authFile = config.age.secrets.pamu2f-mappings.path; - }; - }; -} |