summary refs log tree commit diff stats
path: root/modules/nixos
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--modules/nixos/sils/default.nix1
-rw-r--r--modules/nixos/sils/pamconfig.nix29
-rw-r--r--modules/nixos/sils/roles.nix3
3 files changed, 33 insertions, 0 deletions
diff --git a/modules/nixos/sils/default.nix b/modules/nixos/sils/default.nix
index 826004f..89fe3a2 100644
--- a/modules/nixos/sils/default.nix
+++ b/modules/nixos/sils/default.nix
@@ -14,6 +14,7 @@
     ./meta.nix
     ./networking.nix
     ./nix.nix
+    ./pamconfig.nix
     ./plymouth.nix
     ./roles.nix
     ./sudo.nix
diff --git a/modules/nixos/sils/pamconfig.nix b/modules/nixos/sils/pamconfig.nix
new file mode 100644
index 0000000..4e9f3eb
--- /dev/null
+++ b/modules/nixos/sils/pamconfig.nix
@@ -0,0 +1,29 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  cfg = config.sils.pamconfig;
+in {
+  options.sils.pamconfig.enable = lib.mkEnableOption "custom pamconfig";
+  config = lib.mkIf cfg.enable {
+    security.pam = {
+      services = {
+        swaylock = {};
+        sudo = {
+          u2fAuth = true;
+        };
+        login = {
+          u2fAuth = true;
+        };
+      };
+      u2f = {
+        enable = true;
+        settings = {
+          cue = true;
+          authFile = config.age.secrets.pamu2f-mappings.path;
+        };
+      };
+    };
+  };
+}
diff --git a/modules/nixos/sils/roles.nix b/modules/nixos/sils/roles.nix
index 7c8f4f5..1ea8748 100644
--- a/modules/nixos/sils/roles.nix
+++ b/modules/nixos/sils/roles.nix
@@ -21,6 +21,7 @@ in {
       impermanence.enable = lib.mkDefault true;
       networking.enable = lib.mkDefault true;
       nix-config.enable = lib.mkDefault true;
+      pamconfig.enable = lib.mkDefault true;
       plymouth.enable = lib.mkDefault true;
       sway.enable = lib.mkDefault false;
       theming.enable = lib.mkDefault true;
@@ -40,6 +41,7 @@ in {
       impermanence.enable = lib.mkDefault true;
       networking.enable = lib.mkDefault true;
       nix-config.enable = lib.mkDefault true;
+      pamconfig.enable = lib.mkDefault true;
       plymouth.enable = lib.mkDefault false;
       sway.enable = lib.mkDefault false;
       theming.enable = lib.mkDefault true;
@@ -61,6 +63,7 @@ in {
       impermanence.enable = lib.mkDefault true;
       networking.enable = lib.mkDefault true;
       nix-config.enable = lib.mkDefault true;
+      pamconfig.enable = lib.mkDefault true;
       plymouth.enable = lib.mkDefault false;
       sway.enable = lib.mkDefault false;
       theming.enable = lib.mkDefault true;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-12-19 19:24:05 +0000