summary refs log tree commit diff stats
path: root/sys
diff options
context:
space:
mode:
Diffstat (limited to 'sys')
-rw-r--r--sys/security/pam/default.nix19
1 files changed, 17 insertions, 2 deletions
diff --git a/sys/security/pam/default.nix b/sys/security/pam/default.nix
index eef9213..ee0d843 100644
--- a/sys/security/pam/default.nix
+++ b/sys/security/pam/default.nix
@@ -1,3 +1,18 @@
-{...}: {
-  security.pam.services.swaylock = {};
+{config, ...}: {
+  security.pam = {
+    services = {
+      swaylock = {};
+      sudo = {
+        u2fAuth = true;
+      };
+      login = {
+        u2fAuth = true;
+      };
+    };
+    u2f = {
+      enable = true;
+      cue = true;
+      authFile = config.age.secrets.pamu2f-mappings.path;
+    };
+  };
 }