From cbca4efd85d03c0595a23dab77c84013eb157c51 Mon Sep 17 00:00:00 2001
From: Silas Schöffel <sils@sils.li>
Date: Wed, 18 Dec 2024 00:08:13 +0100
Subject: pamconfig: move to new module tree

---
 modules/nixos/sils/pamconfig.nix | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 modules/nixos/sils/pamconfig.nix

(limited to 'modules/nixos/sils/pamconfig.nix')

diff --git a/modules/nixos/sils/pamconfig.nix b/modules/nixos/sils/pamconfig.nix
new file mode 100644
index 0000000..4e9f3eb
--- /dev/null
+++ b/modules/nixos/sils/pamconfig.nix
@@ -0,0 +1,29 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  cfg = config.sils.pamconfig;
+in {
+  options.sils.pamconfig.enable = lib.mkEnableOption "custom pamconfig";
+  config = lib.mkIf cfg.enable {
+    security.pam = {
+      services = {
+        swaylock = {};
+        sudo = {
+          u2fAuth = true;
+        };
+        login = {
+          u2fAuth = true;
+        };
+      };
+      u2f = {
+        enable = true;
+        settings = {
+          cue = true;
+          authFile = config.age.secrets.pamu2f-mappings.path;
+        };
+      };
+    };
+  };
+}
-- 
cgit v1.3.1