modules/nixos/sils/pamconfig.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

{
  config,
  lib,
  ...
}: let
  cfg = config.sils.pamconfig;
in {
  options.sils.pamconfig.enable = lib.mkEnableOption "custom pamconfig";
  config = lib.mkIf cfg.enable {
    security.pam = {
      services = {
        swaylock = {};
        sudo = {
          u2fAuth = true;
        };
        login = {
          u2fAuth = true;
        };
      };
      u2f = {
        enable = true;
        settings = {
          cue = true;
          authFile = config.age.secrets.pamu2f-mappings.path;
        };
      };
    };
  };
}