diff --git a/modules/system/security.nix b/modules/system/security.nix index 663bd500..202adaa5 100644 --- a/modules/system/security.nix +++ b/modules/system/security.nix @@ -4,31 +4,35 @@ inputs: { # allow non-root users to access intel gpu performance counters boot.kernel.sysctl."dev.i915.perf_stream_paranoid" = false; - security.pam = + security = { - u2f = + pam = { - enable = true; - cue = true; - appId = "pam://chn.moe"; - origin = "pam://chn.moe"; - # generate using: `pamu2fcfg -u chn -o pam://chn.moe -i pam://chn.moe` - authFile = inputs.pkgs.writeText "yubikey_mappings" (builtins.concatStringsSep "\n" - [ - (builtins.concatStringsSep ":" + u2f = + { + enable = true; + cue = true; + appId = "pam://chn.moe"; + origin = "pam://chn.moe"; + # generate using: `pamu2fcfg -u chn -o pam://chn.moe -i pam://chn.moe` + authFile = inputs.pkgs.writeText "yubikey_mappings" (builtins.concatStringsSep "\n" [ - "chn" - (builtins.concatStringsSep "," + (builtins.concatStringsSep ":" [ - "83Y3cLxhcmwbDOH1h67SQ1xy0dFBcoKYM0VO/YVq+9lpOpdPdmFaB7BNngO3xCmAxJeO/Fg9jNmEF9vMJEmAaw==" - "9bSjr+12JVwtHlyoa70J7w3bEQff+MwLxg5elzdP1OGHcfWGkolRvS+luAgcWjKn1g0swaYdnklCYWYOoCAJbA==" - "es256" - "+presence" + "chn" + (builtins.concatStringsSep "," + [ + "83Y3cLxhcmwbDOH1h67SQ1xy0dFBcoKYM0VO/YVq+9lpOpdPdmFaB7BNngO3xCmAxJeO/Fg9jNmEF9vMJEmAaw==" + "9bSjr+12JVwtHlyoa70J7w3bEQff+MwLxg5elzdP1OGHcfWGkolRvS+luAgcWjKn1g0swaYdnklCYWYOoCAJbA==" + "es256" + "+presence" + ]) ]) - ]) - ]); + ]); + }; + yubico = { enable = true; id = "91291"; }; }; - yubico = { enable = true; id = "91291"; }; + sudo.extraConfig = "Defaults pwfeedback"; }; }; }