modules.system.security: disable sshAgentAuth, enable rssh

2026-01-12 04:19:22 +08:00 · 2025-03-08 08:45:42 +08:00
parent 6f4d1f4127
commit 0d09efceaf
2 changed files with 3 additions and 2 deletions
--- a/modules/system/security.nix
+++ b/modules/system/security.nix
@@ -34,7 +34,9 @@ inputs:
          };
        };
        yubico = { enable = true; id = "91291"; };
-        sshAgentAuth.enable = true;
+        # TODO: enable cue on next release
+        rssh.enable = true;
+        services.sudo.rssh = true;
        loginLimits =
        [
          { domain = "@users"; item = "nofile"; value = 65536; }
--- a/modules/user/chn/default.nix
+++ b/modules/user/chn/default.nix
@@ -60,6 +60,5 @@ inputs:
        pam.yubico.authorizedYubiKeys.ids = [ "cccccbgrhnub" ];
      };
    };
-    # environment.etc."ssh/authorized_keys.d/chn".source = ./id_ed25519_sk.pub;
  };
 }