Move to new module system, allows for multiple computers Change-Id: I9a76346b05dfff6157813c50f89d1254130fc26c

commit: cd9a7f52c8ac40202b44c66541ead4d9e7c5c414 [log] [tgz]
author: Samuel Shuert <coded@clicks.codes> Fri Feb 09 21:40:44 2024 -0500
committer: Samuel Shuert <coded@clicks.codes> Fri Feb 09 21:40:44 2024 -0500
tree: f2cb97bb4c2e1e187f6f8c13edaf248c05b08fbd
parent: ed2a336086a63c6fad521ff1efe13ca82e3309bb [diff] [blame]
diff --git a/modules/common/security.nix b/modules/common/security.nix
new file mode 100644
index 0000000..7466737
--- /dev/null
+++ b/modules/common/security.nix

@@ -0,0 +1,15 @@
+{ flakeRoot, ... }: {
+  security.pam.services = {
+    login.u2fAuth = true;
+    sudo.u2fAuth = true;
+  };
+
+  security.pam.u2f.authFile = "${flakeRoot}/keys/u2f_mappings";
+
+  security.sudo.extraRules = [
+    {
+      users = [ "minion" ];
+      commands = [{ command = "ALL"; options = [ "NOPASSWD" ]; }];
+    }
+  ];
+}
commit	cd9a7f52c8ac40202b44c66541ead4d9e7c5c414	[log] [tgz]
author	Samuel Shuert <coded@clicks.codes>	Fri Feb 09 21:40:44 2024 -0500
committer	Samuel Shuert <coded@clicks.codes>	Fri Feb 09 21:40:44 2024 -0500
tree	f2cb97bb4c2e1e187f6f8c13edaf248c05b08fbd
parent	ed2a336086a63c6fad521ff1efe13ca82e3309bb [diff] [blame]