| Samuel Shuert | cd9a7f5 | 2024-02-09 21:40:44 -0500 | [diff] [blame] | 1 | { flakeRoot, ... }: { |
| Samuel Shuert | f1d6e99 | 2023-11-24 17:28:33 -0500 | [diff] [blame] | 2 | security.pam.services = { |
| 3 | login.u2fAuth = true; |
| 4 | sudo.u2fAuth = true; |
| 5 | }; |
| 6 | |
| Samuel Shuert | cd9a7f5 | 2024-02-09 21:40:44 -0500 | [diff] [blame] | 7 | security.pam.u2f.authFile = "${flakeRoot}/keys/u2f_mappings"; |
| Samuel Shuert | ed2a336 | 2024-01-25 21:56:10 -0500 | [diff] [blame] | 8 | |
| 9 | security.sudo.extraRules = [ |
| 10 | { |
| 11 | users = [ "minion" ]; |
| 12 | commands = [{ command = "ALL"; options = [ "NOPASSWD" ]; }]; |
| 13 | } |
| 14 | ]; |
| Samuel Shuert | f1d6e99 | 2023-11-24 17:28:33 -0500 | [diff] [blame] | 15 | } |