wip: migrate client modules

modules-clone/nixos/client/polkit.nix

@@ -0,0 +1,29 @@
+{ lib, config, minimal, ... }:
+{
+  options.swarselmodules.security = lib.mkEnableOption "security config";
+  config = lib.mkIf config.swarselmodules.security {
+
+    security = {
+      # pki.certificateFiles = [
+      #   config.sops.secrets.harica-root-ca.path
+      # ];
+      pam.services = lib.mkIf (!minimal) {
+        login.u2fAuth = true;
+        sudo.u2fAuth = true;
+        sshd.u2fAuth = false;
+        swaylock = {
+          u2fAuth = true;
+          fprintAuth = false;
+        };
+      };
+      polkit.enable = lib.mkIf (!minimal) true;
+
+      sudo.extraConfig = ''
+        Defaults    env_keep+=SSH_AUTH_SOCK
+      '' + lib.optionalString (!minimal) ''
+        Defaults    env_keep+=XDG_RUNTIME_DIR
+        Defaults    env_keep+=WAYLAND_DISPLAY
+      '';
+    };
+  };
+}