mirror of
https://github.com/Swarsel/.dotfiles.git
synced 2025-12-06 00:57:22 +01:00
26 lines
688 B
Nix
26 lines
688 B
Nix
{ lib, config, minimal, ... }:
|
|
{
|
|
options.swarselmodules.security = lib.mkEnableOption "security config";
|
|
config = lib.mkIf config.swarselmodules.security {
|
|
|
|
security = {
|
|
pam.services = lib.mkIf (!minimal) {
|
|
login.u2fAuth = true;
|
|
sudo.u2fAuth = true;
|
|
sshd.u2fAuth = false;
|
|
swaylock = {
|
|
u2fAuth = true;
|
|
fprintAuth = false;
|
|
};
|
|
};
|
|
polkit.enable = lib.mkIf (!minimal) true;
|
|
|
|
sudo.extraConfig = ''
|
|
Defaults env_keep+=SSH_AUTH_SOCK
|
|
'' + lib.optionalString (!minimal) ''
|
|
Defaults env_keep+=XDG_RUNTIME_DIR
|
|
Defaults env_keep+=WAYLAND_DISPLAY
|
|
'';
|
|
};
|
|
};
|
|
}
|