sys: final merge of dmz, hv into sys

author: Alejandro Soto <alejandro@34project.org> 2024-07-14 17:53:13 -0600
committer: Alejandro Soto <alejandro@34project.org> 2024-07-15 09:34:00 -0600
commit: 02abf4ed0131237c25e0a10db50fa4c41a902a50 (patch)
tree: 20904894fc0952806e341cdaff5941e81b3ce51c /sys/auth/oath.nix
parent: 08e746700341dda3e3bdf704332fc3c07053d3e7 (diff)
1 files changed, 34 insertions, 0 deletions
diff --git a/sys/auth/oath.nix b/sys/auth/oath.nix
new file mode 100644
index 0000000..7030bab
--- /dev/null
+++ b/sys/auth/oath.nix
@@ -0,0 +1,34 @@
+{ config, lib, pkgs, ... }:
+with lib; let
+  cfg = config.local.auth.oath;
+in
+{
+  options.local.auth.oath = {
+    enable = lib.mkEnableOption "pam-oath";
+  };
+
+  config = lib.mkIf cfg.enable {
+    security.pam = {
+      oath = {
+        digits = 6;
+        window = 30;
+
+        usersFile = "/var/trust/auth/users.oath";
+      };
+
+      services.sshd.oathAuth = true;
+    };
+
+    users.users.tunnel = {
+      uid = 1100;
+      group = "nogroup";
+      isSystemUser = true;
+
+      # Requiere oath
+      password = "tunnel";
+
+      home = "/var/empty";
+      shell = "${pkgs.coreutils}/bin/true";
+    };
+  };
+}
author	Alejandro Soto <alejandro@34project.org>	2024-07-14 17:53:13 -0600
committer	Alejandro Soto <alejandro@34project.org>	2024-07-15 09:34:00 -0600
commit	02abf4ed0131237c25e0a10db50fa4c41a902a50 (patch)
tree	20904894fc0952806e341cdaff5941e81b3ce51c /sys/auth/oath.nix
parent	08e746700341dda3e3bdf704332fc3c07053d3e7 (diff)