sys/auth: move out of sys/default.nix

author: Alejandro Soto <alejandro@34project.org> 2022-08-08 04:05:05 -0600
committer: Alejandro Soto <alejandro@34project.org> 2022-08-08 04:05:05 -0600
commit: 48d2ef9f8bc681e73380f89872fa55a0a86e9161 (patch)
tree: eed5bc89156cc68d13bc902f1f86f18611a435bc /sys/default.nix
parent: 6898012a82e98e6c0201b7c25af845302cecdb4e (diff)
1 files changed, 1 insertions, 39 deletions
diff --git a/sys/default.nix b/sys/default.nix
index 6ea2438..ae1b38f 100644
--- a/sys/default.nix
+++ b/sys/default.nix
@@ -5,6 +5,7 @@ with lib; let
 in {
   imports = [
     "${modulesPath}/installer/scan/not-detected.nix"
+    ./auth.nix
     ./fs
     ./options.nix
     ./users.nix
@@ -119,44 +120,5 @@ in {
     };
 
     environment.systemPackages = [ pkgs.dhcpcd pkgs.git ];
-
-    security.pam = {
-      oath = {
-        usersFile = "/var/trust/auth/users.oath";
-        digits = 6;
-        window = 30;
-      };
-
-      services.sshd.oathAuth = true;
-    };
-
-    services.openssh = {
-      enable = true;
-      openFirewall = false;
-      ports = [ 2234 ];
-
-      forwardX11 = true;
-      permitRootLogin = "no";
-      passwordAuthentication = false;
-
-      hostKeys = [
-        {
-          bits = 4096;
-          path = "/etc/ssh/ssh_host_rsa_key";
-          type = "rsa";
-        }
-        {
-          path = "/etc/ssh/ssh_host_ed25519_key";
-          type = "ed25519";
-        }
-        #TODO: Desfasar, inseguro
-        {
-          path = "/etc/ssh/ssh_host_ecdsa_key";
-          type = "ecdsa";
-        }
-      ];
-    };
-
-    networking.firewall.allowedTCPPorts = [ 2234 ];
   };
 }
author	Alejandro Soto <alejandro@34project.org>	2022-08-08 04:05:05 -0600
committer	Alejandro Soto <alejandro@34project.org>	2022-08-08 04:05:05 -0600
commit	48d2ef9f8bc681e73380f89872fa55a0a86e9161 (patch)
tree	eed5bc89156cc68d13bc902f1f86f18611a435bc /sys/default.nix
parent	6898012a82e98e6c0201b7c25af845302cecdb4e (diff)