From 9e6ffc4179348dc40192876e96015ec046d123ed Mon Sep 17 00:00:00 2001
From: Alejandro Soto <alejandro@34project.org>
Date: Sat, 31 May 2025 14:04:26 -0600
Subject: sys/auth: enable rssh PAM module

---
 sys/auth/default.nix |  1 +
 sys/auth/login.nix   | 17 +++++++++++++++++
 2 files changed, 18 insertions(+)
 create mode 100644 sys/auth/login.nix

diff --git a/sys/auth/default.nix b/sys/auth/default.nix
index 4678da9..ca2778a 100644
--- a/sys/auth/default.nix
+++ b/sys/auth/default.nix
@@ -1,5 +1,6 @@
 {
   imports = [
+    ./login.nix
     ./oath.nix
     ./openssh.nix
   ];
diff --git a/sys/auth/login.nix b/sys/auth/login.nix
new file mode 100644
index 0000000..5bc8f2e
--- /dev/null
+++ b/sys/auth/login.nix
@@ -0,0 +1,17 @@
+{ config, lib, pkgs, ... }:
+with lib; {
+  # TODO
+  config = mkIf true {
+    security.pam = {
+      # TODO: altamente inseguro, ver problema con ~/.ssh/authorized_keys
+      # si es editado por un proceso malicioso
+      rssh = {
+        enable = true;
+
+        settings = {
+          cue = true;
+        };
+      };
+    };
+  };
+}
-- 
cgit v1.2.3