From 48d2ef9f8bc681e73380f89872fa55a0a86e9161 Mon Sep 17 00:00:00 2001
From: Alejandro Soto <alejandro@34project.org>
Date: Mon, 8 Aug 2022 04:05:05 -0600
Subject: sys/auth: move out of sys/default.nix

---
 sys/default.nix | 40 +---------------------------------------
 1 file changed, 1 insertion(+), 39 deletions(-)

(limited to 'sys/default.nix')

diff --git a/sys/default.nix b/sys/default.nix
index 6ea2438..ae1b38f 100644
--- a/sys/default.nix
+++ b/sys/default.nix
@@ -5,6 +5,7 @@ with lib; let
 in {
   imports = [
     "${modulesPath}/installer/scan/not-detected.nix"
+    ./auth.nix
     ./fs
     ./options.nix
     ./users.nix
@@ -119,44 +120,5 @@ in {
     };
 
     environment.systemPackages = [ pkgs.dhcpcd pkgs.git ];
-
-    security.pam = {
-      oath = {
-        usersFile = "/var/trust/auth/users.oath";
-        digits = 6;
-        window = 30;
-      };
-
-      services.sshd.oathAuth = true;
-    };
-
-    services.openssh = {
-      enable = true;
-      openFirewall = false;
-      ports = [ 2234 ];
-
-      forwardX11 = true;
-      permitRootLogin = "no";
-      passwordAuthentication = false;
-
-      hostKeys = [
-        {
-          bits = 4096;
-          path = "/etc/ssh/ssh_host_rsa_key";
-          type = "rsa";
-        }
-        {
-          path = "/etc/ssh/ssh_host_ed25519_key";
-          type = "ed25519";
-        }
-        #TODO: Desfasar, inseguro
-        {
-          path = "/etc/ssh/ssh_host_ecdsa_key";
-          type = "ecdsa";
-        }
-      ];
-    };
-
-    networking.firewall.allowedTCPPorts = [ 2234 ];
   };
 }
-- 
cgit v1.2.3