diff options
author | TheArcaneBrony <myrainbowdash949@gmail.com> | 2023-04-02 20:12:14 +0200 |
---|---|---|
committer | Rory& <root@rory.gay> | 2024-06-05 15:49:39 +0200 |
commit | deab4cc3bd6a19bdedb5630dd584c798f57d21f7 (patch) | |
tree | 786f5a6892316fee7314cd71d222e6c05e34f6d9 | |
parent | Remove ssh abnner (diff) | |
download | Spacebar-Open-Infrastructure-deab4cc3bd6a19bdedb5630dd584c798f57d21f7.tar.xz |
Reimplement pam
-rwxr-xr-x | modules/base.nix | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/modules/base.nix b/modules/base.nix index d77e782..0f199e5 100755 --- a/modules/base.nix +++ b/modules/base.nix @@ -92,11 +92,24 @@ Storage=none ''; - security.pam.services.sshd.text = lib.mkBefore '' + security.pam.services.sshd.text = lib.mkAfter '' #login script auth [default=ignore] pam_exec.so ${pkgs.writeShellScript "login-banner" '' ${pkgs.chafa}/bin/chafa https://raw.githubusercontent.com/spacebarchat/spacebarchat/master/branding/svg/Spacebar__Logo-Blue.svg --fg-only -s 80 -O 9 -w 9 ''} + #Account management. + account required pam_unix.so + + #Authentication management. + auth required pam_deny.so + + #Password management. + password required pam_unix.so nullok yescrypt + + session required pam_env.so conffile=/etc/pam/environment readenv=0 + session required pam_unix.so + session required pam_loginuid.so + session optional ${pkgs.systemd}/lib/security/pam_systemd.so ''; |