summary refs log tree commit diff
diff options
context:
space:
mode:
authorTheArcaneBrony <myrainbowdash949@gmail.com>2023-04-02 20:12:14 +0200
committerRory& <root@rory.gay>2024-06-05 15:49:39 +0200
commitdeab4cc3bd6a19bdedb5630dd584c798f57d21f7 (patch)
tree786f5a6892316fee7314cd71d222e6c05e34f6d9
parentRemove ssh abnner (diff)
downloadSpacebar-Open-Infrastructure-deab4cc3bd6a19bdedb5630dd584c798f57d21f7.tar.xz
Reimplement pam
-rwxr-xr-xmodules/base.nix15
1 files changed, 14 insertions, 1 deletions
diff --git a/modules/base.nix b/modules/base.nix
index d77e782..0f199e5 100755
--- a/modules/base.nix
+++ b/modules/base.nix
@@ -92,11 +92,24 @@
     Storage=none
   '';
 
-  security.pam.services.sshd.text = lib.mkBefore ''
+  security.pam.services.sshd.text = lib.mkAfter ''
     #login script
     auth [default=ignore] pam_exec.so ${pkgs.writeShellScript "login-banner" ''
       ${pkgs.chafa}/bin/chafa https://raw.githubusercontent.com/spacebarchat/spacebarchat/master/branding/svg/Spacebar__Logo-Blue.svg --fg-only -s 80 -O 9 -w 9
     ''}
+    #Account management.
+    account required pam_unix.so
+
+    #Authentication management.
+    auth required pam_deny.so
+
+    #Password management.
+    password required pam_unix.so nullok yescrypt
+
+    session required pam_env.so conffile=/etc/pam/environment readenv=0
+    session required pam_unix.so
+    session required pam_loginuid.so
+    session optional ${pkgs.systemd}/lib/security/pam_systemd.so
   '';