summary refs log tree commit diff
diff options
context:
space:
mode:
-rwxr-xr-xmodules/base.nix15
1 files changed, 14 insertions, 1 deletions
diff --git a/modules/base.nix b/modules/base.nix
index d77e782..0f199e5 100755
--- a/modules/base.nix
+++ b/modules/base.nix
@@ -92,11 +92,24 @@
     Storage=none
   '';
 
-  security.pam.services.sshd.text = lib.mkBefore ''
+  security.pam.services.sshd.text = lib.mkAfter ''
     #login script
     auth [default=ignore] pam_exec.so ${pkgs.writeShellScript "login-banner" ''
       ${pkgs.chafa}/bin/chafa https://raw.githubusercontent.com/spacebarchat/spacebarchat/master/branding/svg/Spacebar__Logo-Blue.svg --fg-only -s 80 -O 9 -w 9
     ''}
+    #Account management.
+    account required pam_unix.so
+
+    #Authentication management.
+    auth required pam_deny.so
+
+    #Password management.
+    password required pam_unix.so nullok yescrypt
+
+    session required pam_env.so conffile=/etc/pam/environment readenv=0
+    session required pam_unix.so
+    session required pam_loginuid.so
+    session optional ${pkgs.systemd}/lib/security/pam_systemd.so
   '';