From deab4cc3bd6a19bdedb5630dd584c798f57d21f7 Mon Sep 17 00:00:00 2001
From: TheArcaneBrony <myrainbowdash949@gmail.com>
Date: Sun, 2 Apr 2023 20:12:14 +0200
Subject: Reimplement pam

---
 modules/base.nix | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/modules/base.nix b/modules/base.nix
index d77e782..0f199e5 100755
--- a/modules/base.nix
+++ b/modules/base.nix
@@ -92,11 +92,24 @@
     Storage=none
   '';
 
-  security.pam.services.sshd.text = lib.mkBefore ''
+  security.pam.services.sshd.text = lib.mkAfter ''
     #login script
     auth [default=ignore] pam_exec.so ${pkgs.writeShellScript "login-banner" ''
       ${pkgs.chafa}/bin/chafa https://raw.githubusercontent.com/spacebarchat/spacebarchat/master/branding/svg/Spacebar__Logo-Blue.svg --fg-only -s 80 -O 9 -w 9
     ''}
+    #Account management.
+    account required pam_unix.so
+
+    #Authentication management.
+    auth required pam_deny.so
+
+    #Password management.
+    password required pam_unix.so nullok yescrypt
+
+    session required pam_env.so conffile=/etc/pam/environment readenv=0
+    session required pam_unix.so
+    session required pam_loginuid.so
+    session optional ${pkgs.systemd}/lib/security/pam_systemd.so
   '';
 
 
-- 
cgit 1.4.1