diff options
author | makefu <github@syntax-fehler.de> | 2023-07-28 22:24:15 +0200 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2023-07-28 22:24:15 +0200 |
commit | 060a8f28fa1fc648bdf66afb31a5d1efac868837 (patch) | |
tree | 2b354eacc7897365ee45244fe7a51720e0d0333f /makefu/2configs/sshd-totp.nix | |
parent | cbfcc890e3b76d942b927809bf981a5fa7289e6a (diff) |
makefu: move out to own repo, add vacation-note
Diffstat (limited to 'makefu/2configs/sshd-totp.nix')
-rw-r--r-- | makefu/2configs/sshd-totp.nix | 18 |
1 files changed, 0 insertions, 18 deletions
diff --git a/makefu/2configs/sshd-totp.nix b/makefu/2configs/sshd-totp.nix deleted file mode 100644 index f9984e24..00000000 --- a/makefu/2configs/sshd-totp.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ pkgs, ... }: -# Enables second factor for ssh password login - -## Usage: -# gen-oath-safe <username> totp -## scan the qrcode with google authenticator (or FreeOTP) -## copy last line into secrets/<host>/users.oath (chmod 700) -{ - security.pam.oath = { - # enabling it will make it a requisite of `all` services - # enable = true; - digits = 6; - # TODO assert existing - usersFile = (toString <secrets>) + "/users.oath"; - }; - # I want TFA only active for sshd with password-auth - security.pam.services.sshd.oathAuth = true; -} |