From bd2be7196aca0c5851620be09b51609f076fd2f8 Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Sat, 4 Jun 2022 12:21:32 +0100 Subject: [PATCH] nixos/common: add pam-ussh --- ops/nixos/lib/common.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ops/nixos/lib/common.nix b/ops/nixos/lib/common.nix index 080092e91e..9979a36b40 100644 --- a/ops/nixos/lib/common.nix +++ b/ops/nixos/lib/common.nix @@ -151,6 +151,11 @@ in environment.homeBinInPath = true; security.pam.enableSSHAgentAuth = true; + security.pam.ussh = { + enable = true; + control = "sufficient"; + caFile = ../../secrets/client-ca.pub; + }; users.mutableUsers = false; users.users = let secrets = depot.ops.secrets; in {