diff options
Diffstat (limited to '2configs/sshd-totp.nix')
| -rw-r--r-- | 2configs/sshd-totp.nix | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/2configs/sshd-totp.nix b/2configs/sshd-totp.nix index f9984e245..9ebbe0dc4 100644 --- a/2configs/sshd-totp.nix +++ b/2configs/sshd-totp.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, config, ... }: # Enables second factor for ssh password login ## Usage: @@ -6,12 +6,12 @@ ## scan the qrcode with google authenticator (or FreeOTP) ## copy last line into secrets/<host>/users.oath (chmod 700) { + sops.secrets."users.oath" = {}; security.pam.oath = { # enabling it will make it a requisite of `all` services # enable = true; digits = 6; - # TODO assert existing - usersFile = (toString <secrets>) + "/users.oath"; + usersFile = config.sops.secrets."users.oath".path; }; # I want TFA only active for sshd with password-auth security.pam.services.sshd.oathAuth = true; |