From f55307fd73af235069744dd5155fda0bc73fe613 Mon Sep 17 00:00:00 2001
From: lassulus <git@lassul.us>
Date: Thu, 7 Sep 2023 12:26:31 +0200
Subject: lass: migrate away

---
 lass/2configs/otp-ssh.nix | 18 ------------------
 1 file changed, 18 deletions(-)
 delete mode 100644 lass/2configs/otp-ssh.nix

(limited to 'lass/2configs/otp-ssh.nix')

diff --git a/lass/2configs/otp-ssh.nix b/lass/2configs/otp-ssh.nix
deleted file mode 100644
index f9984e245..000000000
--- a/lass/2configs/otp-ssh.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{ pkgs, ... }:
-# Enables second factor for ssh password login
-
-## Usage:
-#  gen-oath-safe <username> totp
-## scan the qrcode with google authenticator (or FreeOTP)
-## copy last line into secrets/<host>/users.oath (chmod 700)
-{
-  security.pam.oath = {
-    # enabling it will make it a requisite of `all` services
-    # enable = true;
-    digits = 6;
-    # TODO assert existing
-    usersFile = (toString <secrets>) + "/users.oath";
-  };
-  # I want TFA only active for sshd with password-auth
-  security.pam.services.sshd.oathAuth = true;
-}
-- 
cgit v1.2.3

[cgit] Unable to lock slot /tmp/cgit/5e100000.lock: No such file or directory (2)