feat: pam, ...

kat/gui/waybar.nix

@@ -1,4 +1,4 @@
-{ config, kittywitch, lib, pkgs, nixfiles, ... }:
+{ config, kittywitch, lib, pkgs, ... }:
 
 {
   xdg.configFile."waybar/style.css" = { inherit (kittywitch.sassTemplate { name = "waybar-style"; src = ./waybar.sass; }) source; };

nixos/common/access.nix

@@ -0,0 +1,18 @@
+{ config, pkgs, lib, ... }: let
+# TODO: solve lib usage
+inherit (lib.lists) concatLists elem;
+inherit (lib.attrsets) mapAttrsToList;
+in {
+  users.users.root = {
+    shell = pkgs.zsh;
+    hashedPassword =
+      "$6$i28yOXoo$/WokLdKds5ZHtJHcuyGrH2WaDQQk/2Pj0xRGLgS8UcmY2oMv3fw2j/85PRpsJJwCB2GBRYRK5LlvdTleHd3mB.";
+    openssh.authorizedKeys.keys = concatLists (mapAttrsToList
+          (name: user:
+           if elem "wheel" user.extraGroups then
+           user.openssh.authorizedKeys.keys
+           else
+           [ ])
+          config.users.users);
+  };
+   }

nixos/gui/pam.nix

@@ -0,0 +1,6 @@
+_: {
+  security.pam.services = {
+    login.u2fAuth = true;
+    sudo.u2fAuth = true;
+  };
+}

systems/default.nix

@@ -122,8 +122,8 @@
             path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.${name};
           };
           hostname = "${name}.inskip.me";
-          sshOpts = ["-p" "62954"]; # "${builtins.toString (builtins.head inputs.self.nixosConfigurations.${name}.config.services.openssh.ports)}"];
+          sshOpts = ["-p" "${builtins.toString (builtins.head inputs.self.nixosConfigurations.${name}.config.services.openssh.ports)}"];
-          sshUser = "kat";
+          sshUser = "root";
           user = "root";
           autoRollback = true;
           magicRollback = true;