From e839e5940fdf706aced717e612cce56776de85bc Mon Sep 17 00:00:00 2001
From: "Dominique Martinet @ jormungand" <asmadeus@codewreck.org>
Date: Thu, 1 Oct 2020 16:30:00 +0200
Subject: add oath-based otp pam profile & enable on jormungand

---
 machines/jormungand/configuration.nix |  1 +
 profiles/otp.nix                      | 11 +++++++++++
 2 files changed, 12 insertions(+)
 create mode 100644 profiles/otp.nix

diff --git a/machines/jormungand/configuration.nix b/machines/jormungand/configuration.nix
index 6fb1e2f..cc4c1c6 100644
--- a/machines/jormungand/configuration.nix
+++ b/machines/jormungand/configuration.nix
@@ -8,6 +8,7 @@
       ../../profiles/ashuffle.nix
       ../../profiles/common.nix
       ../../profiles/miniflux.nix
+      ../../profiles/otp.nix
       ../../profiles/users.nix
       ../../profiles/vaderetro.nix
       ../../profiles/zramswap.nix
diff --git a/profiles/otp.nix b/profiles/otp.nix
new file mode 100644
index 0000000..a8207a4
--- /dev/null
+++ b/profiles/otp.nix
@@ -0,0 +1,11 @@
+{ config, pkgs, ... }:
+
+{
+  # use `gen-oath-safe username [hotp|totp]`
+  # scan code & add last line to /etc/users.oath
+  environment.systemPackages = with pkgs; [
+    gen-oath-safe
+  ];
+
+  security.pam.oath.enable = true;
+}
-- 
cgit v1.2.1-2-g3f67