swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 09:07:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: add yubikey ids

Browse source
This commit is contained in:
Leon Schwarzäugl 2025-03-22 23:40:18 +01:00
parent d7a7571b00
commit 01efa60483
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
5 changed files with 40 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

21
SwarselSystems.org
View file

@ -3136,6 +3136,7 @@ This program builds a configuration locally.
rm profiles/home/common/gammastep.nix
rm profiles/home/common/git.nix
rm profiles/home/common/mail.nix
rm profiles/home/common/yubikey.nix
rm profiles/nixos/common/home-manager-extra.nix
nix flake update vbc-nix
git add .
@ -3270,6 +3271,7 @@ This program sets up a new NixOS host locally.
rm profiles/home/common/gammastep.nix
rm profiles/home/common/git.nix
rm profiles/home/common/mail.nix
rm profiles/home/common/yubikey.nix
rm profiles/nixos/common/home-manager-extra.nix
nix flake update vbc-nix
git add .
@ -8920,6 +8922,25 @@ I use sops-nix to handle secrets that I want to have available on my machines at
}
#+end_src
**** Yubikey
#+begin_src nix :tangle profiles/home/common/yubikey.nix
{ lib, nix-secrets, ... }:
let
secretsDirectory = builtins.toString nix-secrets;
yubikey1 = lib.swarselsystems.getSecret "${secretsDirectory}/yubikey/yubikey1";
yubikey2 = lib.swarselsystems.getSecret "${secretsDirectory}/yubikey/yubikey2";
in
{
pam.yubico.authorizedYubiKeys = {
ids = [
"${yubikey1}"
"${yubikey2}"
];
};
}
#+end_src
**** SSH Machines
:PROPERTIES:
:CUSTOM_ID: h:edd6720e-1f90-40bf-b6f9-30a19d4cae08