feat: add yubikey ids

SwarselSystems.org

@@ -3136,6 +3136,7 @@ This program builds a configuration locally.
       rm profiles/home/common/gammastep.nix
       rm profiles/home/common/git.nix
       rm profiles/home/common/mail.nix
+      rm profiles/home/common/yubikey.nix
       rm profiles/nixos/common/home-manager-extra.nix
       nix flake update vbc-nix
       git add .
@@ -3270,6 +3271,7 @@ This program sets up a new NixOS host locally.
       rm profiles/home/common/gammastep.nix
       rm profiles/home/common/git.nix
       rm profiles/home/common/mail.nix
+      rm profiles/home/common/yubikey.nix
       rm profiles/nixos/common/home-manager-extra.nix
       nix flake update vbc-nix
       git add .
@@ -8920,6 +8922,25 @@ I use sops-nix to handle secrets that I want to have available on my machines at
   }
 #+end_src
 
+**** Yubikey
+
+#+begin_src nix :tangle profiles/home/common/yubikey.nix
+  { lib, nix-secrets, ... }:
+  let
+    secretsDirectory = builtins.toString nix-secrets;
+    yubikey1 = lib.swarselsystems.getSecret "${secretsDirectory}/yubikey/yubikey1";
+    yubikey2 = lib.swarselsystems.getSecret "${secretsDirectory}/yubikey/yubikey2";
+  in
+  {
+    pam.yubico.authorizedYubiKeys = {
+      ids = [
+        "${yubikey1}"
+        "${yubikey2}"
+      ];
+    };
+  }
+#+end_src
+
 **** SSH Machines
 :PROPERTIES:
 :CUSTOM_ID: h:edd6720e-1f90-40bf-b6f9-30a19d4cae08

flake.lock

@@ -823,10 +823,10 @@
     "nix-secrets": {
       "flake": false,
       "locked": {
-        "lastModified": 1742594924,
+        "lastModified": 1742682980,
-        "narHash": "sha256-3oLkbjXbOv6Xq3+LJsasyJq4jBS0VkwKsbVdTB8MGJM=",
+        "narHash": "sha256-oHqbNiTdpGrOtZtu1UAMjOteEPEDJTolTh/cNqgj2HM=",
         "ref": "main",
-        "rev": "4ecfe7a80064e0595f386a203ba179c1a3c8bca3",
+        "rev": "b9e7aa2f01b68aa186271a1c0db722049fa14c17",
         "shallow": true,
         "type": "git",
         "url": "ssh://git@github.com/Swarsel/nix-secrets.git"

profiles/home/common/yubikey.nix

@@ -0,0 +1,14 @@
+{ lib, nix-secrets, ... }:
+let
+  secretsDirectory = builtins.toString nix-secrets;
+  yubikey1 = lib.swarselsystems.getSecret "${secretsDirectory}/yubikey/yubikey1";
+  yubikey2 = lib.swarselsystems.getSecret "${secretsDirectory}/yubikey/yubikey2";
+in
+{
+  pam.yubico.authorizedYubiKeys = {
+    ids = [
+      "${yubikey1}"
+      "${yubikey2}"
+    ];
+  };
+}

scripts/swarsel-install.sh

@@ -99,6 +99,7 @@ if [[ $local_keys != *"${pub_arr[1]}"* ]]; then
     rm profiles/home/common/gammastep.nix
     rm profiles/home/common/git.nix
     rm profiles/home/common/mail.nix
+    rm profiles/home/common/yubikey.nix
     rm profiles/nixos/common/home-manager-extra.nix
     nix flake update vbc-nix
     git add .

scripts/swarsel-rebuild.sh

@@ -81,6 +81,7 @@ if [[ $local_keys != *"${pub_arr[1]}"* ]]; then
     rm profiles/home/common/gammastep.nix
     rm profiles/home/common/git.nix
     rm profiles/home/common/mail.nix
+    rm profiles/home/common/yubikey.nix
     rm profiles/nixos/common/home-manager-extra.nix
     nix flake update vbc-nix
     git add .