mirror of
https://github.com/Swarsel/.dotfiles.git
synced 2025-12-06 09:07:21 +01:00
feat: make yubikey pam work on all machines
Some checks failed
Flake check / Check flake (push) Has been cancelled
Some checks failed
Flake check / Check flake (push) Has been cancelled
This commit is contained in:
Leon Schwarzäugl
parent
18a2a32bae
commit
21c1067572
GPG key ID:
26A54C31F2A4FD84
5 changed files with 77 additions and 112 deletions
|
|
@ -1,4 +1,8 @@
|
|||
{ lib, config, pkgs, ... }:
|
||||
let
|
||||
inherit (config.swarselsystems) mainUser;
|
||||
inherit (config.repo.secrets.common.yubikeys) cfg1 cfg2;
|
||||
in
|
||||
{
|
||||
options.swarselsystems.modules.yubikey = lib.mkEnableOption "yubikey config";
|
||||
config = lib.mkIf config.swarselsystems.modules.yubikey {
|
||||
|
|
@ -8,6 +12,21 @@
|
|||
|
||||
hardware.gpgSmartcards.enable = true;
|
||||
|
||||
security.pam.u2f = {
|
||||
enable = true;
|
||||
control = "sufficient";
|
||||
settings = {
|
||||
interactive = false; # displays a prompt BEFORE asking for presence
|
||||
cue = true; # prints a message that a touch is requrired
|
||||
origin = "pam://${mainUser}"; # make the keys work on all machines
|
||||
authfile = pkgs.writeText "u2f-mappings" (lib.concatStrings [
|
||||
mainUser
|
||||
cfg1
|
||||
cfg2
|
||||
]);
|
||||
};
|
||||
};
|
||||
|
||||
services.udev.packages = with pkgs; [
|
||||
yubikey-personalization
|
||||
];
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue