swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 09:07:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: repo-local secrets implemented for yubikey

Browse source
This commit is contained in:
Leon Schwarzäugl 2025-06-11 04:01:07 +02:00
parent 609bb1597f
commit 85cbd5e1f6
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
11 changed files with 230 additions and 60 deletions
Download patch file Download diff file Expand all files Collapse all files

12
modules/home/common/yubikey.nix
View file

@ -1,16 +1,12 @@
{ lib, config, nix-secrets, ... }:
let
secretsDirectory = builtins.toString nix-secrets;
yubikey1 = lib.swarselsystems.getSecret "${secretsDirectory}/yubikey/yubikey1";
yubikey2 = lib.swarselsystems.getSecret "${secretsDirectory}/yubikey/yubikey2";
in
{ lib, config, nixosConfig, ... }:
{
options.swarselsystems.modules.yubikey = lib.mkEnableOption "yubikey settings";
config = lib.mkIf config.swarselsystems.modules.yubikey {
pam.yubico.authorizedYubiKeys = {
ids = [
"${yubikey1}"
"${yubikey2}"
nixosConfig.repo.secrets.common.yubikeys.dev1
nixosConfig.repo.secrets.common.yubikeys.dev2
];
};
};