mirror of
https://github.com/Swarsel/.dotfiles.git
synced 2025-12-06 17:17:22 +01:00
35 lines
927 B
Nix
35 lines
927 B
Nix
{ lib, config, pkgs, ... }:
|
|
let
|
|
inherit (config.swarselsystems) mainUser;
|
|
inherit (config.repo.secrets.common.yubikeys) cfg1 cfg2;
|
|
in
|
|
{
|
|
options.swarselmodules.yubikey = lib.mkEnableOption "yubikey config";
|
|
config = lib.mkIf config.swarselmodules.yubikey {
|
|
programs.ssh.startAgent = false;
|
|
|
|
services.pcscd.enable = false;
|
|
|
|
hardware.gpgSmartcards.enable = true;
|
|
|
|
security.pam.u2f = {
|
|
enable = true;
|
|
control = "sufficient";
|
|
settings = {
|
|
interactive = false; # displays a prompt BEFORE asking for presence
|
|
cue = true; # prints a message that a touch is requrired
|
|
origin = "pam://${mainUser}"; # make the keys work on all machines
|
|
authfile = pkgs.writeText "u2f-mappings" (lib.concatStrings [
|
|
mainUser
|
|
cfg1
|
|
cfg2
|
|
]);
|
|
};
|
|
};
|
|
|
|
services.udev.packages = with pkgs; [
|
|
yubikey-personalization
|
|
];
|
|
|
|
};
|
|
}
|