added pam u2f auth
This commit is contained in:
parent
27dd02777d
commit
6f36d70cdf
3 changed files with 31 additions and 15 deletions
|
|
@ -8,6 +8,7 @@
|
||||||
containers.enable = true;
|
containers.enable = true;
|
||||||
networkmanager.enable = true;
|
networkmanager.enable = true;
|
||||||
yubikey.enable = true;
|
yubikey.enable = true;
|
||||||
|
yubikey.login = true;
|
||||||
|
|
||||||
stateVersion = "24.11";
|
stateVersion = "24.11";
|
||||||
hmStateVersion = "24.11";
|
hmStateVersion = "24.11";
|
||||||
|
|
|
||||||
|
|
@ -4,19 +4,31 @@
|
||||||
pkgs,
|
pkgs,
|
||||||
...
|
...
|
||||||
}: let
|
}: let
|
||||||
inherit (lib) mkIf;
|
inherit (lib) mkMerge mkIf;
|
||||||
inherit (config) conf;
|
inherit (config) conf;
|
||||||
in
|
in
|
||||||
mkIf conf.yubikey.enable {
|
mkMerge [
|
||||||
services.udev.packages = [pkgs.yubikey-personalization];
|
(mkIf
|
||||||
services.pcscd.enable = true;
|
conf.yubikey.enable
|
||||||
|
{
|
||||||
|
services.udev.packages = [pkgs.yubikey-personalization];
|
||||||
|
services.pcscd.enable = true;
|
||||||
|
|
||||||
programs.gnupg.agent = {
|
programs.gnupg.agent = {
|
||||||
enable = true;
|
enable = true;
|
||||||
enableSSHSupport = true;
|
enableSSHSupport = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
home-manager.users.${conf.username}.home.packages = with pkgs; [
|
home-manager.users.${conf.username}.home.packages = with pkgs; [
|
||||||
yubioath-flutter
|
yubioath-flutter
|
||||||
];
|
];
|
||||||
}
|
})
|
||||||
|
(mkIf
|
||||||
|
conf.yubikey.login
|
||||||
|
{
|
||||||
|
security.pam.services = {
|
||||||
|
login.u2fAuth = true;
|
||||||
|
sudo.u2fAuth = true;
|
||||||
|
};
|
||||||
|
})
|
||||||
|
]
|
||||||
|
|
|
||||||
|
|
@ -12,9 +12,12 @@ in {
|
||||||
games.enable = mkEnableOption "Enable games.";
|
games.enable = mkEnableOption "Enable games.";
|
||||||
secureboot.enable = mkEnableOption "Enable secure boot utilities (manual key-enrolling required).";
|
secureboot.enable = mkEnableOption "Enable secure boot utilities (manual key-enrolling required).";
|
||||||
extraLayout.enable = mkEnableOption "Enable additional custom layout.";
|
extraLayout.enable = mkEnableOption "Enable additional custom layout.";
|
||||||
fonts.enable = mkEnableOption "Install and set preferred fonts";
|
fonts.enable = mkEnableOption "Install and set preferred fonts.";
|
||||||
networkmanager.enable = mkEnableOption "Enable network manager and some related configuration";
|
networkmanager.enable = mkEnableOption "Enable network manager and some related configuration.";
|
||||||
yubikey.enable = mkEnableOption "Enable support for yubikey";
|
yubikey = {
|
||||||
|
enable = mkEnableOption "Enable support for yubikey.";
|
||||||
|
login = mkEnableOption "Enable login with yubikey, make sure ~/.config/Yubico/u2f_keys is set up.";
|
||||||
|
};
|
||||||
|
|
||||||
# Generally server options
|
# Generally server options
|
||||||
ssh.enable = mkEnableOption "Install my public key to allow accessing this machine via ssh.";
|
ssh.enable = mkEnableOption "Install my public key to allow accessing this machine via ssh.";
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue