48 lines
1 KiB
Nix
48 lines
1 KiB
Nix
{
|
|
lib,
|
|
config,
|
|
pkgs,
|
|
...
|
|
}: let
|
|
inherit (lib) mkMerge mkIf;
|
|
inherit (config) conf;
|
|
cfg = config.conf.yubikey;
|
|
in
|
|
mkMerge [
|
|
(mkIf
|
|
cfg.enable
|
|
{
|
|
services.udev.packages = [pkgs.yubikey-personalization];
|
|
services.pcscd.enable = true;
|
|
|
|
programs.gnupg.agent = {
|
|
enable = true;
|
|
enableSSHSupport = true;
|
|
};
|
|
|
|
home-manager.users.${conf.username}.home.packages = with pkgs; [
|
|
yubioath-flutter
|
|
];
|
|
})
|
|
(mkIf
|
|
cfg.login
|
|
{
|
|
security.pam.u2f = {
|
|
enable = true;
|
|
control = "required";
|
|
settings = {
|
|
cue = true;
|
|
};
|
|
};
|
|
|
|
# Lock when removing yubikey
|
|
services.udev.extraRules = ''
|
|
ACTION=="remove",\
|
|
ENV{ID_BUS}=="usb",\
|
|
ENV{ID_MODEL_ID}=="0407",\
|
|
ENV{ID_VENDOR_ID}=="1050",\
|
|
ENV{ID_VENDOR}=="Yubico",\
|
|
RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
|
|
'';
|
|
})
|
|
]
|