forked from fabian/nix
44 lines
796 B
Nix
44 lines
796 B
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
with lib; let
|
|
cfg = config.local.sys.yubikey;
|
|
in {
|
|
options.local.sys.yubikey = {
|
|
enable = mkEnableOption "yubikey settings";
|
|
};
|
|
config = mkIf cfg.enable {
|
|
services = {
|
|
pcscd.enable = true;
|
|
udev.packages = [pkgs.yubikey-personalization];
|
|
};
|
|
|
|
environment.etc."pkcs11/modules/ykcs11".text = ''
|
|
module: ${pkgs.yubico-piv-tool}/lib/libykcs11.so
|
|
'';
|
|
|
|
programs.gnupg.agent = {
|
|
enable = true;
|
|
enableSSHSupport = true;
|
|
};
|
|
|
|
security.pam = {
|
|
services = {
|
|
login.u2fAuth = true;
|
|
sudo.u2fAuth = true;
|
|
};
|
|
|
|
u2f = {
|
|
enable = true;
|
|
control = "sufficient";
|
|
settings = {
|
|
debug = false;
|
|
cue = true;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|