diff --git a/home/platforms/fabian@posixlycorrect/lib/default.nix b/home/platforms/fabian@posixlycorrect/lib/default.nix
index b00a0c7..73fe593 100644
--- a/home/platforms/fabian@posixlycorrect/lib/default.nix
+++ b/home/platforms/fabian@posixlycorrect/lib/default.nix
@@ -45,6 +45,9 @@
     vlc
     vpsfree-client
     vscodium-fhs
+    yubikey-manager
+    yubico-pam
+    yubikey-personalization
     zip
     zola
     zoom-us
diff --git a/sys/platforms/posixlycorrect/default.nix b/sys/platforms/posixlycorrect/default.nix
index f67ae8c..3a18f9b 100644
--- a/sys/platforms/posixlycorrect/default.nix
+++ b/sys/platforms/posixlycorrect/default.nix
@@ -10,6 +10,7 @@
   imports = [
     # Include the results of the hardware scan.
     ./hardware-configuration.nix
+    ./yubikey.nix
   ];
 
   # Use the systemd-boot EFI boot loader.
diff --git a/sys/platforms/posixlycorrect/yubikey.nix b/sys/platforms/posixlycorrect/yubikey.nix
new file mode 100644
index 0000000..1b9ee9f
--- /dev/null
+++ b/sys/platforms/posixlycorrect/yubikey.nix
@@ -0,0 +1,32 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
+  services = {
+    pcscd.enable = true;
+    udev.packages = [pkgs.yubikey-personalization];
+  };
+
+  environment.etc."pkcs11/modules/ykcs11".text = ''
+    module: ${pkgs.yubico-piv-tool}/lib/libykcs11.so
+  '';
+
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+  };
+
+  security.pam.services = {
+    login.u2fAuth = true;
+    sudo.u2fAuth = true;
+  };
+
+  security.pam.yubico = {
+    enable = true;
+    debug = false;
+    mode = "challenge-response";
+    id = ["27677315"];
+  };
+}