Setup login and sudo authentication through U2F w/ YubiKey

Signed-off-by: Mel <mel@rnrd.eu>
author: Mel <mel@rnrd.eu> 2025-06-05 03:41:32 +0200
committer: Mel <mel@rnrd.eu> 2025-06-05 03:41:32 +0200
commit: 182aa5ecdc5c6583ce9b44c5a13432bb30409fc8 (patch)
tree: bf4d0fbba4e1cc8db47238002a293bae90998e4e /modules/hardware-keys.nix
parent: bca04b418838998c183b4e087ded86856c88a062 (diff)
download: minerals-182aa5ecdc5c6583ce9b44c5a13432bb30409fc8.tar.zst
minerals-182aa5ecdc5c6583ce9b44c5a13432bb30409fc8.zip
1 files changed, 29 insertions, 0 deletions
diff --git a/modules/hardware-keys.nix b/modules/hardware-keys.nix
new file mode 100644
index 0000000..e6ae089
--- /dev/null
+++ b/modules/hardware-keys.nix
@@ -0,0 +1,29 @@
+{ pkgs, ... }:
+
+{
+  programs = {
+    yubikey-touch-detector = {
+      enable = true;
+      libnotify = true;
+    };
+  };
+
+  services = {
+    yubikey-agent.enable = true;
+  };
+
+  # see `modules/home/yubikeys.nix` for the YubiKey
+  # universal second factor (u2f) configuration file.
+  security = {
+    pam.services = {
+      login.u2fAuth = true;
+      sudo.u2fAuth = true;
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    yubikey-manager yubikey-manager-qt
+    yubikey-personalization yubikey-personalization-gui
+    age-plugin-yubikey pam_u2f
+  ];
+}
author	Mel <mel@rnrd.eu>	2025-06-05 03:41:32 +0200
committer	Mel <mel@rnrd.eu>	2025-06-05 03:41:32 +0200
commit	182aa5ecdc5c6583ce9b44c5a13432bb30409fc8 (patch)
tree	bf4d0fbba4e1cc8db47238002a293bae90998e4e /modules/hardware-keys.nix
parent	bca04b418838998c183b4e087ded86856c88a062 (diff)
download	minerals-182aa5ecdc5c6583ce9b44c5a13432bb30409fc8.tar.zst minerals-182aa5ecdc5c6583ce9b44c5a13432bb30409fc8.zip