4 files changed, 49 insertions, 1 deletions

diff --git a/modules/common.nix b/modules/common.nix
index cfbf2fa..30fd3ab 100644
--- a/modules/common.nix
+++ b/modules/common.nix
@@ -11,6 +11,7 @@
     ./fonts.nix
     ./flatpak.nix
     ./libreoffice.nix
+    ./hardware-keys.nix
     ./nix-ld.nix
   ];
 
@@ -81,7 +82,7 @@
 
   environment.systemPackages = (with pkgs; [
     file unzip jq dig htop wget screen
-    gnupg pinentry-gnome3 age agenix minisign openssl
+    gnupg pinentry-gnome3 age agenix minisign openssl cryptsetup pamtester
     inetutils pciutils usbutils lshw lsof inxi iw pmutils acpi acpid avrdude
     minicom miniserve netcat-gnu socat tcpdump nmap iftop iperf mtr arp-scan ethtool
     sysprof wireshark mitmproxy hardinfo remmina
diff --git a/modules/hardware-keys.nix b/modules/hardware-keys.nix
new file mode 100644
index 0000000..e6ae089
--- /dev/null
+++ b/modules/hardware-keys.nix
@@ -0,0 +1,29 @@
+{ pkgs, ... }:
+
+{
+  programs = {
+    yubikey-touch-detector = {
+      enable = true;
+      libnotify = true;
+    };
+  };
+
+  services = {
+    yubikey-agent.enable = true;
+  };
+
+  # see `modules/home/yubikeys.nix` for the YubiKey
+  # universal second factor (u2f) configuration file.
+  security = {
+    pam.services = {
+      login.u2fAuth = true;
+      sudo.u2fAuth = true;
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    yubikey-manager yubikey-manager-qt
+    yubikey-personalization yubikey-personalization-gui
+    age-plugin-yubikey pam_u2f
+  ];
+}
diff --git a/modules/home/common.nix b/modules/home/common.nix
index e2b57f7..cdf8c1c 100644
--- a/modules/home/common.nix
+++ b/modules/home/common.nix
@@ -5,6 +5,7 @@
     ../foundation/home
 
     ./shell.nix
+    ./yubikeys.nix
     ./code.nix
     ./zed.nix
   ];
diff --git a/modules/home/yubikeys.nix b/modules/home/yubikeys.nix
new file mode 100644
index 0000000..266ce9d
--- /dev/null
+++ b/modules/home/yubikeys.nix
@@ -0,0 +1,17 @@
+{ ... }:
+
+let
+  keys = [
+    # username of YubiKey owner (me! :3)
+    "mel"
+    # "carnal" YubiKey
+    "7dYKqa9yw69hXwmYd61Bw0hnnxbSsASieIBmokmbAHArJexkPz+TGRVdXW2U8QiLAoe9l1QKo3jrtQxxbBiuFQ==,N7bABlRz0DvIqwxgBnTiyNZ4/JnRIRUEhVk+95h7+KtbTYdnoGnSaqiiimGQxTWxOHfpHbuii127f0HUwYPmXw==,es256,+presence"
+    # "anatomy" YubiKey
+    "//CLbB23LlMtMwefGzrMVELgTkIcfMRSjxJlQDvQ3FKRrlyPA75rosYVl5tqQbkPyed0fwsAkr1vhqPtth4GMQ==,VwxKl0ZYDmCTU02ziMigG1ZVC1MXDH9qeuBT1qplw1pt++tV32xao/yHayiRc2hvbJdJjfplQxT7mLnW90u9WQ==,es256,+presence"
+  ];
+in
+{
+  xdg.configFile = {
+    "Yubico/u2f_keys".text = builtins.concatStringsSep ":" keys;
+  };
+}