diff options
| -rw-r--r-- | modules/hardware-keys.nix | 36 | ||||
| -rw-r--r-- | modules/home/common.nix | 1 | ||||
| -rw-r--r-- | modules/home/yubikeys.nix | 17 |
3 files changed, 34 insertions, 20 deletions
diff --git a/modules/hardware-keys.nix b/modules/hardware-keys.nix index 13175dc..ac50ecd 100644 --- a/modules/hardware-keys.nix +++ b/modules/hardware-keys.nix @@ -1,5 +1,18 @@ { pkgs, ... }: +let + keys = [ + # username of YubiKey owner (me! :3) + "mel" + + # "carnal" YubiKey + "7dYKqa9yw69hXwmYd61Bw0hnnxbSsASieIBmokmbAHArJexkPz+TGRVdXW2U8QiLAoe9l1QKo3jrtQxxbBiuFQ==,N7bABlRz0DvIqwxgBnTiyNZ4/JnRIRUEhVk+95h7+KtbTYdnoGnSaqiiimGQxTWxOHfpHbuii127f0HUwYPmXw==,es256,+presence" + # "anatomy" YubiKey + "//CLbB23LlMtMwefGzrMVELgTkIcfMRSjxJlQDvQ3FKRrlyPA75rosYVl5tqQbkPyed0fwsAkr1vhqPtth4GMQ==,VwxKl0ZYDmCTU02ziMigG1ZVC1MXDH9qeuBT1qplw1pt++tV32xao/yHayiRc2hvbJdJjfplQxT7mLnW90u9WQ==,es256,+presence" + ]; + + authFile = pkgs.writeText "u2f_mappings" (builtins.concatStringsSep ":" keys); +in { programs = { yubikey-touch-detector = { @@ -17,14 +30,33 @@ security = { pam = { services = { - login.u2fAuth = true; - sudo.u2fAuth = true; + login = { + u2fAuth = true; + unixAuth = false; # careful + }; + sudo = { + u2fAuth = true; + unixAuth = true; + }; + }; + + u2f = { + enable = true; + settings = { + cue = true; + pinverification = 1; + authfile = authFile; + }; }; mount.enable = true; }; }; + services.udev.packages = with pkgs; [ + yubikey-personalization + ]; + environment.systemPackages = with pkgs; [ yubikey-manager yubioath-flutter diff --git a/modules/home/common.nix b/modules/home/common.nix index cdf8c1c..e2b57f7 100644 --- a/modules/home/common.nix +++ b/modules/home/common.nix @@ -5,7 +5,6 @@ ../foundation/home ./shell.nix - ./yubikeys.nix ./code.nix ./zed.nix ]; diff --git a/modules/home/yubikeys.nix b/modules/home/yubikeys.nix deleted file mode 100644 index 266ce9d..0000000 --- a/modules/home/yubikeys.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ ... }: - -let - keys = [ - # username of YubiKey owner (me! :3) - "mel" - # "carnal" YubiKey - "7dYKqa9yw69hXwmYd61Bw0hnnxbSsASieIBmokmbAHArJexkPz+TGRVdXW2U8QiLAoe9l1QKo3jrtQxxbBiuFQ==,N7bABlRz0DvIqwxgBnTiyNZ4/JnRIRUEhVk+95h7+KtbTYdnoGnSaqiiimGQxTWxOHfpHbuii127f0HUwYPmXw==,es256,+presence" - # "anatomy" YubiKey - "//CLbB23LlMtMwefGzrMVELgTkIcfMRSjxJlQDvQ3FKRrlyPA75rosYVl5tqQbkPyed0fwsAkr1vhqPtth4GMQ==,VwxKl0ZYDmCTU02ziMigG1ZVC1MXDH9qeuBT1qplw1pt++tV32xao/yHayiRc2hvbJdJjfplQxT7mLnW90u9WQ==,es256,+presence" - ]; -in -{ - xdg.configFile = { - "Yubico/u2f_keys".text = builtins.concatStringsSep ":" keys; - }; -} |