modules/hardware-keys.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

{ pkgs, ... }:

{
  programs = {
    yubikey-touch-detector = {
      enable = true;
      libnotify = true;
    };
  };

  services = {
    yubikey-agent.enable = true;
  };

  # see `modules/home/yubikeys.nix` for the YubiKey
  # universal second factor (u2f) configuration file.
  security = {
    pam.services = {
      login.u2fAuth = true;
      sudo.u2fAuth = true;
    };
  };

  environment.systemPackages = with pkgs; [
    yubikey-manager yubikey-manager-qt
    yubikey-personalization yubikey-personalization-gui
    age-plugin-yubikey pam_u2f
  ];
}