modules/hardware-keys.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

{ pkgs, ... }:

{
  programs = {
    yubikey-touch-detector = {
      enable = true;
      libnotify = true;
    };
  };

  services = {
    yubikey-agent.enable = true;
  };

  # see `modules/home/yubikeys.nix` for the YubiKey
  # universal second factor (u2f) configuration file.
  security = {
    pam = {
      services = {
        login.u2fAuth = true;
        sudo.u2fAuth = true;
      };

      mount.enable = true;
    };
  };

  environment.systemPackages = with pkgs; [
    yubikey-manager
    yubikey-manager-qt
    yubikey-personalization
    yubikey-personalization-gui
    yubikey-touch-detector # install icon
    age-plugin-yubikey
    pam_u2f
  ];
}