blob: ccccca57cbaeed5d490fb03d74abbabd9eb7fbbd (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
{ pkgs, ... }:
let
keys = [
# username of YubiKey owner (me! :3)
"mel"
# "carnal" YubiKey
"7dYKqa9yw69hXwmYd61Bw0hnnxbSsASieIBmokmbAHArJexkPz+TGRVdXW2U8QiLAoe9l1QKo3jrtQxxbBiuFQ==,N7bABlRz0DvIqwxgBnTiyNZ4/JnRIRUEhVk+95h7+KtbTYdnoGnSaqiiimGQxTWxOHfpHbuii127f0HUwYPmXw==,es256,+presence"
# "anatomy" YubiKey
"//CLbB23LlMtMwefGzrMVELgTkIcfMRSjxJlQDvQ3FKRrlyPA75rosYVl5tqQbkPyed0fwsAkr1vhqPtth4GMQ==,VwxKl0ZYDmCTU02ziMigG1ZVC1MXDH9qeuBT1qplw1pt++tV32xao/yHayiRc2hvbJdJjfplQxT7mLnW90u9WQ==,es256,+presence"
];
authFile = pkgs.writeText "u2f_mappings" (builtins.concatStringsSep ":" keys);
in
{
programs = {
yubikey-touch-detector = {
enable = true;
libnotify = true;
};
};
services = {
yubikey-agent.enable = true;
};
# see `modules/home/yubikeys.nix` for the YubiKey
# universal second factor (u2f) configuration file.
security = {
pam = {
services = {
login = {
u2fAuth = true;
# TODO: figure out how to use hardware keys for login on moissanite
unixAuth = true; # careful
};
sudo = {
u2fAuth = true;
unixAuth = true;
};
};
u2f = {
enable = true;
settings = {
cue = true;
pinverification = 1;
authfile = authFile;
};
};
mount.enable = true;
};
};
services.udev.packages = with pkgs; [
yubikey-personalization
];
environment.systemPackages = with pkgs; [
yubikey-manager
yubioath-flutter
yubikey-personalization
yubikey-touch-detector # install icon
age-plugin-yubikey
pam_u2f
];
}
|
