From dbb62c055511ce4f7ddf2de2d61e66353ce6bd27 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Fri, 21 Jun 2024 20:43:12 +0200 Subject: [PATCH] feat: adds yubikey stuff --- modules/core/default.nix | 25 +++++++++++++------------ modules/core/yubikey.nix | 25 +++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 12 deletions(-) create mode 100644 modules/core/yubikey.nix diff --git a/modules/core/default.nix b/modules/core/default.nix index ae5966d..637bda0 100644 --- a/modules/core/default.nix +++ b/modules/core/default.nix @@ -1,17 +1,18 @@ { ... }: { imports = - [ (import ./bootloader.nix) ] - ++ [ (import ./hardware.nix) ] - ++ [ (import ./xserver.nix) ] - ++ [ (import ./network.nix) ] - ++ [ (import ./pipewire.nix) ] - ++ [ (import ./program.nix) ] - ++ [ (import ./security.nix) ] - ++ [ (import ./services.nix) ] - ++ [ (import ./system.nix) ] - ++ [ (import ./user.nix) ] - ++ [ (import ./bluetooth.nix) ] - ++ [ (import ./wayland.nix) ]; + [(import ./bootloader.nix)] + ++ [(import ./hardware.nix)] + ++ [(import ./xserver.nix)] + ++ [(import ./network.nix)] + ++ [(import ./pipewire.nix)] + ++ [(import ./program.nix)] + ++ [(import ./security.nix)] + ++ [(import ./services.nix)] + ++ [(import ./system.nix)] + ++ [(import ./user.nix)] + ++ [(import ./bluetooth.nix)] + ++ [(import ./yubikey.nix)] + ++ [(import ./wayland.nix)]; # ++ [ (import ./virtualization.nix) ]; } diff --git a/modules/core/yubikey.nix b/modules/core/yubikey.nix new file mode 100644 index 0000000..8908c68 --- /dev/null +++ b/modules/core/yubikey.nix @@ -0,0 +1,25 @@ +{ pkgs, ...}: + +{ + services.udev.packages = [ pkgs.yubikey-personalization ]; + + # FIXME Don't forget to create an authorization mapping file for your user (https://nixos.wiki/wiki/Yubikey#pam_u2f) + security.pam = { + u2f = { + enable = true; + cue = true; + control = "sufficient"; + }; + + services = { + login.u2fAuth = true; + greetd.u2fAuth = true; + sudo.u2fAuth = true; + hyprlock.u2fAuth = true; + }; + }; + + environment.systemPackages = with pkgs; [ + yubikey-manager + ]; +}