diff --git a/nixos/base.nix b/nixos/base.nix
index ec0d384..8d42a66 100644
--- a/nixos/base.nix
+++ b/nixos/base.nix
@@ -144,12 +144,14 @@
     flashrom
     gcc
     nixd
+    pam_u2f
     pciutils
     python3
     qemu
     rustup
     usbutils
     wget
+    yubikey-manager
   ];
 
   nix.nixPath = ["nixpkgs=${inputs.nixpkgs}"];
@@ -173,4 +175,27 @@
       KbdInteractiveAuthentication = false;
     };
   };
+
+  services.pcscd.enable = true;
+
+  services.udev.packages = [pkgs.yubikey-personalization];
+
+  services.yubikey-agent.enable = true;
+
+  security.pam = lib.optionalAttrs pkgs.stdenv.isLinux {
+    sshAgentAuth.enable = true;
+    u2f = {
+      enable = true;
+      settings = {
+        cue = false;
+        authFile = "~/.config/Yubico/u2f_keys";
+      };
+    };
+    services = {
+      login.u2fAuth = true;
+      sudo = {
+        u2fAuth = true;
+      };
+    };
+  };
 }
diff --git a/nixos/desktop.nix b/nixos/desktop.nix
index 4cdfebc..5d50713 100644
--- a/nixos/desktop.nix
+++ b/nixos/desktop.nix
@@ -118,6 +118,7 @@
       winDecStyles = ["classic"];
     })
     firefoxpwa
+    yubioath-flutter
   ];
 
   services.fprintd.enable = true;