Add Yubikey tools

2025-06-09 01:39:08 -04:00
parent 30455c8709
commit 3a84898308
2 changed files with 26 additions and 0 deletions
--- a/nixos/base.nix
+++ b/nixos/base.nix
@@ -144,12 +144,14 @@
    flashrom
    gcc
    nixd
+    pam_u2f
    pciutils
    python3
    qemu
    rustup
    usbutils
    wget
+    yubikey-manager
  ];

  nix.nixPath = ["nixpkgs=${inputs.nixpkgs}"];
@@ -173,4 +175,27 @@
      KbdInteractiveAuthentication = false;
    };
  };
+
+  services.pcscd.enable = true;
+
+  services.udev.packages = [pkgs.yubikey-personalization];
+
+  services.yubikey-agent.enable = true;
+
+  security.pam = lib.optionalAttrs pkgs.stdenv.isLinux {
+    sshAgentAuth.enable = true;
+    u2f = {
+      enable = true;
+      settings = {
+        cue = false;
+        authFile = "~/.config/Yubico/u2f_keys";
+      };
+    };
+    services = {
+      login.u2fAuth = true;
+      sudo = {
+        u2fAuth = true;
+      };
+    };
+  };
 }