refactor yubikey

2024-01-11 14:58:08 +01:00 · 2024-01-11 14:58:08 +01:00 · d994ac0650
commit d994ac0650
parent d0756a68f0
3 changed files with 21 additions and 2 deletions
--- a/system/default.nix
+++ b/system/default.nix
@ -94,7 +94,6 @@
    mullvad-vpn.enable = true;
  };

-  services.udev.packages = [ pkgs.yubikey-personalization ];
  virtualisation.libvirtd.enable = true;
  programs.dconf.enable = true;

--- a/system/yubikey.nix
+++ b/system/yubikey.nix
@ -0,0 +1,19 @@
+{ config, pkgs, ... }:
+
+{
+  services.udev = {
+    packages = [ pkgs.yubikey-personalization ];
+    extraRules = ''
+      ACTION=="remove",\
+       ENV{ID_BUS}=="usb",\
+       ENV{ID_MODEL_ID}=="0407",\
+       ENV{ID_VENDOR_ID}=="1050",\
+       ENV{ID_VENDOR}=="Yubico",\
+       RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
+    '';
+  };
+  security.pam.services = {
+    login.u2fAuth = true;
+    sudo.u2fAuth = true;
+  };
+}