28 lines
571 B
Nix
28 lines
571 B
Nix
{ config, pkgs, ... }:
|
|
|
|
{
|
|
services.pcscd.enable = true;
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
keymapp
|
|
yubikey-personalization
|
|
yubikey-manager
|
|
];
|
|
|
|
services.udev = {
|
|
packages = [ pkgs.yubikey-personalization ];
|
|
extraRules = ''
|
|
ACTION=="remove",\
|
|
ENV{ID_BUS}=="usb",\
|
|
ENV{ID_MODEL_ID}=="0407",\
|
|
ENV{ID_VENDOR_ID}=="1050",\
|
|
ENV{ID_VENDOR}=="Yubico",\
|
|
RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
|
|
'';
|
|
};
|
|
|
|
security.pam.services = {
|
|
login.u2fAuth = true;
|
|
sudo.u2fAuth = true;
|
|
};
|
|
}
|