modules/workstation/hardware/yubikey/default.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14

{ pkgs, ... }:

{
  services.udev.packages = with pkgs; [ yubikey-personalization ];

  security.pam.services.sudo.u2fAuth = true;
  security.sudo.extraConfig = ''
    Defaults timestamp_timeout=0
  '';

  security.pam.u2f.appId = "pam://qyliss.net";
  security.pam.u2f.cue = true;
  security.pam.u2f.authFile = pkgs.copyPathToStore ./u2f_keys;
}