nix/nixos/common/modules/yubikey-auth.nix

{ pkgs, ... }: {
  security.pam.yubico = {
    enable = true;
    debug = true;
    control = "required";
    mode = "challenge-response";
    id = [ "18550256" ];
  };
  services.udev.extraRules = ''
    ACTION=="remove",\
    ENV{ID_BUS}=="usb",\
    ENV{ID_MODEL_ID}=="0407",\
    ENV{ID_VENDOR_ID}=="1050",\
    ENV{ID_VENDOR}=="Yubico",\
    RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
  '';
}
Update 2024-05-05 08:08:06 +02:00			`{ pkgs, ... }: {`
Add Yubikey support 2024-05-05 08:07:33 +02:00			`security.pam.yubico = {`
			`enable = true;`
			`debug = true;`
Testing 2024-05-05 08:22:40 +02:00			`control = "required";`
Add Yubikey support 2024-05-05 08:07:33 +02:00			`mode = "challenge-response";`
			`id = [ "18550256" ];`
			`};`
			`services.udev.extraRules = ''`
			`ACTION=="remove",\`
			`ENV{ID_BUS}=="usb",\`
			`ENV{ID_MODEL_ID}=="0407",\`
			`ENV{ID_VENDOR_ID}=="1050",\`
			`ENV{ID_VENDOR}=="Yubico",\`
			`RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"`
			`'';`
			`}`