2024-05-05 15:08:06 +09:00
|
|
|
{ pkgs, ... }: {
|
2024-05-05 15:07:33 +09:00
|
|
|
security.pam.yubico = {
|
|
|
|
enable = true;
|
|
|
|
debug = true;
|
2024-05-05 16:26:04 +09:00
|
|
|
control = "required";
|
2024-05-05 15:07:33 +09:00
|
|
|
mode = "challenge-response";
|
2024-05-05 17:00:43 +09:00
|
|
|
challengeResponsePath = "/run/secrets/yubikey";
|
2024-05-05 15:07:33 +09:00
|
|
|
id = [ "18550256" ];
|
|
|
|
};
|
2024-05-05 16:56:47 +09:00
|
|
|
|
2024-05-05 17:19:20 +09:00
|
|
|
sops.secrets."yubikey/albert-18550256" = {
|
2024-05-05 16:56:47 +09:00
|
|
|
owner = "root";
|
2024-05-05 17:24:05 +09:00
|
|
|
mode = "600";
|
2024-05-05 16:58:26 +09:00
|
|
|
sopsFile = ../../../secrets/yubikey.yaml;
|
2024-05-05 16:56:47 +09:00
|
|
|
};
|
2024-05-05 16:09:49 +09:00
|
|
|
|
2024-05-05 16:13:52 +09:00
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
yubico-pam
|
|
|
|
];
|
2024-05-05 15:07:33 +09:00
|
|
|
}
|