nix/nixos/common/modules/yubikey-auth.nix

21 lines
425 B
Nix
Raw Normal View History

2024-05-05 15:08:06 +09:00
{ pkgs, ... }: {
2024-05-05 15:07:33 +09:00
security.pam.yubico = {
enable = true;
debug = true;
2024-05-05 16:26:04 +09:00
control = "required";
2024-05-05 15:07:33 +09:00
mode = "challenge-response";
2024-05-05 17:00:43 +09:00
challengeResponsePath = "/run/secrets/yubikey";
2024-05-05 15:07:33 +09:00
id = [ "18550256" ];
};
2024-05-05 16:56:47 +09:00
2024-05-05 17:19:20 +09:00
sops.secrets."yubikey/albert-18550256" = {
2024-05-05 16:56:47 +09:00
owner = "root";
2024-05-05 17:24:05 +09:00
mode = "600";
2024-05-05 16:58:26 +09:00
sopsFile = ../../../secrets/yubikey.yaml;
2024-05-05 16:56:47 +09:00
};
2024-05-05 16:09:49 +09:00
2024-05-05 16:13:52 +09:00
environment.systemPackages = with pkgs; [
yubico-pam
];
2024-05-05 15:07:33 +09:00
}