nix/nixos/common/modules/yubikey-auth.nix

{ pkgs, ... }: {
  security.pam.yubico = {
    enable = true;
    debug = true;
    control = "required";
    mode = "challenge-response";
    challengeResponsePath = "/run/secrets/yubikey";
    id = [ "18550256" ];
  };
  
  sops.secrets."yubikey/albert-18550256" = {
    owner = "root";
    mode = "600";
    sopsFile = ../../../secrets/yubikey.yaml;
  };

  environment.systemPackages = with pkgs; [
    yubico-pam
  ];
}
Update 2024-05-05 15:08:06 +09:00			`{ pkgs, ... }: {`
Add Yubikey support 2024-05-05 15:07:33 +09:00			`security.pam.yubico = {`
			`enable = true;`
			`debug = true;`
Test 2024-05-05 16:26:04 +09:00			`control = "required";`
Add Yubikey support 2024-05-05 15:07:33 +09:00			`mode = "challenge-response";`
Test 2024-05-05 17:00:43 +09:00			`challengeResponsePath = "/run/secrets/yubikey";`
Add Yubikey support 2024-05-05 15:07:33 +09:00			`id = [ "18550256" ];`
			`};`
Testing 2024-05-05 16:56:47 +09:00
Update 2024-05-05 17:19:20 +09:00			`sops.secrets."yubikey/albert-18550256" = {`
Testing 2024-05-05 16:56:47 +09:00			`owner = "root";`
Update 2024-05-05 17:24:05 +09:00			`mode = "600";`
Update 2024-05-05 16:58:26 +09:00			`sopsFile = ../../../secrets/yubikey.yaml;`
Testing 2024-05-05 16:56:47 +09:00			`};`
Test 2024-05-05 16:09:49 +09:00
Test 2024-05-05 16:13:52 +09:00			`environment.systemPackages = with pkgs; [`
			`yubico-pam`
			`];`
Add Yubikey support 2024-05-05 15:07:33 +09:00			`}`