nix/nixos/common/modules/yubikey-auth.nix

{ pkgs, ... }: {
  security.pam.yubico = {
    enable = true;
    control = "required";
    mode = "challenge-response";
    challengeResponsePath = "/run/secrets/yubikey";
    id = [ "18550256" ];
  };
  
  sops.secrets."yubikey/albert-18550256" = {
    owner = "albert";
    mode = "600";
    sopsFile = ../../../secrets/yubikey.yaml;
  };

  environment.systemPackages = with pkgs; [
    yubico-pam
  ];
}
Update 2024-05-05 08:08:06 +02:00			`{ pkgs, ... }: {`
Add Yubikey support 2024-05-05 08:07:33 +02:00			`security.pam.yubico = {`
			`enable = true;`
Test 2024-05-05 09:26:04 +02:00			`control = "required";`
Add Yubikey support 2024-05-05 08:07:33 +02:00			`mode = "challenge-response";`
Test 2024-05-05 10:00:43 +02:00			`challengeResponsePath = "/run/secrets/yubikey";`
Add Yubikey support 2024-05-05 08:07:33 +02:00			`id = [ "18550256" ];`
			`};`
Testing 2024-05-05 09:56:47 +02:00
Update 2024-05-05 10:19:20 +02:00			`sops.secrets."yubikey/albert-18550256" = {`
Update 2024-05-05 10:29:27 +02:00			`owner = "albert";`
Update 2024-05-05 10:24:05 +02:00			`mode = "600";`
Update 2024-05-05 09:58:26 +02:00			`sopsFile = ../../../secrets/yubikey.yaml;`
Testing 2024-05-05 09:56:47 +02:00			`};`
Test 2024-05-05 09:09:49 +02:00
Test 2024-05-05 09:13:52 +02:00			`environment.systemPackages = with pkgs; [`
			`yubico-pam`
			`];`
Add Yubikey support 2024-05-05 08:07:33 +02:00			`}`