Add Yubikey support
This commit is contained in:
parent
3c0ee410e6
commit
1f8e342296
4 changed files with 18 additions and 4 deletions
|
@ -4,8 +4,5 @@
|
||||||
home.file.".ssh/config".text = ''
|
home.file.".ssh/config".text = ''
|
||||||
Host 192.168.1.210
|
Host 192.168.1.210
|
||||||
StrictHostKeyChecking no
|
StrictHostKeyChecking no
|
||||||
Host framework-server
|
|
||||||
ForwardAgent yes
|
|
||||||
StreamLocalBindUnlink yes
|
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
|
|
|
@ -21,7 +21,7 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
programs.gpg.publicKeys = [
|
programs.gpg.publicKeys = [
|
||||||
{
|
{ # Albert J. Copeland <albert@sysctl.io>
|
||||||
source = ../../../keys/users/albert.asc;
|
source = ../../../keys/users/albert.asc;
|
||||||
trust = "ultimate";
|
trust = "ultimate";
|
||||||
}
|
}
|
||||||
|
|
16
nixos/common/modules/yubikey-auth.nix
Normal file
16
nixos/common/modules/yubikey-auth.nix
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
{ ... }: {
|
||||||
|
security.pam.yubico = {
|
||||||
|
enable = true;
|
||||||
|
debug = true;
|
||||||
|
mode = "challenge-response";
|
||||||
|
id = [ "18550256" ];
|
||||||
|
};
|
||||||
|
services.udev.extraRules = ''
|
||||||
|
ACTION=="remove",\
|
||||||
|
ENV{ID_BUS}=="usb",\
|
||||||
|
ENV{ID_MODEL_ID}=="0407",\
|
||||||
|
ENV{ID_VENDOR_ID}=="1050",\
|
||||||
|
ENV{ID_VENDOR}=="Yubico",\
|
||||||
|
RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
|
||||||
|
'';
|
||||||
|
}
|
|
@ -8,6 +8,7 @@
|
||||||
../../common/modules/secureboot.nix
|
../../common/modules/secureboot.nix
|
||||||
# ../../common/modules/boot.nix
|
# ../../common/modules/boot.nix
|
||||||
../../common/modules/udev-rules.nix
|
../../common/modules/udev-rules.nix
|
||||||
|
../../common/modules/yubikey-auth.nix
|
||||||
../../common/modules/builder.nix
|
../../common/modules/builder.nix
|
||||||
../../common/services/podman.nix
|
../../common/services/podman.nix
|
||||||
];
|
];
|
||||||
|
|
Loading…
Reference in a new issue