Add Yubikey support
This commit is contained in:
parent
3c0ee410e6
commit
1f8e342296
4 changed files with 18 additions and 4 deletions
|
@ -4,8 +4,5 @@
|
|||
home.file.".ssh/config".text = ''
|
||||
Host 192.168.1.210
|
||||
StrictHostKeyChecking no
|
||||
Host framework-server
|
||||
ForwardAgent yes
|
||||
StreamLocalBindUnlink yes
|
||||
'';
|
||||
}
|
||||
|
|
|
@ -21,7 +21,7 @@
|
|||
};
|
||||
|
||||
programs.gpg.publicKeys = [
|
||||
{
|
||||
{ # Albert J. Copeland <albert@sysctl.io>
|
||||
source = ../../../keys/users/albert.asc;
|
||||
trust = "ultimate";
|
||||
}
|
||||
|
|
16
nixos/common/modules/yubikey-auth.nix
Normal file
16
nixos/common/modules/yubikey-auth.nix
Normal file
|
@ -0,0 +1,16 @@
|
|||
{ ... }: {
|
||||
security.pam.yubico = {
|
||||
enable = true;
|
||||
debug = true;
|
||||
mode = "challenge-response";
|
||||
id = [ "18550256" ];
|
||||
};
|
||||
services.udev.extraRules = ''
|
||||
ACTION=="remove",\
|
||||
ENV{ID_BUS}=="usb",\
|
||||
ENV{ID_MODEL_ID}=="0407",\
|
||||
ENV{ID_VENDOR_ID}=="1050",\
|
||||
ENV{ID_VENDOR}=="Yubico",\
|
||||
RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
|
||||
'';
|
||||
}
|
|
@ -8,6 +8,7 @@
|
|||
../../common/modules/secureboot.nix
|
||||
# ../../common/modules/boot.nix
|
||||
../../common/modules/udev-rules.nix
|
||||
../../common/modules/yubikey-auth.nix
|
||||
../../common/modules/builder.nix
|
||||
../../common/services/podman.nix
|
||||
];
|
||||
|
|
Loading…
Reference in a new issue