Add Yubikey support

This commit is contained in:
albert 2024-05-05 15:07:33 +09:00
parent 3c0ee410e6
commit 1f8e342296
No known key found for this signature in database
GPG key ID: 64F6C4EB46C4543A
4 changed files with 18 additions and 4 deletions

View file

@ -4,8 +4,5 @@
home.file.".ssh/config".text = ''
Host 192.168.1.210
StrictHostKeyChecking no
Host framework-server
ForwardAgent yes
StreamLocalBindUnlink yes
'';
}

View file

@ -21,7 +21,7 @@
};
programs.gpg.publicKeys = [
{
{ # Albert J. Copeland <albert@sysctl.io>
source = ../../../keys/users/albert.asc;
trust = "ultimate";
}

View file

@ -0,0 +1,16 @@
{ ... }: {
security.pam.yubico = {
enable = true;
debug = true;
mode = "challenge-response";
id = [ "18550256" ];
};
services.udev.extraRules = ''
ACTION=="remove",\
ENV{ID_BUS}=="usb",\
ENV{ID_MODEL_ID}=="0407",\
ENV{ID_VENDOR_ID}=="1050",\
ENV{ID_VENDOR}=="Yubico",\
RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
'';
}

View file

@ -8,6 +8,7 @@
../../common/modules/secureboot.nix
# ../../common/modules/boot.nix
../../common/modules/udev-rules.nix
../../common/modules/yubikey-auth.nix
../../common/modules/builder.nix
../../common/services/podman.nix
];