{ pkgs, ... }: { security.pam.yubico = { enable = true; debug = true; control = "required"; mode = "challenge-response"; challengeResponsePath = /run/secrets/yubikey/; id = [ "18550256" ]; }; sops.secrets."yubikey/albert-18550256" = { owner = "root"; sopsFile = ../../secrets/yubikey.yaml; }; environment.systemPackages = with pkgs; [ yubico-pam ]; services.udev.extraRules = '' ACTION=="remove",\ ENV{ID_BUS}=="usb",\ ENV{ID_MODEL_ID}=="0407",\ ENV{ID_VENDOR_ID}=="1050",\ ENV{ID_VENDOR}=="Yubico",\ RUN+="shutdown -h now" ''; }