an attempt at moving the u2f thing into nix

2024-06-09 17:28:35 +02:00 · 2024-06-09 17:28:35 +02:00 · 0ed92091fd
commit 0ed92091fd
parent 02feef64ac
3 changed files with 15 additions and 0 deletions
--- a/options/desktop/yubikey.nix
+++ b/options/desktop/yubikey.nix
@ -1,3 +1,9 @@
+# {
+#     config,
+#     ...
+# }: let
+#     # inherit (config.myOptions.other.system) username;
+# in {
 _: {
    security.pam = {
        services = {
@ -5,4 +11,12 @@ _: {
            sudo.u2fAuth = true;
        };
    };
+
+    # age.secrets.yubikey-u2f-keys.file = ../../secrets/yubikey-u2f-keys.age;
+
+    # environment.etc."Yubico/u2f_keys".source = config.age.secrets.yubikey-u2f-keys.path;
+
+    # home-manager.users.${username} = {
+    #     xdg.configFile."Yubico/u2f_keys".source = /etc/Yubico/u2f_keys;
+    # };
 }
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -19,4 +19,5 @@ in {
    "forgejo-runner-token.age".publicKeys = niks ++ chmura ++ del;
    "plausible-secret-keybase.age".publicKeys = niks ++ chmura ++ del;
    "plausible-admin-password.age".publicKeys = niks ++ chmura ++ del;
+    "yubikey-u2f-keys.age".publicKeys = niks ++ chmura ++ del;
 }
--- a/secrets/yubikey-u2f-keys.age
+++ b/secrets/yubikey-u2f-keys.age