add yubikey u2f auth :3

2024-06-09 15:57:20 +02:00 · 2024-06-09 15:57:20 +02:00 · ee12047750
commit ee12047750
parent ee11e03961
3 changed files with 22 additions and 0 deletions
--- a/hosts/del/profile.nix
+++ b/hosts/del/profile.nix
@ -27,5 +27,6 @@ _: {
        ../../options/desktop/waydroid.nix
        ../../options/desktop/wayland.nix
        ../../options/desktop/wireshark.nix
+        ../../options/desktop/yubikey.nix
    ];
 }
--- a/hosts/niks/profile.nix
+++ b/hosts/niks/profile.nix
@ -29,5 +29,6 @@ _: {
        ../../options/desktop/v4l2.nix
        ../../options/desktop/waydroid.nix
        ../../options/desktop/wayland.nix
+        ../../options/desktop/yubikey.nix
    ];
 }
--- a/options/desktop/yubikey.nix
+++ b/options/desktop/yubikey.nix
@ -0,0 +1,20 @@
+{
+    pkgs,
+    ...
+}: {
+    security.pam = {
+        services = {
+            login.u2fAuth = true;
+            sudo.u2fAuth = true;
+        };
+    };
+
+    services.udev.extraRules = ''
+        ACTION=="remove",\
+          ENV{ID_BUS}=="usb",\
+          ENV{ID_MODEL_ID}=="0407",\
+          ENV{ID_VENDOR_ID}=="1050",\
+          ENV{ID_VENDOR}=="Yubico",\
+          RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
+    '';
+}