home

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README | LICENSE

commit bf7cb2e48c905cfd141529b01748e6f8532c9102
parent 647b48754a889e009b5f3db433de2c21f3bfbf70
Author: Vincent Demeester <vincent@sbr.pm>
Date:   Mon, 12 Oct 2020 11:42:20 +0200

systems: add withPam yubikey option

Signed-off-by: Vincent Demeester <vincent@sbr.pm>

Diffstat:
Msystems/modules/profiles/yubikey.nix | 52++++++++++++++++++++++++++++------------------------
1 file changed, 28 insertions(+), 24 deletions(-)

diff --git a/systems/modules/profiles/yubikey.nix b/systems/modules/profiles/yubikey.nix @@ -8,35 +8,39 @@ in options = { profiles.yubikey = { enable = mkEnableOption "Enable yubikey profile"; - withPam = { + withPam = mkOption { default = true; description = "Wether to enable auth with yubikeys through pam"; type = types.bool; }; }; }; - config = mkIf cfg.enable { - #security.pam.yubico = { - # enable = true; - #}; - environment = { - systemPackages = with pkgs; [ - yubico-piv-tool - yubikey-personalization - yubioath-desktop - yubikey-manager - ]; - }; - services = { - pcscd.enable = true; - udev = { - packages = with pkgs; [ yubikey-personalization ]; - extraRules = '' - # Yubico YubiKey - KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410", TAG+="uaccess", MODE="0660", GROUP="wheel" - # ACTION=="remove", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410", RUN+="${pkgs.systemd}/bin/loginctl lock-sessions" - ''; + config = mkIf cfg.enable (mkMerge [ + { + environment = { + systemPackages = with pkgs; [ + yubico-piv-tool + yubikey-personalization + yubioath-desktop + yubikey-manager + ]; }; - }; - }; + services = { + pcscd.enable = true; + udev = { + packages = with pkgs; [ yubikey-personalization ]; + extraRules = '' + # Yubico YubiKey + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410", TAG+="uaccess", MODE="0660", GROUP="wheel" + # ACTION=="remove", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410", RUN+="${pkgs.systemd}/bin/loginctl lock-sessions" + ''; + }; + }; + } + (mkIf cfg.withPam { + #security.pam.yubico = { + # enable = true; + #}; + }) + ]); }