commit bf7cb2e48c905cfd141529b01748e6f8532c9102
parent 647b48754a889e009b5f3db433de2c21f3bfbf70
Author: Vincent Demeester <vincent@sbr.pm>
Date: Mon, 12 Oct 2020 11:42:20 +0200
systems: add withPam yubikey option
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Diffstat:
1 file changed, 28 insertions(+), 24 deletions(-)
diff --git a/systems/modules/profiles/yubikey.nix b/systems/modules/profiles/yubikey.nix
@@ -8,35 +8,39 @@ in
options = {
profiles.yubikey = {
enable = mkEnableOption "Enable yubikey profile";
- withPam = {
+ withPam = mkOption {
default = true;
description = "Wether to enable auth with yubikeys through pam";
type = types.bool;
};
};
};
- config = mkIf cfg.enable {
- #security.pam.yubico = {
- # enable = true;
- #};
- environment = {
- systemPackages = with pkgs; [
- yubico-piv-tool
- yubikey-personalization
- yubioath-desktop
- yubikey-manager
- ];
- };
- services = {
- pcscd.enable = true;
- udev = {
- packages = with pkgs; [ yubikey-personalization ];
- extraRules = ''
- # Yubico YubiKey
- KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410", TAG+="uaccess", MODE="0660", GROUP="wheel"
- # ACTION=="remove", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410", RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
- '';
+ config = mkIf cfg.enable (mkMerge [
+ {
+ environment = {
+ systemPackages = with pkgs; [
+ yubico-piv-tool
+ yubikey-personalization
+ yubioath-desktop
+ yubikey-manager
+ ];
};
- };
- };
+ services = {
+ pcscd.enable = true;
+ udev = {
+ packages = with pkgs; [ yubikey-personalization ];
+ extraRules = ''
+ # Yubico YubiKey
+ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410", TAG+="uaccess", MODE="0660", GROUP="wheel"
+ # ACTION=="remove", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410", RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
+ '';
+ };
+ };
+ }
+ (mkIf cfg.withPam {
+ #security.pam.yubico = {
+ # enable = true;
+ #};
+ })
+ ]);
}