commit c05832be9463396d0cab8b114880fe7ab5cb6263 parent 9514b6890244f702a1afc849d4b810ebe9c71b91 Author: Vincent Demeester <vincent@sbr.pm> Date: Tue, 13 Oct 2020 09:56:28 +0200 systems: enable u2f pam Signed-off-by: Vincent Demeester <vincent@sbr.pm> Diffstat:
M | systems/modules/profiles/yubikey.nix | | | 12 | ++++++------ |
M | users/vincent/default.nix | | | 3 | +++ |
2 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/systems/modules/profiles/yubikey.nix b/systems/modules/profiles/yubikey.nix @@ -8,9 +8,9 @@ in options = { profiles.yubikey = { enable = mkEnableOption "Enable yubikey profile"; - withPam = mkOption { + u2f = mkOption { default = true; - description = "Wether to enable auth with yubikeys through pam"; + description = "wether to enable auth with yubkeys throguh pam using u2f"; type = types.bool; }; }; @@ -37,10 +37,10 @@ in }; }; } - (mkIf cfg.withPam { - #security.pam.yubico = { - # enable = true; - #}; + (mkIf cfg.u2f { + security.pam.u2f = { + enable = true; + }; }) ]); } diff --git a/users/vincent/default.nix b/users/vincent/default.nix @@ -71,6 +71,9 @@ in home.packages = with pkgs; [ docker docker-compose ]; } ] + ++ optionals (config.profiles.yubikey.enable && config.profiles.yubikey.u2f) [{ + home.file.".config/Yubico/u2f_keys".source = pkgs.mkSecret ../../secrets/u2f_keys; + }] ++ optionals (isContainersEnabled && config.profiles.dev.enable) [ (import ./containers) ] ++ optionals config.profiles.kubernetes.enable [ (import ./containers/kubernetes.nix) ] ++ optionals config.profiles.openshift.enable [ (import ./containers/openshift.nix) ]