home

My NixOS systems configurations.
Log | Files | Refs | LICENSE

yubikey.nix (1445B)


      1 { config, lib, pkgs, ... }:
      2 let
      3   inherit (lib) mkEnableOption mkIf mkMerge mkOption types;
      4   cfg = config.modules.hardware.yubikey;
      5 in
      6 {
      7   options = {
      8     modules.hardware.yubikey = {
      9       enable = mkEnableOption "Enable yubikey profile";
     10       u2f = mkOption {
     11         default = true;
     12         description = "wether to enable auth with yubkeys throguh pam using u2f";
     13         type = types.bool;
     14       };
     15     };
     16   };
     17   config = mkIf cfg.enable (mkMerge [
     18     {
     19       environment = {
     20         systemPackages = with pkgs; [
     21           yubico-piv-tool
     22           yubikey-personalization
     23           yubikey-manager
     24         ];
     25       };
     26       services = {
     27         pcscd.enable = true;
     28         udev = {
     29           packages = with pkgs; [ yubikey-personalization ];
     30           extraRules = ''
     31             # Yubico YubiKey
     32             KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410", TAG+="uaccess", MODE="0660", GROUP="wheel"
     33             # ACTION=="remove", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410", RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
     34           '';
     35         };
     36       };
     37     }
     38     (mkIf config.modules.desktop.enable {
     39       environment.systemPackages = with pkgs; [
     40         yubioath-flutter
     41       ];
     42     })
     43     (mkIf cfg.u2f {
     44       security.pam.u2f = {
     45         enable = true;
     46       };
     47     })
     48   ]);
     49 }