system-manager-wakasu
1{
2 lib,
3 pkgs,
4 desktop,
5 ...
6}:
7{
8 environment.systemPackages =
9 with pkgs;
10 [
11 age-plugin-yubikey
12 yubico-piv-tool
13 yubikey-personalization
14 yubikey-manager
15 yubikey-agent
16 ]
17 ++ lib.optionals (builtins.isString desktop) [
18 yubioath-flutter # Maybe not necessary
19 ];
20
21 programs.yubikey-touch-detector.enable = builtins.isString desktop;
22
23 services = {
24 pcscd.enable = true;
25 udev = {
26 packages = [ pkgs.yubikey-personalization ];
27 # FIXME: is it necessary ?
28 extraRules = ''
29 # Yubico YubiKey
30 KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410", TAG+="uaccess", MODE="0660", GROUP="wheel"
31 # ACTION=="remove", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410", RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
32 '';
33 };
34 };
35
36 security.pam.u2f = {
37 enable = true;
38 settings = {
39 origin = "pam://yubi";
40 authfile = pkgs.writeText "u2f-mappings" (
41 lib.concatStrings [
42 "vincent"
43 ":4IiWZI9g6D8W6LeAW13ug4CnS8PreNRcHdcebkUDny3gWGfmpMJg4TgBWaZSIdh+sgg4jQA4MxYwTCmmP/ipWQ==,qOl+ouBRk6MMEJiE7H5LuTAirhBhN0UQrCNlLQoRsVttp6IBKG4yq4zDwm4fmYlfy1MFhvh7oOapMOmodMKJpQ==,es256,+presence" # yubikey5-a
44 ":Sz4J2qMhoE7bE/uzwUzjJxG/bE0s+cw18zXcQjRsLIdJTVbuMad1ivKlYeLZW6vWV0lYiODlRW21HTSaFzu06A==,p7OZ3z5fiAIuJRHVzm56Y8Ti934+4cVHjsG7kaapmz8cWPfXfXfj5c8QiyIz3EQ0hOoxVV5cbkzUTxe7hdQIsA==,es256,+presence" # yubikey5-c1
45 ]
46 );
47 };
48 };
49
50 programs.gnupg.agent.pinentryPackage = pkgs.pinentry-gnome3;
51 services.yubikey-agent.enable = true;
52 # systemd.packages = [ pkgs.yubikey-agent ];
53
54 # This overrides the systemd user unit shipped with the
55 # yubikey-agent package
56 # systemd.user.services.yubikey-agent =
57 # lib.mkIf (config.programs.gnupg.agent.pinentryPackage != null)
58 # {t
59 # path = [ config.programs.gnupg.agent.pinentryPackage ];
60 # wantedBy = [ "default.target" ];
61 # };
62}