Commit c05832be9463

Vincent Demeester <vincent@sbr.pm>
2020-10-13 09:56:28
systems: enable u2f pam
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
main
1 parent 9514b68
Changed files (2)
systems
modules
profiles
yubikey.nix
users
vincent
default.nix
systems/modules/profiles/yubikey.nix
@@ -8,9 +8,9 @@ in
   options = {
     profiles.yubikey = {
       enable = mkEnableOption "Enable yubikey profile";
-      withPam = mkOption {
+      u2f = mkOption {
         default = true;
-        description = "Wether to enable auth with yubikeys through pam";
+        description = "wether to enable auth with yubkeys throguh pam using u2f";
         type = types.bool;
       };
     };
@@ -37,10 +37,10 @@ in
         };
       };
     }
-    (mkIf cfg.withPam {
-      #security.pam.yubico = {
-      #  enable = true;
-      #};
+    (mkIf cfg.u2f {
+      security.pam.u2f = {
+        enable = true;
+      };
     })
   ]);
 }
users/vincent/default.nix
@@ -71,6 +71,9 @@ in
           home.packages = with pkgs; [ docker docker-compose ];
         }
       ]
+      ++ optionals (config.profiles.yubikey.enable && config.profiles.yubikey.u2f) [{
+        home.file.".config/Yubico/u2f_keys".source = pkgs.mkSecret ../../secrets/u2f_keys;
+      }]
       ++ optionals (isContainersEnabled && config.profiles.dev.enable) [ (import ./containers) ]
       ++ optionals config.profiles.kubernetes.enable [ (import ./containers/kubernetes.nix) ]
       ++ optionals config.profiles.openshift.enable [ (import ./containers/openshift.nix) ]