mirror of
https://forge.katzen.cafe/schrottkatze/nix-configs.git
synced 2024-12-22 01:25:52 +01:00
rework and fix some hardware key stuff
This commit is contained in:
parent
2b13d1c0bb
commit
b63db1934d
2 changed files with 34 additions and 18 deletions
|
@ -19,6 +19,7 @@
|
|||
./modules
|
||||
];
|
||||
jade = {
|
||||
hwKey.pamAuth.enable = true;
|
||||
desktop = {
|
||||
dm.autoLogin = {
|
||||
enable = true;
|
||||
|
|
|
@ -1,20 +1,35 @@
|
|||
{pkgs, ...}: {
|
||||
# nitrokey
|
||||
services.udev.packages = [pkgs.nitrokey-udev-rules];
|
||||
|
||||
# smartcard daemon
|
||||
services.pcscd.enable = true;
|
||||
|
||||
# authenticate using hw key
|
||||
security.pam = {
|
||||
services.jade.u2fAuth = true;
|
||||
u2f = {
|
||||
enable = true;
|
||||
cue = true;
|
||||
control = "sufficient";
|
||||
authFile = "/home/jade/.ssh/u2f_keys";
|
||||
{
|
||||
pkgs,
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
cfg = config.jade.hwKey;
|
||||
in
|
||||
with lib; {
|
||||
options.jade.hwKey = {
|
||||
pamAuth.enable = mkEnableOption "Enable PAM authentication with hardware keys";
|
||||
};
|
||||
};
|
||||
config = {
|
||||
# nitrokey
|
||||
services.udev.packages = [pkgs.nitrokey-udev-rules];
|
||||
|
||||
programs.i3lock.u2fSupport = true;
|
||||
}
|
||||
# smartcard daemon
|
||||
services.pcscd.enable = true;
|
||||
|
||||
# authenticate using hw key
|
||||
security.pam = {
|
||||
services.jade.u2fAuth = cfg.pamAuth.enable;
|
||||
u2f = {
|
||||
enable = true;
|
||||
control = "sufficient";
|
||||
settings = {
|
||||
cue = true;
|
||||
authFile = "/home/jade/.ssh/u2f_keys";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
programs.i3lock.u2fSupport = true;
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue