mirror of
https://forge.katzen.cafe/schrottkatze/nix-configs.git
synced 2024-11-05 15:16:23 +01:00
rework and fix some hardware key stuff
This commit is contained in:
parent
2b13d1c0bb
commit
b63db1934d
|
@ -19,6 +19,7 @@
|
||||||
./modules
|
./modules
|
||||||
];
|
];
|
||||||
jade = {
|
jade = {
|
||||||
|
hwKey.pamAuth.enable = true;
|
||||||
desktop = {
|
desktop = {
|
||||||
dm.autoLogin = {
|
dm.autoLogin = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -1,20 +1,35 @@
|
||||||
{pkgs, ...}: {
|
{
|
||||||
# nitrokey
|
pkgs,
|
||||||
services.udev.packages = [pkgs.nitrokey-udev-rules];
|
config,
|
||||||
|
lib,
|
||||||
# smartcard daemon
|
...
|
||||||
services.pcscd.enable = true;
|
}: let
|
||||||
|
cfg = config.jade.hwKey;
|
||||||
# authenticate using hw key
|
in
|
||||||
security.pam = {
|
with lib; {
|
||||||
services.jade.u2fAuth = true;
|
options.jade.hwKey = {
|
||||||
u2f = {
|
pamAuth.enable = mkEnableOption "Enable PAM authentication with hardware keys";
|
||||||
enable = true;
|
|
||||||
cue = true;
|
|
||||||
control = "sufficient";
|
|
||||||
authFile = "/home/jade/.ssh/u2f_keys";
|
|
||||||
};
|
};
|
||||||
};
|
config = {
|
||||||
|
# nitrokey
|
||||||
|
services.udev.packages = [pkgs.nitrokey-udev-rules];
|
||||||
|
|
||||||
programs.i3lock.u2fSupport = true;
|
# smartcard daemon
|
||||||
}
|
services.pcscd.enable = true;
|
||||||
|
|
||||||
|
# authenticate using hw key
|
||||||
|
security.pam = {
|
||||||
|
services.jade.u2fAuth = cfg.pamAuth.enable;
|
||||||
|
u2f = {
|
||||||
|
enable = true;
|
||||||
|
control = "sufficient";
|
||||||
|
settings = {
|
||||||
|
cue = true;
|
||||||
|
authFile = "/home/jade/.ssh/u2f_keys";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
programs.i3lock.u2fSupport = true;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue