rework and fix some hardware key stuff

This commit is contained in:
Schrottkatze 2024-08-01 08:17:09 +02:00
parent 2b13d1c0bb
commit b63db1934d
No known key found for this signature in database
2 changed files with 34 additions and 18 deletions

View file

@ -19,6 +19,7 @@
./modules
];
jade = {
hwKey.pamAuth.enable = true;
desktop = {
dm.autoLogin = {
enable = true;

View file

@ -1,20 +1,35 @@
{pkgs, ...}: {
# nitrokey
services.udev.packages = [pkgs.nitrokey-udev-rules];
# smartcard daemon
services.pcscd.enable = true;
# authenticate using hw key
security.pam = {
services.jade.u2fAuth = true;
u2f = {
enable = true;
cue = true;
control = "sufficient";
authFile = "/home/jade/.ssh/u2f_keys";
{
pkgs,
config,
lib,
...
}: let
cfg = config.jade.hwKey;
in
with lib; {
options.jade.hwKey = {
pamAuth.enable = mkEnableOption "Enable PAM authentication with hardware keys";
};
};
config = {
# nitrokey
services.udev.packages = [pkgs.nitrokey-udev-rules];
programs.i3lock.u2fSupport = true;
}
# smartcard daemon
services.pcscd.enable = true;
# authenticate using hw key
security.pam = {
services.jade.u2fAuth = cfg.pamAuth.enable;
u2f = {
enable = true;
control = "sufficient";
settings = {
cue = true;
authFile = "/home/jade/.ssh/u2f_keys";
};
};
};
programs.i3lock.u2fSupport = true;
};
}