diff --git a/hosts/nixlap/configuration.nix b/hosts/nixlap/configuration.nix
index 131d472..a3006b5 100644
--- a/hosts/nixlap/configuration.nix
+++ b/hosts/nixlap/configuration.nix
@@ -33,6 +33,8 @@ in
   services.power-profiles-daemon.enable = true;
   # Bonjour
   services.murmur.bonjour = true;
+
+  yubikey.enable-u2f-auth = true;
   
   # Allow using flakes
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
diff --git a/modules/nixos/yubikey/default.nix b/modules/nixos/yubikey/default.nix
index c31d204..b15e4f2 100644
--- a/modules/nixos/yubikey/default.nix
+++ b/modules/nixos/yubikey/default.nix
@@ -62,6 +62,7 @@ in
   options = {
     yubikey = {
       enable = lib.mkEnableOption "Enable yubikey support";
+      enable-u2f-auth = lib.mkEnableOption "Enable u2f backed by a yubikey";
       identifiers = lib.mkOption {
         default = { };
         type = lib.types.attrsOf lib.types.int;
@@ -148,7 +149,7 @@ in
 
     # yubikey login / sudo
     security.pam = lib.optionalAttrs pkgs.stdenv.isLinux {
-      u2f = {
+      u2f = lib.mkIf config.yubikey.enable-u2f-auth {
         enable = true;
         settings = {
           cue = true; # Tells user they need to press the button