jmug/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Conditionally enable u2f auth.

Browse source 
Signed-off-by: jmug <u.g.a.mariano@gmail.com>
This commit is contained in:
Mariano Uvalle 2025-06-03 22:10:18 -07:00
parent 33cf802b18
commit 004300bb1a
2 changed files with 4 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
hosts/nixlap/configuration.nix
View file

@ -34,6 +34,8 @@ in
# Bonjour # Bonjour
services.murmur.bonjour = true; services.murmur.bonjour = true;
yubikey.enable-u2f-auth = true;
# Allow using flakes # Allow using flakes
nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.experimental-features = [ "nix-command" "flakes" ];

3
modules/nixos/yubikey/default.nix
View file

@ -62,6 +62,7 @@ in
options = { options = {
yubikey = { yubikey = {
enable = lib.mkEnableOption "Enable yubikey support"; enable = lib.mkEnableOption "Enable yubikey support";
enable-u2f-auth = lib.mkEnableOption "Enable u2f backed by a yubikey";
identifiers = lib.mkOption { identifiers = lib.mkOption {
default = { }; default = { };
type = lib.types.attrsOf lib.types.int; type = lib.types.attrsOf lib.types.int;
@ -148,7 +149,7 @@ in
# yubikey login / sudo # yubikey login / sudo
security.pam = lib.optionalAttrs pkgs.stdenv.isLinux { security.pam = lib.optionalAttrs pkgs.stdenv.isLinux {
u2f = { u2f = lib.mkIf config.yubikey.enable-u2f-auth {
enable = true; enable = true;
settings = { settings = {
cue = true; # Tells user they need to press the button cue = true; # Tells user they need to press the button