bennolor/SaugOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
SaugOS/modules/core/yubikey.nix
Benno Lorenz 842e4ea6fa added yubikey support
2026-03-25 15:49:07 +01:00

48 lines
1015 B
Nix
Raw Permalink Blame History

{
pkgs,
host,
...
}:
let
vars = import ../../hosts/${host}/variables.nix;
in
{
# Udev rules for YubiKey
services.udev.packages = [ pkgs.yubikey-personalization ];
# Smartcard daemon (for CCID / GPG smartcard mode)
services.pcscd.enable = true;
# GPG agent with SSH support
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
# Yubico PAM — challenge-response authentication
security.pam.yubico = {
enable = true;
debug = false;
mode = "challenge-response";
id = vars.yubikeyIds;
};
# Lock all sessions when a YubiKey is unplugged
services.udev.extraRules = ''
ACTION=="remove",\
ENV{ID_BUS}=="usb",\
ENV{ID_MODEL_ID}=="0407",\
ENV{ID_VENDOR_ID}=="1050",\
ENV{ID_VENDOR}=="Yubico",\
RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
'';
# Useful CLI tools for managing YubiKeys
environment.systemPackages = with pkgs; [
yubikey-personalization
yubikey-manager
yubico-pam
pam_u2f
];
}
Reference in New Issue View Git Blame Copy Permalink