commit 8af65a70effce9b38b96c44552a392eed9df1162
author PineaFan <pineafan@clicks.codes> Sat Apr 20 21:00:21 2024 +0100
committer Samuel Shuert <coded@clicks.codes> Sat Apr 20 22:55:15 2024 +0000
tree 6c47a65b96f543cc2b58d4de0fcd0753b9cbe040
parent 66e4674590f74fa5fc8725a21d84de4c2f71a3cc

Update Yubikey module to include pam_u2f

Change-Id: I033e80bad70a3ded07638f74163f67954d5f6b2a
Reviewed-on: https://git.clicks.codes/c/Chimera/NixFiles/+/643
Reviewed-by: Samuel Shuert <coded@clicks.codes>
Reviewed-by: Skyler Grey <minion@clicks.codes>
Tested-by: Samuel Shuert <coded@clicks.codes>

modules/home/gpg/default.nix

diff --git a/modules/home/gpg/default.nix b/modules/home/gpg/default.nix
index d4a4762..d5dadd5 100644
--- a/modules/home/gpg/default.nix
+++ b/modules/home/gpg/default.nix
@@ -21,7 +21,7 @@
 
     services.gpg-agent = {
       enable = true;
-      pinentryFlavor = "tty";
+      pinentryPackage = pkgs.pinentry-gtk2;
       enableZshIntegration = config.chimera.shell.zsh.enable;
       enableBashIntegration = config.chimera.shell.bash.enable;
     };

modules/home/yubikey/default.nix

diff --git a/modules/home/yubikey/default.nix b/modules/home/yubikey/default.nix
index f9c32e0..cd39f5d 100644
--- a/modules/home/yubikey/default.nix
+++ b/modules/home/yubikey/default.nix
@@ -1,5 +1,19 @@
 { config, lib, ... }: {
   options = {
     chimera.yubikey.enable = lib.mkEnableOption "Enable support for YuibKeys";
+    chimera.yubikey.pam.enable = lib.mkEnableOption "Enable Login and sudo via YubiKey";
+    chimera.yubikey.pam.key = lib.mkOption {
+      type = lib.types.str;
+      example = "<username>:<KeyHandle1>,<UserKey1>,<CoseType1>,<Options1>:<KeyHandle2>,<UserKey2>,<CoseType2>,<Options2>:...";
+      description = "A string following the example";
+    };
+  };
+
+  config = lib.mkIf (config.chimera.yubikey.pam.enable && config.chimera.yubikey.enable) {
+    home.file.".config/Yubico/u2f_keys" = {
+      target = ".config/Yubico/u2f_keys";
+      enable = true;
+      text = config.chimera.yubikey.pam.key;
+    };
   };
 }

modules/nixos/yubikey/default.nix

diff --git a/modules/nixos/yubikey/default.nix b/modules/nixos/yubikey/default.nix
index c3b7e12..eb3cf06 100644
--- a/modules/nixos/yubikey/default.nix
+++ b/modules/nixos/yubikey/default.nix
@@ -1,9 +1,15 @@
 { config, lib, ... }: {
   options = {
     chimera.yubikey.enable = lib.mkEnableOption "Enable support for YuibKeys";
+    chimera.yubikey.pam.enable = lib.mkEnableOption "Enable Login and sudo via YubiKey";
   };
 
   config = lib.mkIf config.chimera.yubikey.enable {
     services.pcscd.enable = true;
+    security.pam.u2f.cue = true;
+    security.pam.services = lib.mkIf config.chimera.yubikey.pam.enable {
+      login.u2fAuth = true;
+      sudo.u2fAuth = true;
+    };
   };
 }

systems/x86_64-linux/saurosuchus/yubikey/default.nix

diff --git a/systems/x86_64-linux/saurosuchus/yubikey/default.nix b/systems/x86_64-linux/saurosuchus/yubikey/default.nix
index 5194cd7..d9a5c21 100644
--- a/systems/x86_64-linux/saurosuchus/yubikey/default.nix
+++ b/systems/x86_64-linux/saurosuchus/yubikey/default.nix
@@ -1,5 +1,5 @@
 { config, lib, pkgs, ... }:
-
 {
   chimera.yubikey.enable = true;
+  chimera.yubikey.pam.enable = true;
 }