Skyler Grey | 6390443 | 2024-02-20 23:25:45 +0000 | [diff] [blame] | 1 | { config, lib, ... }: { |
| 2 | options = { |
| 3 | chimera.yubikey.enable = lib.mkEnableOption "Enable support for YuibKeys"; |
PineaFan | 8af65a7 | 2024-04-20 21:00:21 +0100 | [diff] [blame] | 4 | chimera.yubikey.pam.enable = lib.mkEnableOption "Enable Login and sudo via YubiKey"; |
Skyler Grey | 6390443 | 2024-02-20 23:25:45 +0000 | [diff] [blame] | 5 | }; |
| 6 | |
| 7 | config = lib.mkIf config.chimera.yubikey.enable { |
| 8 | services.pcscd.enable = true; |
Samuel Shuert | 70698fd | 2024-08-23 10:59:43 -0400 | [diff] [blame] | 9 | security.pam.u2f.settings.cue = true; |
PineaFan | 8af65a7 | 2024-04-20 21:00:21 +0100 | [diff] [blame] | 10 | security.pam.services = lib.mkIf config.chimera.yubikey.pam.enable { |
| 11 | login.u2fAuth = true; |
| 12 | sudo.u2fAuth = true; |
| 13 | }; |
Skyler Grey | 6390443 | 2024-02-20 23:25:45 +0000 | [diff] [blame] | 14 | }; |
| 15 | } |