nix-configs/modules/hardware/hardware_key.nix

{
  pkgs,
  config,
  lib,
  ...
}:
let
  cfg = config.jade.hwKey;
in
with lib;
{
  options.jade.hwKey = {
    pamAuth.enable = mkEnableOption "Enable PAM authentication with hardware keys";
  };
  config = {
    # nitrokey
    services.udev.packages = [ pkgs.nitrokey-udev-rules ];

    # smartcard daemon
    services.pcscd.enable = true;

    # authenticate using hw key
    security.pam = {
      services.jade.u2fAuth = cfg.pamAuth.enable;
      u2f = {
        enable = true;
        control = "sufficient";
        settings = {
          cue = true;
          authFile = "/home/jade/.ssh/u2f_keys";
        };
      };
    };

    programs.i3lock.u2fSupport = true;
  };
}
rework and fix some hardware key stuff 2024-08-01 08:17:09 +02:00			`{`
			`pkgs,`
			`config,`
			`lib,`
			`...`
formatting, big time 2025-04-11 09:20:46 +02:00			`}:`
			`let`
rework and fix some hardware key stuff 2024-08-01 08:17:09 +02:00			`cfg = config.jade.hwKey;`
			`in`
formatting, big time 2025-04-11 09:20:46 +02:00			`with lib;`
			`{`
			`options.jade.hwKey = {`
			`pamAuth.enable = mkEnableOption "Enable PAM authentication with hardware keys";`
			`};`
			`config = {`
			`# nitrokey`
			`services.udev.packages = [ pkgs.nitrokey-udev-rules ];`
move hardware key configs into one file 2024-03-05 13:49:22 +01:00
formatting, big time 2025-04-11 09:20:46 +02:00			`# smartcard daemon`
			`services.pcscd.enable = true;`
move hardware key configs into one file 2024-03-05 13:49:22 +01:00
formatting, big time 2025-04-11 09:20:46 +02:00			`# authenticate using hw key`
			`security.pam = {`
			`services.jade.u2fAuth = cfg.pamAuth.enable;`
			`u2f = {`
			`enable = true;`
			`control = "sufficient";`
			`settings = {`
			`cue = true;`
			`authFile = "/home/jade/.ssh/u2f_keys";`
rework and fix some hardware key stuff 2024-08-01 08:17:09 +02:00			`};`
			`};`
			`};`
formatting, big time 2025-04-11 09:20:46 +02:00
			`programs.i3lock.u2fSupport = true;`
			`};`
			`}`