From b63db1934da08903a2d8b224e18431ddfc6c7c1e Mon Sep 17 00:00:00 2001 From: Schrottkatze Date: Thu, 1 Aug 2024 08:17:09 +0200 Subject: [PATCH] rework and fix some hardware key stuff --- hosts/catbook-j/configuration.nix | 1 + modules/hardware/hardware_key.nix | 51 ++++++++++++++++++++----------- 2 files changed, 34 insertions(+), 18 deletions(-) diff --git a/hosts/catbook-j/configuration.nix b/hosts/catbook-j/configuration.nix index 5d36a7a..342c186 100644 --- a/hosts/catbook-j/configuration.nix +++ b/hosts/catbook-j/configuration.nix @@ -19,6 +19,7 @@ ./modules ]; jade = { + hwKey.pamAuth.enable = true; desktop = { dm.autoLogin = { enable = true; diff --git a/modules/hardware/hardware_key.nix b/modules/hardware/hardware_key.nix index 8510d86..1f75106 100644 --- a/modules/hardware/hardware_key.nix +++ b/modules/hardware/hardware_key.nix @@ -1,20 +1,35 @@ -{pkgs, ...}: { - # nitrokey - services.udev.packages = [pkgs.nitrokey-udev-rules]; - - # smartcard daemon - services.pcscd.enable = true; - - # authenticate using hw key - security.pam = { - services.jade.u2fAuth = true; - u2f = { - enable = true; - cue = true; - control = "sufficient"; - authFile = "/home/jade/.ssh/u2f_keys"; +{ + pkgs, + config, + lib, + ... +}: let + cfg = config.jade.hwKey; +in + with lib; { + options.jade.hwKey = { + pamAuth.enable = mkEnableOption "Enable PAM authentication with hardware keys"; }; - }; + config = { + # nitrokey + services.udev.packages = [pkgs.nitrokey-udev-rules]; - programs.i3lock.u2fSupport = true; -} + # smartcard daemon + services.pcscd.enable = true; + + # authenticate using hw key + security.pam = { + services.jade.u2fAuth = cfg.pamAuth.enable; + u2f = { + enable = true; + control = "sufficient"; + settings = { + cue = true; + authFile = "/home/jade/.ssh/u2f_keys"; + }; + }; + }; + + programs.i3lock.u2fSupport = true; + }; + }