rework and fix some hardware key stuff

hosts/catbook-j/configuration.nix

@@ -19,6 +19,7 @@
     ./modules
   ];
   jade = {
+    hwKey.pamAuth.enable = true;
     desktop = {
       dm.autoLogin = {
         enable = true;

modules/hardware/hardware_key.nix

@@ -1,20 +1,35 @@
-{pkgs, ...}: {
+{
-  # nitrokey
+  pkgs,
-  services.udev.packages = [pkgs.nitrokey-udev-rules];
+  config,
-
+  lib,
-  # smartcard daemon
+  ...
-  services.pcscd.enable = true;
+}: let
-
+  cfg = config.jade.hwKey;
-  # authenticate using hw key
+in
-  security.pam = {
+  with lib; {
-    services.jade.u2fAuth = true;
+    options.jade.hwKey = {
-    u2f = {
+      pamAuth.enable = mkEnableOption "Enable PAM authentication with hardware keys";
-      enable = true;
-      cue = true;
-      control = "sufficient";
-      authFile = "/home/jade/.ssh/u2f_keys";
     };
-  };
+    config = {
+      # nitrokey
+      services.udev.packages = [pkgs.nitrokey-udev-rules];
 
-  programs.i3lock.u2fSupport = true;
+      # smartcard daemon
-}
+      services.pcscd.enable = true;
+
+      # authenticate using hw key
+      security.pam = {
+        services.jade.u2fAuth = cfg.pamAuth.enable;
+        u2f = {
+          enable = true;
+          control = "sufficient";
+          settings = {
+            cue = true;
+            authFile = "/home/jade/.ssh/u2f_keys";
+          };
+        };
+      };
+
+      programs.i3lock.u2fSupport = true;
+    };
+  }