rework and fix some hardware key stuff

This commit is contained in:
Schrottkatze 2024-08-01 08:17:09 +02:00
parent 2b13d1c0bb
commit b63db1934d
Signed by: schrottkatze
SSH key fingerprint: SHA256:hXb3t1vINBFCiDCmhRABHX5ocdbLiKyCdKI4HK2Rbbc
2 changed files with 34 additions and 18 deletions

View file

@ -19,6 +19,7 @@
./modules ./modules
]; ];
jade = { jade = {
hwKey.pamAuth.enable = true;
desktop = { desktop = {
dm.autoLogin = { dm.autoLogin = {
enable = true; enable = true;

View file

@ -1,20 +1,35 @@
{pkgs, ...}: { {
# nitrokey pkgs,
services.udev.packages = [pkgs.nitrokey-udev-rules]; config,
lib,
# smartcard daemon ...
services.pcscd.enable = true; }: let
cfg = config.jade.hwKey;
# authenticate using hw key in
security.pam = { with lib; {
services.jade.u2fAuth = true; options.jade.hwKey = {
u2f = { pamAuth.enable = mkEnableOption "Enable PAM authentication with hardware keys";
enable = true;
cue = true;
control = "sufficient";
authFile = "/home/jade/.ssh/u2f_keys";
}; };
}; config = {
# nitrokey
services.udev.packages = [pkgs.nitrokey-udev-rules];
programs.i3lock.u2fSupport = true; # smartcard daemon
} services.pcscd.enable = true;
# authenticate using hw key
security.pam = {
services.jade.u2fAuth = cfg.pamAuth.enable;
u2f = {
enable = true;
control = "sufficient";
settings = {
cue = true;
authFile = "/home/jade/.ssh/u2f_keys";
};
};
};
programs.i3lock.u2fSupport = true;
};
}