Commit 9dc03ef

HPCesia <me@hpcesia.com>
2025-08-06 06:08:10
feat: add yubikey support
1 parent 1576d1d
Changed files (2)
home
linux
modules
nixos
home/linux/gui/misc.nix
@@ -40,6 +40,10 @@ in {
     ];
   };
 
+  # Fix pcsc conflict
+  # https://github.com/LudovicRousseau/PCSC/issues/65
+  programs.gpg.scdaemonSettings.disable-ccid = true;
+
   # allow fontconfig to discover fonts and configurations installed through home.packages
   # Install fonts at system-level, not user-level
   fonts.fontconfig.enable = false;
modules/nixos/desktop/security.nix
@@ -6,4 +6,23 @@
     enableSSHSupport = false;
     settings.default-cache-ttl = 4 * 60 * 60; # 4 hours
   };
+
+  services.udev.packages = [pkgs.yubikey-personalization];
+  # Locking the screen when a Yubikey is unplugged
+  # https://nixos.wiki/wiki/Yubikey#Locking_the_screen_when_a_Yubikey_is_unplugged
+  services.udev.extraRules = ''
+    ACTION=="remove",\
+     ENV{ID_BUS}=="usb",\
+     ENV{ID_MODEL_ID}=="0407",\
+     ENV{ID_VENDOR_ID}=="1050",\
+     ENV{ID_VENDOR}=="Yubico",\
+     RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
+  '';
+  hardware.gpgSmartcards.enable = true;
+  services.pcscd.enable = true;
+
+  security.pam.services = {
+    login.u2fAuth = true;
+    sudo.u2fAuth = true;
+  };
 }