dotfiles.nix/nixos/common/optional/yubikey.nix

27 lines
700 B
Nix
Raw Permalink Normal View History

2024-08-08 09:02:42 +08:00
{pkgs, ...}: {
2024-01-21 21:03:57 +08:00
environment.systemPackages = with pkgs; [
# Enables files to be encrypted to age identities stored on YubiKeys
age-plugin-yubikey
2024-05-07 20:43:58 +08:00
# Setup dm-crypt managed device-mapper mappings.
2024-04-14 21:57:21 +08:00
cryptsetup
# Configure your YubiKey via the command line
yubikey-manager
2024-01-21 21:03:57 +08:00
];
2024-05-07 20:43:58 +08:00
# Manage secret (private) keys.
programs.gnupg.agent = {
enable = true;
# Fix: invalid time when using keytocard
pinentryPackage = pkgs.pinentry-curses;
2024-05-07 20:43:58 +08:00
};
2024-08-08 09:02:42 +08:00
# Use our yubikey as a user login or for sudo access
2024-01-21 21:03:57 +08:00
security.pam.services = {
login.u2fAuth = true;
sudo.u2fAuth = true;
};
2024-04-14 21:57:21 +08:00
# Enable udev rules for gnupg smart cards
hardware.gpgSmartcards.enable = true;
2024-01-21 21:03:57 +08:00
}