24 lines
566 B
Nix
24 lines
566 B
Nix
{ pkgs, ... }:
|
|
|
|
{
|
|
environment.systemPackages = with pkgs; [
|
|
# Enables files to be encrypted to age identities stored on YubiKeys
|
|
age-plugin-yubikey
|
|
# Cryptfile
|
|
cryptsetup
|
|
# Yubikey can be used as a smart card for secure encryption
|
|
gnupg
|
|
# Configure your YubiKey via the command line
|
|
yubikey-manager
|
|
];
|
|
|
|
# Use our yubikey as a user login or for sudo access
|
|
security.pam.services = {
|
|
login.u2fAuth = true;
|
|
sudo.u2fAuth = true;
|
|
};
|
|
|
|
# Enable udev rules for gnupg smart cards
|
|
hardware.gpgSmartcards.enable = true;
|
|
}
|