yubikey: Working U2F config.

4 files changed, 17 insertions, 2 deletions

diff --git a/config/desktop.nix b/config/desktop.nix
index 88251d9..68b994d 100644
--- a/config/desktop.nix
+++ b/config/desktop.nix
@@ -43,7 +43,6 @@
     xscreensaver
     xsel  # used by urxvt clipboard
     xss-lock
-    yubikey-personalization
   ];
 
   services = {
diff --git a/config/users.nix b/config/users.nix
index 78f8473..64ea70b 100644
--- a/config/users.nix
+++ b/config/users.nix
@@ -8,13 +8,14 @@
         home = "/home/orbekk";
         uid = 1000;
         description = "KJ";
-        extraGroups = ["wheel" "networkmanager" "dialout" "uucp" "audio" "input"];
+        extraGroups = ["wheel" "networkmanager" "dialout" "uucp" "audio" "plugdev"];
         openssh.authorizedKeys.keyFiles = [ ../data/pincer_rsa.pub ];
       };
       fcgi = { name = "fcgi"; group = "fcgi"; uid = 500; };
     };
     extraGroups = {
       fcgi = { name = "fcgi"; gid = 500; };
+      plugdev = { name = "plugdev"; gid = 501; };
     };
   };
 }
diff --git a/config/yubikey.nix b/config/yubikey.nix
new file mode 100644
index 0000000..78be8db
--- /dev/null
+++ b/config/yubikey.nix
@@ -0,0 +1,14 @@
+{ config, lib, pkgs, ... }:
+let
+  yubikey-pkgs = with pkgs; [
+    libusb
+    libu2f-host
+    yubikey-personalization
+    yubikey-manager
+  ];
+in
+{
+  services.pcscd.enable = true;
+  environment.systemPackages = yubikey-pkgs;
+  services.udev.packages = yubikey-pkgs;
+}
diff --git a/machines/x1-pincer.nix b/machines/x1-pincer.nix
index 2f81757..d763688 100644
--- a/machines/x1-pincer.nix
+++ b/machines/x1-pincer.nix
@@ -2,6 +2,7 @@
 {
   imports = [
     ../config/desktop.nix
+    ../config/yubikey.nix
     ../config/thinkpad.nix
   ];