From 2ffcd13afcf52610c90ce76711bbc41a381bcd6f Mon Sep 17 00:00:00 2001
From: Kjetil Orbekk <kjetil.orbekk@gmail.com>
Date: Fri, 19 May 2017 09:51:10 -0400
Subject: yubikey: Working U2F config.
---
config/desktop.nix | 1 -
config/users.nix | 3 ++-
config/yubikey.nix | 14 ++++++++++++++
machines/x1-pincer.nix | 1 +
4 files changed, 17 insertions(+), 2 deletions(-)
create mode 100644 config/yubikey.nix
diff --git a/config/desktop.nix b/config/desktop.nix
index 88251d9..68b994d 100644
--- a/config/desktop.nix
+++ b/config/desktop.nix
@@ -43,7 +43,6 @@
xscreensaver
xsel # used by urxvt clipboard
xss-lock
- yubikey-personalization
];
services = {
diff --git a/config/users.nix b/config/users.nix
index 78f8473..64ea70b 100644
--- a/config/users.nix
+++ b/config/users.nix
@@ -8,13 +8,14 @@
home = "/home/orbekk";
uid = 1000;
description = "KJ";
- extraGroups = ["wheel" "networkmanager" "dialout" "uucp" "audio" "input"];
+ extraGroups = ["wheel" "networkmanager" "dialout" "uucp" "audio" "plugdev"];
openssh.authorizedKeys.keyFiles = [ ../data/pincer_rsa.pub ];
};
fcgi = { name = "fcgi"; group = "fcgi"; uid = 500; };
};
extraGroups = {
fcgi = { name = "fcgi"; gid = 500; };
+ plugdev = { name = "plugdev"; gid = 501; };
};
};
}
diff --git a/config/yubikey.nix b/config/yubikey.nix
new file mode 100644
index 0000000..78be8db
--- /dev/null
+++ b/config/yubikey.nix
@@ -0,0 +1,14 @@
+{ config, lib, pkgs, ... }:
+let
+ yubikey-pkgs = with pkgs; [
+ libusb
+ libu2f-host
+ yubikey-personalization
+ yubikey-manager
+ ];
+in
+{
+ services.pcscd.enable = true;
+ environment.systemPackages = yubikey-pkgs;
+ services.udev.packages = yubikey-pkgs;
+}
diff --git a/machines/x1-pincer.nix b/machines/x1-pincer.nix
index 2f81757..d763688 100644
--- a/machines/x1-pincer.nix
+++ b/machines/x1-pincer.nix
@@ -2,6 +2,7 @@
{
imports = [
../config/desktop.nix
+ ../config/yubikey.nix
../config/thinkpad.nix
];
--
cgit v1.2.3