diff --git a/system/carbon/configuration.nix b/system/carbon/configuration.nix index 5d94b83..d096e50 100644 --- a/system/carbon/configuration.nix +++ b/system/carbon/configuration.nix @@ -109,6 +109,10 @@ wireguard-tools prusa-slicer + + yubikey-manager + yubikey-agent + yubico-pam ]; # Some programs need SUID wrappers, can be configured further or are @@ -161,6 +165,19 @@ pulse.enable = true; }; + services.pcscd.enable = true; + + security.pam.yubico = { + enable = true; + #debug = true; + mode = "challenge-response"; + # Uncomment below for 2FA + #control = "required"; + }; + # To set up, need to run (might need to run as root) + # ykman otp chalresp --touch --generate 2 + # ykpamcfg -2 -v + # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ];