feat: update yubikey configuration

2025-10-31 13:50:04 +00:00 · 2024-12-23 18:33:51 +01:00 · 2024-12-23 18:33:51 +01:00 · 27829eb0fc
commit 27829eb0fc
parent d06c14e32d
1 changed files with 14 additions and 2 deletions
--- a/modules/nixos/security/yubikey/default.nix
+++ b/modules/nixos/security/yubikey/default.nix
@ -7,7 +7,7 @@
 }: with lib; with lib.${namespace};
 let
  cfg = config.${namespace}.security.yubikey;
-in 
+in
 {
  options.${namespace}.security.yubikey = with types; {
    enable = mkEnableOption "Enable the Yubikey as a security device.";
@ -17,6 +17,7 @@ in
      example = [ "123456" "1234567" ];
      description = "Register additional Yubikey IDs.";
    };
+    enable-agent = mkEnableOption "Enable the Yubikey agent";
  };

  config = mkIf cfg.enable {
@ -34,5 +35,16 @@ in
      login.u2fAuth = true;
      sudo.u2fAuth = true;
    };
+
+    services.yubikey-agent.enable = cfg.enable-agent;
+
+    programs.ssh.extraConfig = mkIf cfg.enable-agent ''
+        Host *
+            IdentityAgent /usr/local/var/run/yubikey-agent.sock
+    '';
+
+    environment.sessionVariables = mkIf cfg.enable-agent {
+        SSH_AUTH_SOCK = "/usr/local/var/run/yubikey-agent.sock";
+    };
  };
-}
+}