From b0ff050687db28faad40b61a85dce9115577286f Mon Sep 17 00:00:00 2001
From: Dmitriy Pleshevskiy <dmitriy@pleshevski.ru>
Date: Sun, 19 May 2024 15:11:09 +0300
Subject: [PATCH] modules/yubikey: change u2f control to required

---
 modules/nixos/configs/yubikey.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/modules/nixos/configs/yubikey.nix b/modules/nixos/configs/yubikey.nix
index 00b08a1..3e76638 100644
--- a/modules/nixos/configs/yubikey.nix
+++ b/modules/nixos/configs/yubikey.nix
@@ -9,6 +9,11 @@ let cfg = config.local.yubikey; in
   config = lib.mkIf cfg.enable {
     environment.systemPackages = [ pkgs.yubikey-manager pkgs.yubikey-personalization ];
 
+    security.pam.u2f = {
+      enable = true;
+      control = "required";
+    };
+
     services.udev.packages = [ pkgs.yubikey-personalization ];
     security.pam.services = {
       login.u2fAuth = true;