modules/yubikey: change u2f control to required

This commit is contained in:
Dmitriy Pleshevskiy 2024-05-19 15:11:09 +03:00
parent 5729ec0922
commit b0ff050687
Signed by: pleshevskiy
GPG key ID: 17041163DA10A9A2

View file

@ -9,6 +9,11 @@ let cfg = config.local.yubikey; in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
environment.systemPackages = [ pkgs.yubikey-manager pkgs.yubikey-personalization ]; environment.systemPackages = [ pkgs.yubikey-manager pkgs.yubikey-personalization ];
security.pam.u2f = {
enable = true;
control = "required";
};
services.udev.packages = [ pkgs.yubikey-personalization ]; services.udev.packages = [ pkgs.yubikey-personalization ];
security.pam.services = { security.pam.services = {
login.u2fAuth = true; login.u2fAuth = true;