From 2513c93d2694ed6aacc25426af824fe3e7bcd8fc Mon Sep 17 00:00:00 2001
From: winston <hey@winston.sh>
Date: Fri, 19 May 2023 04:07:58 +0200
Subject: [PATCH] feat: enable YubiKey U2F

---
 home/default.nix                  |  3 +++
 home/secrets/main.yaml            |  4 ++--
 machines/common/linux/greeter.nix | 12 +++++++++++-
 3 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/home/default.nix b/home/default.nix
index 1d9b535..2a5ea32 100644
--- a/home/default.nix
+++ b/home/default.nix
@@ -63,4 +63,7 @@ in {
   };
 
   xdg.configFile."ideavim/ideavimrc".source = config.lib.file.mkOutOfStoreSymlink "${flakePath}/home/apps/ideavim/ideavimrc";
+  xdg.configFile."Yubico/u2f_keys".text = ''
+    winston:+SzANNyl5RpjNZFCthItSi7rQgiNqKNQztm2omNDnMOMNYXbnpoxMY/tqNCqoUtcAnkSmfC1/2E3WMZZ+IupFw==,gw1FnUrGJ2/vsxrcyOP17603yWSSk2OaatqvqkzhiEmRd/FAzWuXYE2YA16SBB9n+f6IypjerPgwY06zOw3DOA==,es256,+presence%
+  '';
 }
diff --git a/home/secrets/main.yaml b/home/secrets/main.yaml
index 5ab96bd..a33ac92 100644
--- a/home/secrets/main.yaml
+++ b/home/secrets/main.yaml
@@ -10,8 +10,8 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2023-05-18T13:05:14Z"
-    mac: ENC[AES256_GCM,data:xhO/z1+FlFJ4L6kJuHWnJIio2LZbUjPSwu4NLtL+oYlhQXLUPBHDdNo3b4tbINuTZYyZsUiTuqJPLbwGg9V92udaYVVhzBHypQulgrfR69zIDkGYx/ZvCMsVVLGWnhvzMDOgfJxkEsU9nXyJinKaalKu7acFB8Tubry4jt0Kkls=,iv:yCmc8IldoU9fiWjqTcRPVD1I1VhWV4TD/QpU12RtUBg=,tag:bsmui6kK66HAi4XvIZO/Lg==,type:str]
+    lastmodified: "2023-05-19T02:13:25Z"
+    mac: ENC[AES256_GCM,data:0+s6D0QI8lr6U76UbQw77oqpSjS88Cc+/UC8HtKh363uqBjsaM8aUDoVSlWSHtqZBAHtc1h/BZT6CrS59j16aX8zo5+ciFKjlciRYR2v4fxXPPNMOhYFaas+IhVO3lmg6QlHHQwwW7Xy4knn2yu8iFg4FTGfXssKCLfokB3jiRQ=,iv:GnDpWg0omq2v8IJwDAZ8ZpgVLLVW3KvB6dtd+YJ9kec=,tag:hfPeQSwH8M8RhSkvG+2b0w==,type:str]
     pgp:
         - created_at: "2023-01-31T05:46:40Z"
           enc: |
diff --git a/machines/common/linux/greeter.nix b/machines/common/linux/greeter.nix
index cc73132..e1c354f 100644
--- a/machines/common/linux/greeter.nix
+++ b/machines/common/linux/greeter.nix
@@ -29,8 +29,18 @@ in {
   services.greetd.settings.default_session.command = "${lib.getExe config.programs.sway.package} --config ${greetdConfig}";
   services.gnome.gnome-keyring.enable = true;
 
-  security.pam.services.greetd.gnupg.enable = true;
+  security.pam = {
+    u2f = {
+      enable = true;
+      cue = true;
+    };
+    services.greetd = {
+      enableGnomeKeyring = true;
+      u2fAuth = true;
+    };
+  };
   security.polkit.enable = true;
+
   systemd = {
     packages = [pkgs.polkit_gnome];
     user.services.polkit-gnome-authentication-agent-1 = {