From 3c4414fcb3280459ec3dc875c9cc939c19f006fe Mon Sep 17 00:00:00 2001
From: Natsu Kagami <nki@nkagami.me>
Date: Sun, 15 May 2022 14:46:17 -0400
Subject: [PATCH] Enable U2F on linux systems

---
 modules/personal/u2f.nix   | 29 +++++++++++++++++++++++++++++
 nki-home/configuration.nix |  2 ++
 2 files changed, 31 insertions(+)
 create mode 100644 modules/personal/u2f.nix

diff --git a/modules/personal/u2f.nix b/modules/personal/u2f.nix
new file mode 100644
index 0000000..9740329
--- /dev/null
+++ b/modules/personal/u2f.nix
@@ -0,0 +1,29 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+let
+  cfg = config.personal.u2f;
+in
+{
+  options.personal.u2f = {
+    enable = mkEnableOption "Enable personal U2F login modules and stuff";
+  };
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = with pkgs; [
+      pam_u2f # for pamu2fcfg
+    ];
+    security.pam = mkIf (strings.hasSuffix "linux" pkgs.system) {
+      u2f = {
+        enable = true;
+        cue = true;
+        interactive = true;
+      };
+
+      # Services
+      services.sudo.u2fAuth = true;
+      services.login.u2fAuth = true;
+      services.swaylock.u2fAuth = mkIf (config.services.swaylock.enable) true;
+    };
+  };
+}
diff --git a/nki-home/configuration.nix b/nki-home/configuration.nix
index b5f98d4..0b05212 100644
--- a/nki-home/configuration.nix
+++ b/nki-home/configuration.nix
@@ -17,6 +17,7 @@
       ../modules/services/edns
       # Other services
       ../modules/services/swaylock.nix
+      ../modules/personal/u2f.nix
     ];
 
   # Set kernel version to latest
@@ -216,6 +217,7 @@
   security.pam.services.lightdm.enableKwallet = true;
   security.pam.services.lightdm.enableGnomeKeyring = true;
   services.swaylock.enable = true;
+  personal.u2f.enable = true;
 
 
   # This value determines the NixOS release from which the default