auth/sudo: enable u2f for sudo via pam module
This commit is contained in:
parent
2f3397354f
commit
5bc46fc64c
|
@ -69,6 +69,8 @@ in {
|
|||
"id_ed25519_sk-485.age".publicKeys = biolimoKeys ++ chocolatebarKeys ++ stroopwafelKeys ++ baseKeys;
|
||||
"id_ed25519_sk-464.age".publicKeys = biolimoKeys ++ chocolatebarKeys ++ stroopwafelKeys ++ baseKeys;
|
||||
|
||||
"u2f_keys.age".publicKeys = biolimoKeys ++ chocolatebarKeys ++ stroopwafelKeys ++ baseKeys;
|
||||
|
||||
"firefly-secrets.env.age".publicKeys = pieKeys ++ baseKeys;
|
||||
"firefly-db-secrets.env.age".publicKeys = pieKeys ++ baseKeys;
|
||||
"firefly-importer-secrets.env.age".publicKeys = pieKeys ++ baseKeys;
|
||||
|
|
53
secrets/u2f_keys.age
Normal file
53
secrets/u2f_keys.age
Normal file
|
@ -0,0 +1,53 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 TnSWKQ OvFRHaP8biGy7VQ+XxrMZrE5Eh7QrvqeZ70xxFMOXyY
|
||||
PG7nikQu62CTwQySa+izNiJnaF1VHO3c1vhYh7Zfb+k
|
||||
-> ssh-rsa 8daibg
|
||||
CPHcd9G2qk0IKQp1jDVDDRaeOy5w38f3EIzXqAL3b4sN9MTPbd9ahyEhXgmNLD+o
|
||||
0ckrh4bvKO4q2cFH6CgXnSd2DfKxBZKvr8GU5ewThVsXcW1tl0XNq+wYQ3YJ6L1r
|
||||
urgFOPgSpJLfSvkrTTPya0exM4AaVioWM9uwHcpVUeyOsJxkSagmxhWI8Fnx+Xlz
|
||||
T8VUeyerlxCyrZbFoZIusX95n1NjLyFXzs8XjzVI8Ymy6Ce7X35hZDdcS+raHddP
|
||||
JpPrbSxL6OyDAu0Fgt2dhwmmqCy2awtB/xItbZWPVKluyVdfBnXtcMIIlZnsFrNo
|
||||
H+8ywckaBysJP186s762zCggX8ykslJKTrjRFlsKYbS6Wvv/D6l223O6VXS0AaVY
|
||||
1mlKMhd88PLsqD8XVIahgB+i0z1bYTPwILCbxdBX2iee2wkfBbeXmrNhz7bIc+1h
|
||||
/6QVb8dAjPGXHKbNkUsBf5tL1Omi07pXApclqI/Ohx0azIvDar4ldPZpybuAKt1i
|
||||
bmjRF+l28ZF8++DmDUj97yugH3CCaJxAyQkyPvXWhle78lZwqe3XAfgao/zSZ000
|
||||
5QziRNlXhUobyuSypq9XhUMQvJQsezm22MEeyCa+kas5iZiyk9gJRXql8foZxj0o
|
||||
YPIVawLjnbujzv2j0KQEbMLtiWwX0b2FlpV70mwxaBI
|
||||
-> ssh-ed25519 2Ca8Kg Gb3ZhQ3a/Ss/c6F5OpnGwiT6X88XxWjUiisVS3dcaBE
|
||||
qEeHjKKBlgJIOhDVCkpdWYY1SYi1oL/0GD6qXWL9pTg
|
||||
-> ssh-rsa 2ggJWw
|
||||
CbdhxfuuynuYWnTv7Suyj1FbaSWaM6XOA35xNp5FHiwl7cQIQtIk/ZxK1CYV1Jfh
|
||||
tEFiKyEKoBMyT5GUgtDJVQWaLx8Mp/30ceyLO81hiRHZnndX09qH4fjM46sDXIJK
|
||||
0rYP70THidHcJ1rmrtJxmZkP+6pSNyaIAcljOw8W9A6t0zNpGHKKU4VCZB/Ox9PT
|
||||
raG8QDJIV93vp6aIFDGJ5+8jwwvP89vcMJPNEBc0e9/EB1tbioZTml8qBZs40p9S
|
||||
/evW0KaxT9DKkwZ6mXdXQC0lm2cz5ulXeVq9n5d1UeB4V1rQCkcv4xr+Hy8YcGX2
|
||||
PR6UDQUL1V/jsHSN0wQKCOOCr2sJJglSSxDU9RY/PJ12o4NNjcL1FZMFGHwCl0hB
|
||||
ldQZ2UK+B/yxU7q1uL0maV2ToCkjoESem1eeimHj+FnHt6gTShV+d4VfK7MrysSV
|
||||
KmaigRMFIzEuD6K0tZhwojgHLGlOVHDbjqZUJ0SvYGNm4Y1A4P7QiF3fs02vtq4b
|
||||
|
||||
-> ssh-ed25519 b0WFDg QvQnLb9Vzq1eGGB99N62MexOdnhrCsmhMHtb2BdjuiM
|
||||
FHBpBedd3EmYjjmDMMC930tthGgXRpE24a4Hnbonppc
|
||||
-> ssh-rsa kFDS0A
|
||||
IFolANSnhs53peU20XvvcPP/pZoIVHDmZZtutRVWzGEb6Wp7lo3UbzGMHCSW2eTb
|
||||
3k0CikfKgDcXXeM4LuXH86oJMZdxZO2LlPGmsMQmDRAWkQZjhpMcrmYrlIyWLgPO
|
||||
IcAnOpLmzgUizfQVfk4Kujoxwwb7Zu9Oa2MA57hLQz2IYxQUYlUq6Iixax2x8SUG
|
||||
A4GMq5VOxq7qXZY+hhSaPwsPJBPAnqEIPnvyUtSgqlJUQaK7OoS/0zPQ+iqDJwIb
|
||||
XASGol0PMsTRn/ARK1uERii+Q+nmztkrL9Ox2K9UMT6wfNmjtLAxvfRuTwZTIVtU
|
||||
9X59BO42A50pOGudUa9xRYCnOiLhF9PG85e1dJrDEEnTVLYWeIPZAxOOTmoxBz4L
|
||||
05HWtAP141PxusMNFAMJmR5Nvo/DcNsYMQYxTEESJ+GAx7+PkUeFaQIeoGCDulWf
|
||||
Z9c1GiHXOOY8DDF9d3LM1bRxRGLy83IuY1ftC9NAjv2NDHAHKn4wehb9A8azzIOR
|
||||
prMBBvdvq9l5jV/kqqXhVeM0fqK6hvjaL9WT+QpikKxo9D3MtgwLdekVGzEXY55+
|
||||
PUE8r9HCISnu19BKNE5OcSQeWdMYbp1o6+0ir6ptVgAnUyrNxfJuGYx+hhrjhNKz
|
||||
IboPTZqENSoCjmwRQhJJTDqD2e7gt5SclisT+1pV8S4
|
||||
-> piv-p256 zqq/iw AreftGlpT4XE6oLF2JqGJZ9z0J+aA24f/mV3912onZpq
|
||||
lSyQYv/9fsHGK+efOqDSDrv7LtNMgRs3S+pzLwkCiSY
|
||||
-> piv-p256 vRzPNw Ai3RqqfpqtuB/7cKXHdthbsn0YCzIHeGTPvnKFRqVlDQ
|
||||
5dPhR3h50HP/gr7W4UWBeASunL/L/+HmZ1SYaRNfIY4
|
||||
-> Kq,X^3-grease H#p,? S#JCB
|
||||
L1KYQeakH6Y7Lo+yueCY4QwW7Ihan9KkyInY9tzjrZV8Ofu2OA
|
||||
--- BGyJ+z3FEuyKiWdR1VC7PUEhgT9WWLvGPfck73aC6FI
|
||||
iF솳3GrœIœ9!µ˜iM¿üš·%¬
|
||||
V’#5{ÒìÈ©–tyU·‘n–‚.š•<10>ô\Î,#äØ)¨ÂDx«UðÈ$&ƒ)sÙÃëJÄTØÅÔ(wû/ا‰Fî•‹‡µË„Ya¤=\V_êàg§ØK®YRŒá·5o4ì;qj£ˆ<C2A3>
|
||||
½¹¥Ff›G\<5C>µk4xÓ§CZ<>âwÚ)ñúíÏd[¿ˆþæV+ôKª‹’,ú<Ô°'´ÎºùNÌ“ÐF'Ä#E–7°µa™Ä6}Jú7 ?L6É°ˆ‹¯âE÷e‰z<6"<16>b–<62>¦ÌŽµÄÏZºø”W41á<31>7nËI<C38B>*|ÜlŠWñfáÄ^tòêŽf;§Æ
¤OÐ÷ß<C3B7>ГÑ@–üÕùÆpmõJrBKrøù€¢<E282AC>ÙÆk<C386>þyuR@Ëí'ðz© ÜP¯
e¢ÈF¦qÂ
|
||||
SØpê¶%<25>ýÃßcáŸv<C5B8>3<1D>zé¤ø÷VŒxÖóÈûò¤¸<C2A4>ÿ‡Û9¼Ò“¿”‘͆wqÊ<71>€à
|
||||
çËÜšîí`™Û±
|
|
@ -11,6 +11,7 @@ in {
|
|||
imports = [
|
||||
./home.nix
|
||||
./session-variables.nix
|
||||
./u2f.nix
|
||||
./concepts-and-training.nix
|
||||
./ehex.nix
|
||||
./email
|
||||
|
|
22
users/b12f/u2f.nix
Normal file
22
users/b12f/u2f.nix
Normal file
|
@ -0,0 +1,22 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
flake,
|
||||
...
|
||||
}: let
|
||||
psCfg = config.pub-solar;
|
||||
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||
in {
|
||||
age.secrets.u2f_keys = {
|
||||
file = "${flake.self}/secrets/u2f_keys.age";
|
||||
mode = "400";
|
||||
owner = psCfg.user.name;
|
||||
path = "${xdg.configHome}/Yubico/u2f_keys";
|
||||
};
|
||||
|
||||
security.pam.services = {
|
||||
login.u2fAuth = false;
|
||||
sudo.u2fAuth = true;
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue