From 59fd091632d39105509eeedb46cff5bd513b18fb Mon Sep 17 00:00:00 2001 From: Kyle Isom Date: Wed, 25 Mar 2026 00:04:51 -0700 Subject: [PATCH] enable FIDO2/U2F PAM authentication Co-Authored-By: Claude Opus 4.6 (1M context) --- configs/pkgs.nix | 1 + configuration.nix | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/configs/pkgs.nix b/configs/pkgs.nix index 4142612..7b019d7 100644 --- a/configs/pkgs.nix +++ b/configs/pkgs.nix @@ -49,6 +49,7 @@ ntp offpunk openssl + pam_u2f ops pandoc pciutils diff --git a/configuration.nix b/configuration.nix index c903cae..f919b7d 100644 --- a/configuration.nix +++ b/configuration.nix @@ -125,6 +125,11 @@ services.tailscale.enable = true; services.syncthing.enable = true; + security.pam.u2f = { + enable = true; + settings.cue = true; + }; + programs.gnupg.agent = { enable = true; enableSSHSupport = true;