29cc0d2547
- Update flake.nix with 25.11 release and core inputs - Add dedicated modules for audio (Pipewire), bluetooth, and networking - Update GEMINI.md with the new Modular Merging Architecture blueprint - Configure graphical installer ISO and test VM outputs
47 lines
1.4 KiB
Bash
Executable File
47 lines
1.4 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
# Configure FIDO2 support declaratively for Nomarchy NixOS.
|
|
|
|
FEATURE_FILE="/etc/nixos/nomarchy-features/fido2.nix"
|
|
|
|
if [[ "--remove" == $1 ]]; then
|
|
if [ -f "$FEATURE_FILE" ]; then
|
|
sudo rm "$FEATURE_FILE"
|
|
echo "Removed $FEATURE_FILE."
|
|
echo "IMPORTANT: Remove './nomarchy-features/fido2.nix' from your imports and run 'sys-update'."
|
|
else
|
|
echo "FIDO2 support not found."
|
|
fi
|
|
exit 0
|
|
fi
|
|
|
|
if [ -f "$FEATURE_FILE" ]; then
|
|
echo "FIDO2 support is already configured in $FEATURE_FILE"
|
|
else
|
|
sudo mkdir -p "/etc/nixos/nomarchy-features"
|
|
cat <<EOF | sudo tee "$FEATURE_FILE" > /dev/null
|
|
{ config, pkgs, ... }:
|
|
{
|
|
security.pam.u2f = {
|
|
enable = true;
|
|
control = "sufficient";
|
|
cue = true;
|
|
# authFile = "/etc/fido2/fido2"; # Default is ~/.config/Yubico/u2f_keys
|
|
};
|
|
}
|
|
EOF
|
|
echo "Created $FEATURE_FILE."
|
|
echo "IMPORTANT: To finish enabling FIDO2 support, add './nomarchy-features/fido2.nix' to your imports list in /etc/nixos/system.nix or /etc/nixos/flake.nix,"
|
|
echo "then run 'sys-update'."
|
|
fi
|
|
|
|
# Enrollment is still an imperative action
|
|
if command -v pamu2fcfg &> /dev/null; then
|
|
echo "Let's register your FIDO2 key now."
|
|
mkdir -p ~/.config/Yubico
|
|
pamu2fcfg > ~/.config/Yubico/u2f_keys
|
|
echo "FIDO2 key registered."
|
|
else
|
|
echo "pamu2fcfg not found. Please run 'nomarchy-pkg-add pam-u2f' or 'sys-update' if you just enabled it."
|
|
fi
|