Nomarchy/core/system/scripts/nomarchy-setup-fido2

#!/usr/bin/env bash
set -e

# Configure FIDO2 support declaratively for Nomarchy NixOS.

STATE_FILE="/etc/nixos/state.json"

if [[ "--remove" == $1 ]]; then
    sudo jq '.features.fido2 = false' "$STATE_FILE" > /tmp/state.json && sudo mv /tmp/state.json "$STATE_FILE"
    echo "FIDO2 support disabled. Applying changes..."
    sudo nomarchy-sys-update
    exit 0
fi

sudo jq '.features.fido2 = true' "$STATE_FILE" > /tmp/state.json && sudo mv /tmp/state.json "$STATE_FILE"
echo "FIDO2 support enabled. Applying changes..."
sudo nomarchy-sys-update

# Enrollment is still an imperative action
if command -v pamu2fcfg &> /dev/null; then
    echo "Let's register your FIDO2 key now."
    mkdir -p ~/.config/Yubico
    pamu2fcfg > ~/.config/Yubico/u2f_keys
    echo "FIDO2 key registered."
else
    echo "pamu2fcfg not found. It will be available after the next reboot or sys-update."
fi