From 63551dd42aedcdee3ad26ab556c387c92331dea4 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Tue, 12 Dec 2023 18:12:39 +0100
Subject: [PATCH] tomate: enable login per u2f

---
 hosts/tomate/configuration.nix | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/hosts/tomate/configuration.nix b/hosts/tomate/configuration.nix
index f3ca92f..ab12788 100644
--- a/hosts/tomate/configuration.nix
+++ b/hosts/tomate/configuration.nix
@@ -110,6 +110,18 @@
     #  vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
     #  wget
   ];
+  security = {
+    pam = {
+      u2f = {
+        enable = true;
+      };
+      services = {
+        login.u2fAuth = true;
+        sudo.u2fAuth = true;
+      };
+    };
+
+  };
 
   # Some programs need SUID wrappers, can be configured further or are
   # started in user sessions.