feat: inital public commit

host/common/optional/yubikey.nix

@@ -0,0 +1,32 @@
+{ lib, pkgs, ... }:
+{
+  environment.systemPackages = with pkgs; [
+      yubioath-flutter # gui
+      yubikey-manager  # `ykman`
+      pam_u2f          # yubikey with sudo
+  ];
+
+  services.pcscd.enable = true;
+  services.udev.packages = [ pkgs.yubikey-personalization ];
+
+  services.yubikey-agent.enable = true;
+
+  security.pam = {
+    sshAgentAuth.enable = true;
+    u2f = {
+      enable = true;
+      settings = {
+        cue = true;
+        authFile = "/home/max/.config/Yubico/u2f_keys";
+      };
+    };
+    services = {
+      login.u2fAuth = true;
+      sudo = {
+        u2fAuth = true;
+        sshAgentAuth = true;
+      };
+    };
+
+  };
+}