Solokey: Difference between revisions

(3 intermediate revisions by 2 users not shown)

Line 1:

This article describes how you can integrate [https://github.com/solokeys Solokeys] with NixOS. For the most part you can follow [~~https://nixos.wiki/wiki/~~Yubikey the guide for Yubikey].

This article describes how you can integrate [https://github.com/solokeys Solokeys] with NixOS. For the most part you can follow [[Yubikey | the guide for Yubikey]].

Important, of you want to e.g. upgrade your solokey you also need some [https://docs.solokeys.io/udev/ additonal udev rules]. So the following setup allows you to use your key for sudo as well as you are able to update your solokey

{ config, pkgs, ... }:~~''Italic text''~~

{

{ config, pkgs, ... }:

programs.gnupg.agent = {

{

enable = true;

programs.gnupg.agent = {

enableSSHSupport = true;

enable = true;

};

enableSSHSupport = true;

security.pam.services = {

};

login.u2fAuth = true;

security.pam.services = {

sudo.u2fAuth = true;

login.u2fAuth = true;

};

sudo.u2fAuth = true;

# https://github.com/solokeys/solo2-cli/blob/main/70-solo2.rules

};

services.udev.packages = [

# https://github.com/solokeys/solo2-cli/blob/main/70-solo2.rules

pkgs.yubikey-personalization

services.udev.packages = [

(pkgs.writeTextFile {

pkgs.yubikey-personalization

name = "wally_udev";

(pkgs.writeTextFile {

text = ''

name = "wally_udev";

# NXP LPC55 ROM bootloader (unmodified)

text = ''

SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1fc9", ATTRS{idProduct}=="0021", TAG+="uaccess"

# NXP LPC55 ROM bootloader (unmodified)

# NXP LPC55 ROM bootloader (with Solo 2 VID:PID)

SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1fc9", ATTRS{idProduct}=="0021", TAG+="uaccess"

SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="b000", TAG+="uaccess"

# NXP LPC55 ROM bootloader (with Solo 2 VID:PID)

# Solo 2

SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="b000", TAG+="uaccess"

SUBSYSTEM=="tty", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="beee", TAG+="uaccess"

# Solo 2

SUBSYSTEM=="tty", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="beee", TAG+="uaccess"

SUBSYSTEM=="usb", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="beee", TAG+="uaccess"

# Solo 2

'';

SUBSYSTEM=="usb", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="beee", TAG+="uaccess"

destination = "/etc/udev/rules.d/70-solo2.rules";

'';

})

destination = "/etc/udev/rules.d/70-solo2.rules";

];

})

}

];

}

</syntaxhighlight>

[[Category:Cookbook]]

[[Category:Security]]

[[Category:Hardware]]

@@ Line 1: / Line 1: @@
-This article describes how you can integrate [https://github.com/solokeys Solokeys] with NixOS. For the most part you can follow [https://nixos.wiki/wiki/Yubikey the guide for Yubikey].
+This article describes how you can integrate [https://github.com/solokeys Solokeys] with NixOS. For the most part you can follow [[Yubikey | the guide for Yubikey]].
 Important, of you want to e.g. upgrade your solokey you also need some [https://docs.solokeys.io/udev/ additonal udev rules]. So the following setup allows you to use your key for sudo as well as you are able to update your solokey
-  { config, pkgs, ... }:''Italic text''
+<syntaxhighlight lang="nix">
-  {
+{ config, pkgs, ... }:
-  programs.gnupg.agent = {
+{
-      enable = true;
+programs.gnupg.agent = {
-      enableSSHSupport = true;
+    enable = true;
-  };
+    enableSSHSupport = true;
-  security.pam.services = {
+};
-      login.u2fAuth = true;
+security.pam.services = {
-      sudo.u2fAuth = true;
+    login.u2fAuth = true;
-  };
+    sudo.u2fAuth = true;
-  # https://github.com/solokeys/solo2-cli/blob/main/70-solo2.rules
+};
-  services.udev.packages = [
+# https://github.com/solokeys/solo2-cli/blob/main/70-solo2.rules
-      pkgs.yubikey-personalization
+services.udev.packages = [
-      (pkgs.writeTextFile {
+    pkgs.yubikey-personalization
-      name = "wally_udev";
+    (pkgs.writeTextFile {
-      text = ''
+    name = "wally_udev";
-          # NXP LPC55 ROM bootloader (unmodified)
+    text = ''
-          SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1fc9", ATTRS{idProduct}=="0021", TAG+="uaccess"
+        # NXP LPC55 ROM bootloader (unmodified)
-          # NXP LPC55 ROM bootloader (with Solo 2 VID:PID)
+        SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1fc9", ATTRS{idProduct}=="0021", TAG+="uaccess"
-          SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="b000", TAG+="uaccess"
+        # NXP LPC55 ROM bootloader (with Solo 2 VID:PID)
-          # Solo 2
+        SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="b000", TAG+="uaccess"
-          SUBSYSTEM=="tty", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="beee", TAG+="uaccess"
+        # Solo 2
-          # Solo 2
+        SUBSYSTEM=="tty", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="beee", TAG+="uaccess"
-          SUBSYSTEM=="usb", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="beee", TAG+="uaccess"
+        # Solo 2
-      '';
+        SUBSYSTEM=="usb", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="beee", TAG+="uaccess"
-      destination = "/etc/udev/rules.d/70-solo2.rules";
+    '';
-      })
+    destination = "/etc/udev/rules.d/70-solo2.rules";
-  ];
+    })
-  }
+];
+}
+</syntaxhighlight>
+[[Category:Cookbook]]
+[[Category:Security]]
+[[Category:Hardware]]