Solokey: Difference between revisions
No edit summary |
m fix quotes/syntax highlighting in preformatted block |
||
| Line 3: | Line 3: | ||
Important, of you want to e.g. upgrade your solokey you also need some [https://docs.solokeys.io/udev/ additonal udev rules]. So the following setup allows you to use your key for sudo as well as you are able to update your solokey | Important, of you want to e.g. upgrade your solokey you also need some [https://docs.solokeys.io/udev/ additonal udev rules]. So the following setup allows you to use your key for sudo as well as you are able to update your solokey | ||
<syntaxhighlight lang="nix"> | |||
{ config, pkgs, ... }: | |||
{ | |||
programs.gnupg.agent = { | |||
enable = true; | |||
enableSSHSupport = true; | |||
}; | |||
security.pam.services = { | |||
login.u2fAuth = true; | |||
sudo.u2fAuth = true; | |||
}; | |||
# https://github.com/solokeys/solo2-cli/blob/main/70-solo2.rules | |||
services.udev.packages = [ | |||
pkgs.yubikey-personalization | |||
(pkgs.writeTextFile { | |||
name = "wally_udev"; | |||
text = '' | |||
# NXP LPC55 ROM bootloader (unmodified) | |||
SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1fc9", ATTRS{idProduct}=="0021", TAG+="uaccess" | |||
# NXP LPC55 ROM bootloader (with Solo 2 VID:PID) | |||
SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="b000", TAG+="uaccess" | |||
# Solo 2 | |||
SUBSYSTEM=="tty", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="beee", TAG+="uaccess" | |||
# Solo 2 | |||
SUBSYSTEM=="usb", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="beee", TAG+="uaccess" | |||
''; | |||
destination = "/etc/udev/rules.d/70-solo2.rules"; | |||
}) | |||
]; | |||
} | |||
</syntaxhighlight> | |||
[[Category:Cookbook]] | [[Category:Cookbook]] | ||
[[Category:Security]] | [[Category:Security]] | ||
[[Category:Hardware]] | [[Category:Hardware]] | ||
Latest revision as of 19:58, 13 March 2025
This article describes how you can integrate Solokeys with NixOS. For the most part you can follow the guide for Yubikey.
Important, of you want to e.g. upgrade your solokey you also need some additonal udev rules. So the following setup allows you to use your key for sudo as well as you are able to update your solokey
{ config, pkgs, ... }:
{
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
security.pam.services = {
login.u2fAuth = true;
sudo.u2fAuth = true;
};
# https://github.com/solokeys/solo2-cli/blob/main/70-solo2.rules
services.udev.packages = [
pkgs.yubikey-personalization
(pkgs.writeTextFile {
name = "wally_udev";
text = ''
# NXP LPC55 ROM bootloader (unmodified)
SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1fc9", ATTRS{idProduct}=="0021", TAG+="uaccess"
# NXP LPC55 ROM bootloader (with Solo 2 VID:PID)
SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="b000", TAG+="uaccess"
# Solo 2
SUBSYSTEM=="tty", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="beee", TAG+="uaccess"
# Solo 2
SUBSYSTEM=="usb", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="beee", TAG+="uaccess"
'';
destination = "/etc/udev/rules.d/70-solo2.rules";
})
];
}