From ccedc382611f2a69361e921a56a2fe9fdf09e547 Mon Sep 17 00:00:00 2001
From: Craige McWhirter <craige@mcwhirter.io>
Date: Tue, 14 Jan 2020 16:20:02 +1000
Subject: [PATCH] Initial commit of Yubikey configuration

---
 roles/yubikey.nix | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 roles/yubikey.nix

diff --git a/roles/yubikey.nix b/roles/yubikey.nix
new file mode 100644
index 0000000..bd3afc7
--- /dev/null
+++ b/roles/yubikey.nix
@@ -0,0 +1,25 @@
+# NixOps configuration for the hosts using Yubikeys
+
+{ config, pkgs, lib, ... }:
+
+{
+
+  services.udev.packages = [
+    pkgs.yubikey-personalization   # A library and command line tool to personalize YubiKeys
+    pkgs.libu2f-host               # A C library and command-line tool that implements the host-side of the U2F protocol
+  ];
+
+  services.pcscd.enable = true;    # Enable PCSC-Lite daemon
+
+  # Additional packages used with the Yubikey
+  environment = {
+    systemPackages = with pkgs; [
+      yubikey-manager               # CLI tool for configuring any YubiKey over USB
+      yubikey-manager-qt            # Configure any YubiKey over USB interfaces
+      yubikey-personalization       # Lib & CLI tool to personalize YubiKeys
+      yubikey-personalization-gui   # QT based utility to facilitate Yubikey reconfiguration
+      yubioath-desktop              # Yubikey Desktop Authenticator
+    ];
+  };
+
+}