diff options
| author | Alejandro Soto <alejandro@34project.org> | 2026-04-03 19:34:00 -0600 |
|---|---|---|
| committer | Alejandro Soto <alejandro@34project.org> | 2026-04-03 19:34:55 -0600 |
| commit | 03fa41729685e830e6b3f13ba70f5c6581501370 (patch) | |
| tree | 2129b744155e079d4d027a20a4512925038279e5 | |
| parent | 94ffaabeb9602e689e55fdd21b9beb2d9c552901 (diff) | |
sys/hardware: yubico: move /var/trust/pam_u2f_keys to /etc since /var/trust may be locked by fscrypt
| -rw-r--r-- | sys/hardware/yubico.nix | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/sys/hardware/yubico.nix b/sys/hardware/yubico.nix index 1c77675..ba820e1 100644 --- a/sys/hardware/yubico.nix +++ b/sys/hardware/yubico.nix @@ -30,13 +30,17 @@ in { module: ${pkgs.yubico-piv-tool}/lib/libykcs11.so ''; + local.boot.impermanence.files = [ + "/etc/pam_u2f_keys" + ]; + security.pam = mkIf cfg.pamAuth { u2f = { enable = true; control = "sufficient"; settings = { - authfile = "/var/trust/pam_u2f_keys"; + authfile = "/etc/pam_u2f_keys"; cue = true; pinverification = 1; userpresence = 0; |