From e56040b333796ca89b8ddf15a503ac9dbac4d407 Mon Sep 17 00:00:00 2001
From: Jean-Pierre PRUNARET <jean-pierre+git@prunetwork.fr>
Date: Wed, 17 Jan 2018 21:08:25 +0100
Subject: [PATCH] u2f: import configuration pour activer le support des clefs
 FIDO / u2f

Notes :
- import de conf active sur radx
- fonctionne avec Chromium & Github
- ne fonctionne pas avec Firefox & Github
---
 configuration/default.nix |  1 +
 configuration/u2f.nix     | 41 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 42 insertions(+)
 create mode 100644 configuration/u2f.nix

diff --git a/configuration/default.nix b/configuration/default.nix
index a9984a1..b521f55 100644
--- a/configuration/default.nix
+++ b/configuration/default.nix
@@ -15,6 +15,7 @@ in
     ./localisation.nix
     ./network.nix
     #./network-ipv6.nix
+    ./u2f.nix
     ./udev.nix
 
     # commandées par config-generator
diff --git a/configuration/u2f.nix b/configuration/u2f.nix
new file mode 100644
index 0000000..7898217
--- /dev/null
+++ b/configuration/u2f.nix
@@ -0,0 +1,41 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.hostName}";
+  flags = currentMachine.configurationFlags;
+in
+
+mkIf true {
+  # Ajout du support des yobikey & hyperfido
+  ## source des valeurs udev : https://github.com/Yubico/libu2f-host/blob/master/70-u2f.rules
+
+  ## source car udev sur nixos semble ancien : https://raw.githubusercontent.com/Yubico/libu2f-host/master/70-old-u2f.rules
+  services.udev.extraRules = ''
+  # this udev file should be used with udev older than 188
+  ACTION!="add|change", GOTO="u2f_end"
+
+  # Yubico YubiKey
+  KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410", GROUP="plugdev", MODE="0660"
+
+  # Happlink (formerly Plug-Up) Security KEY
+  KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="f1d0", GROUP="plugdev", MODE="0660"
+
+  #  Neowave Keydo and Keydo AES
+  KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1e0d", ATTRS{idProduct}=="f1d0|f1ae", GROUP="plugdev", MODE="0660"
+
+  # HyperSecu HyperFIDO
+  KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e", ATTRS{idProduct}=="0880", GROUP="plugdev", MODE="0660"
+
+  LABEL="u2f_end"
+
+  SUBSYSTEM=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2838", GROUP="audio", MODE="0666", SYMLINK+="rtl_sdr"
+  '';
+
+  security.pam.enableU2F = true;
+
+  environment.systemPackages = with pkgs; [
+    libu2f-host
+  ];
+}