yubikey.nix update

home/.config/swaylock/config

@@ -1,4 +1,3 @@
-ignore-empty-password
 daemonize
 indicator
 clock

nixos/auto-upgrade.nix

@@ -10,7 +10,7 @@
     operation = "switch"; # If you don't want to apply updates immediately, only after rebooting, use `boot` option in this case
     flake = "/etc/nixos";
     flags = [ "--update-input" "nixpkgs" "--update-input" "rust-overlay" "--commit-lock-file" ];
-    dates = "daily";
+    dates = "weekly";
     # channel = "https://nixos.org/channels/nixos-unstable";
   };
 }

nixos/bootloader.nix

@@ -4,7 +4,6 @@
   # Bootloader.
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
-  boot.loader.efi.efiSysMountPoint = "/boot";
   boot.loader.timeout = 2;
   boot.initrd.enable = true;
   boot.initrd.systemd.enable = true;

nixos/gc.nix

@@ -11,6 +11,6 @@
   nix.gc = {
     automatic = true;
     dates = "weekly";
-    options = "--delete-older-than 7d";
+    options = "--delete-older-than 14d";
   };
 }

nixos/yubikey.nix

@@ -8,20 +8,17 @@
     enableSSHSupport = true;
   };
 
-  security.pam.services = {
+  security.pam.u2f = {
-    login.u2fAuth = true;
+    enable = true;
-    sudo.u2fAuth = true;
+    cue = true;
+    control = "sufficient";
   };
 
-  # FIXME Replace [your_yubikey_model_id] with the actual model ID of your YubiKey. You can find the model ID using the `lsusb` command, typically available as a part of the `usbutils` package
+  security.pam.services = {
-  services.udev.extraRules = ''
+    greetd.u2fAuth = true;
-      ACTION=="remove",\
+    sudo.u2fAuth = true;
-       ENV{ID_BUS}=="usb",\
+    swaylock.u2fAuth = true;
-       ENV{ID_MODEL_ID}=="your_yubikey_model_id",\
+  };
-       ENV{ID_VENDOR_ID}=="1050",\
-       ENV{ID_VENDOR}=="Yubico",\
-       RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
-  '';
 
   # FIXME Don't forget to create an authorization mapping file for your user (https://nixos.wiki/wiki/Yubikey#pam_u2f)
   environment.systemPackages = with pkgs; [