add udiskie for automount

modules/system/yubikey/default.nix

@@ -5,7 +5,7 @@
   ...
 }:
 /*
-# to enroll a yubikey (works like .ssh/known_hosts)
+# to enroll a yubikey with pam (works like .ssh/known_hosts)
 nix-shell -p pam_u2f
 mkdir -p ~/.config/Yubico
 pamu2fcfg > ~/.config/Yubico/u2f_keys
@@ -15,6 +15,9 @@ pamu2fcfg -n >> ~/.config/Yubico/u2f_keys (to add additional yubikeys)
 nix-shell -p pamtester
 pamtester login <username> authenticate
 pamtester sudo <username> authenticate
+
+# to enroll yubikey with luks
+`sudo systemd-cryptenroll --fido2-device=auto /dev/<disk>`
 */
 let
   service = "yubikey";
@@ -46,9 +49,15 @@ in {
     # enable smartcard
     services.pcscd.enable = true;
 
+    # enables it for everything
+    security.pam.u2f = lib.mkIf (cfg.mode == "u2f") {
+      enable = true;
+    };
+
+    # selectivlt edit what u2f is enabled for
     security.pam.services = lib.mkIf (cfg.mode == "u2f") {
-      login.u2fAuth = true;
-      sudo.u2fAuth = true;
+      #login.u2fAuth = true;
+      #sudo.u2fAuth = true;
     };
 
     security.pam.yubico = lib.mkIf (cfg.mode == "challenge-response") {