{ pkgs, ... }:

{
  environment.systemPackages = with pkgs; [
    yubioath-flutter
  ];

  security.pam = {
    services = {
      login.u2fAuth = false; # U2F and password
      sudo.u2fAuth = true; # U2F or password
    };
    u2f = {
      enable = true;
      settings = {
        cue = true; # Prompt: Please touch the device
        interactive = false; # Prompt: Insert your U2F device, then press ENTER.
      };
    };
  };

  services = {
    pcscd.enable = true;
    udev.packages = with pkgs; [ yubikey-personalization ];
  };
}