{ pkgs, ... }:

{
  environment.systemPackages = with pkgs; [
    gnupg
    yubioath-flutter
  ];

  programs.gnupg.agent.enable = true;

  security = {
    pam = {
      services = {
        login.u2fAuth = false; # U2F and password
        sudo.u2fAuth = true; # U2F or password
      };
      u2f = {
        enable = true;
        settings = {
          cue = true; # Prompt: Please touch the device
          interactive = false; # Prompt: Insert your U2F device, then press ENTER.
        };
      };
    };
  };

  services = {
    pcscd.enable = true; # Required for Yubikey
    udev.packages = with pkgs; [ yubikey-personalization ];
  };
}