First commit

2025-12-17 23:56:25 +00:00 · 2025-11-22 23:15:27 +00:00 · 2025-11-22 23:15:27 +00:00 · 36ad41a2fc
commit 36ad41a2fc
18 changed files with 10005 additions and 0 deletions
--- a/functions/yubikey
+++ b/functions/yubikey
@ -0,0 +1,86 @@
+#!/usr/bin/env bash
+echo
+
+[ -d ~/.config/Yubico ] || mkdir -p ~/.config/Yubico
+
+sudo pacman -S --ask 4 pam-u2f yubico-pam
+
+read -n 1 -s -p $'\n\e[1;33mInsert your yubikey and press the enter key to continue \e[0m'
+echo -e '\n\e[1mTouch the yubikey when it starts blinking\e[0m'
+
+pamu2fcfg > ~/.config/Yubico/u2f_keys
+
+read -n 1 -p $'\n\e[1mWould you like to add another yubikey? (y/n): \e[0m' YUBIKEY
+
+until [[ "$YUBIKEY" = [nN] ]]
+do
+    if [[ "$YUBIKEY" != [yYnN] ]]
+    then
+        echo -e '\n\n\e[1;31mNot a valid answer, type "y" or "n"\e[0m'
+        read -n 1 -p $'\e[1mWould you like to add another yubikey? (y/n): \e[0m' YUBIKEY
+    elif [[ "$YUBIKEY" = [yY] ]]
+    then
+        read -n 1 -s -p $'\n\n\e[1;33mInsert the next yubikey and press the enter key to continue \e[0m'
+        echo -e '\n\e[1mTouch the yubikey when it starts blinking\e[0m'
+
+        pamu2fcfg -n >> ~/.config/Yubico/u2f_keys
+
+        read -n 1 -p $'\n\e[1mWould you like to add another yubikey? (y/n): \e[0m' YUBIKEY
+    fi
+done
+
+echo -e '\n\n\e[1;33mUpdating pam configs'
+echo -e 'Open another terminal or tty and login as sudo in case an issue comes up'
+read -n 1 -s -p $'Press the enter key once logged in as sudo in another terminal or tty \e[0m\n'
+
+# System wide user authentication
+sudo sed -i '/^auth .* required .* pam_faillock.so .* authsucc/a\
+auth       required                    pam_u2f.so' /etc/pam.d/system-auth
+
+# Polkit authentication
+sudo sed -i '/^#%PAM.*/a\
+auth       sufficient   pam_u2f.so' /etc/pam.d/polkit-1
+
+# Sudo authentication
+sudo sed -i '/^#%PAM.*/a\
+auth            sufficient      pam_u2f.so' /etc/pam.d/sudo
+
+# KDE lockscreen authentication
+sudo sed -i '/^#%PAM.*/a\
+auth            required        pam_u2f.so' /etc/pam.d/kde
+
+cat > ~/.local/functions/add-yubikey <<- 'ADDYUBIKEY'
+# Add a new yubikey
+function add-yubikey
+{
+    read -n 1 -s -p $'\n\e[1;33mInsert your yubikey and press the enter key to continue \e[0m'
+    echo -e '\n\e[1mTouch the yubikey when it starts blinking\e[0m'
+
+    pamu2fcfg -n >> ~/.config/Yubico/u2f_keys
+
+    read -n 1 -p $'\n\e[1mWould you like to add another yubikey? (y/n): \e[0m' YUBIKEY
+        until [[ "$YUBIKEY" = [nN] ]]
+        do
+            if [[ "$YUBIKEY" != [yYnN] ]]
+            then
+                echo -e '\n\n\e[1;31mNot a valid answer, type "y" or "n"\e[0m'
+                read -n 1 -p $'\e[1mWould you like to add another yubikey? (y/n): \e[0m' YUBIKEY
+            elif [[ "$YUBIKEY" = [yY] ]]
+            then
+                read -n 1 -s -p $'\n\n\e[1;33mInsert the next yubikey and press the enter key to continue \e[0m'
+                echo -e '\n\e[1mTouch the yubikey when it starts blinking\e[0m'
+
+                pamu2fcfg -n >> ~/.config/Yubico/u2f_keys
+
+                read -n 1 -p $'\n\e[1mWould you like to add another yubikey? (y/n): \e[0m' YUBIKEY
+            fi
+        done
+    echo -e '\n\n\e[1;34mYubikeys updated'
+    echo -e 'Exiting...\e[0m\n'
+}
+ADDYUBIKEY
+
+echo -e '\n\e[1;34mYubikey setup completed'
+echo -e 'To update your saved yubikeys, run "add-yubikey" in the terminal'
+echo -e 'Exiting...\e[0m\n'
+rm -f ${0}