{ config, pkgs, ... }:
{
  environment.systemPackages = with pkgs; [
    age-plugin-yubikey
    yubikey-agent
    yubikey-touch-detector
  ];

  programs.yubikey-touch-detector = {
    enable = true;
    libnotify = true;
  };

  security.pam.yubico = {
    enable = true;
    debug = false;
    mode = "challenge-response";
    id = [
      "28604663" # Cuba
      "27711450" # Bolivia
    ];
  };

  services.udev = {
    # extraRules = ''
    #   ACTION=="remove",\
    #    ENV{ID_BUS}=="usb",\
    #    ENV{ID_MODEL_ID}=="0407",\
    #    ENV{ID_VENDOR_ID}=="1050",\
    #    ENV{ID_VENDOR}=="Yubico",\
    #    RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
    # ''; # TODO find fix so it doesn't cycle through sleeping
    packages = with pkgs; [ yubikey-personalization ];
  };
}