enable u2f as default

flake.nix

@@ -181,7 +181,6 @@
 								impermanence.enable = true;
 								snapper = { enable = true; configs.persistent = "/nix/persistent"; };
 								fontconfig.enable = true;
-								u2f.enable = true;
 								sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
 								samba =
 								{

modules/services/default.nix

@@ -132,17 +132,6 @@ inputs:
 					};
 				}
 			)
-			(
-				mkIf services.u2f.enable
-				{
-					security.pam =
-					{
-						u2f = { enable = true; cue = true; authFile = ./u2f_keys; };
-						services = builtins.listToAttrs (builtins.map (name: { inherit name; value = { u2fAuth = true; }; })
-							[ "login" "sudo" "su" "kde" "polkit-1" ]);
-					};
-				}
-			)
 			(
 				mkIf services.sops.enable
 				{

modules/system/default.nix

@@ -135,6 +135,12 @@ inputs:
 			# environment.pathsToLink = [ "/include" ];
 			# environment.variables.CPATH = "/run/current-system/sw/include";
 			# environment.variables.LIBRARY_PATH = "/run/current-system/sw/lib";
+			security.pam =
+			{
+				u2f = { enable = true; cue = true; authFile = ./u2f_keys; };
+				services = builtins.listToAttrs (builtins.map (name: { inherit name; value = { u2fAuth = true; }; })
+					[ "login" "sudo" "su" "kde" "polkit-1" ]);
+			};
 		}
 		# hostname
 		{ networking.hostName = inputs.config.nixos.system.hostname; }