diff --git a/nixos/system/packages/yubikey.nix b/nixos/system/packages/yubikey.nix
new file mode 100644
index 0000000..fc8d11c
--- /dev/null
+++ b/nixos/system/packages/yubikey.nix
@@ -0,0 +1,46 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}: {
+  options = {
+    program.yubikey = {
+      enable = lib.mkEnableOption "Enable YubiKey support";
+    };
+  };
+
+  config = lib.mkIf config.program.yubikey.enable {
+    environment.systemPackages = with pkgs; [
+      yubioath-flutter
+      yubikey-manager
+      pam_u2f
+    ];
+
+    services.pcscd = {
+      enable = true;
+    };
+    #services.udev.packages = [pkgs.yubikey-personalization];
+#
+    #services.yubikey-agent.enable = true;
+#
+    #security.pam = {
+    #  sshAgentAuth.enable = true;
+    #  u2f = {
+    #    enable = true;
+    #    settings = {
+    #      cue = false;
+    #      authfile = "${config.home.homeDirectory}/.config/yubikeys/u2f_keys";
+    #      # debug = true;
+    #    };
+    #  };
+    #  services = {
+    #    login.u2fAuth = true;
+    #    sudo = {
+    #      u2fAuth = true;
+    #      sshAgentAuth = true;
+    #    };
+    #  };
+    #};
+  };
+}
diff --git a/zenith/configuration.nix b/zenith/configuration.nix
index b60ebdb..3361f9c 100644
--- a/zenith/configuration.nix
+++ b/zenith/configuration.nix
@@ -74,6 +74,7 @@
     tor.enable = true;
     virt-manager.enable = true;
     virtualbox.enable = false;
+    yubikey.enable = true;
   };
 
   # Basic programs to enable