home

My NixOS systems configurations.
Log | Files | Refs | LICENSE

commit 3c5c3d62449387e9a1175736566504396068d439
parent c8ef999b00961d979b214a1aabd1db93d1e0a878
Author: Vincent Demeester <vincent@sbr.pm>
Date:   Thu, 28 Jul 2022 12:02:33 +0200

systems/modules: migrate profiles.yubikey to modules.hardware.yubikey

Signed-off-by: Vincent Demeester <vincent@sbr.pm>

Diffstat:
Mflake.nix | 1-
Msystems/hosts/aomi.nix | 5++++-
Msystems/hosts/naruhodo.nix | 6+++++-
Msystems/modules/hardware/yubikey.nix | 2+-
Msystems/modules/profiles/sway.nix | 4----
Dsystems/modules/profiles/yubikey.nix | 46----------------------------------------------
Musers/vincent/default.nix | 2+-
7 files changed, 11 insertions(+), 55 deletions(-)

diff --git a/flake.nix b/flake.nix @@ -137,7 +137,6 @@ ./systems/modules/profiles/sway.nix ./systems/modules/profiles/virtualization.nix ./systems/modules/profiles/wireguard.server.nix - ./systems/modules/profiles/yubikey.nix ./systems/modules/profiles/zsh.nix ./systems/modules/services/default.nix sops-nix.nixosModules.sops diff --git a/systems/hosts/aomi.nix b/systems/hosts/aomi.nix @@ -97,13 +97,16 @@ in services.hardware.bolt.enable = true; + modules = { + hardware = { }; + }; + profiles = { externalbuilder.enable = true; # desktop.i3.enable = true; laptop.enable = true; home = true; dev.enable = true; - yubikey.enable = true; virtualization = { enable = true; nested = true; }; redhat.enable = true; ssh.enable = true; diff --git a/systems/hosts/naruhodo.nix b/systems/hosts/naruhodo.nix @@ -116,13 +116,17 @@ in localCaches = [ ]; }; + modules = { + hardware = { + yubikey.enable = true; + }; + }; profiles = { externalbuilder.enable = true; desktop.i3.enable = true; laptop.enable = true; home = true; dev.enable = true; - yubikey.enable = true; virtualization = { enable = true; nested = true; }; redhat.enable = true; scanning.enable = true; diff --git a/systems/modules/hardware/yubikey.nix b/systems/modules/hardware/yubikey.nix @@ -35,7 +35,7 @@ in }; }; } - (mkIf cfg.config.desktop { + (mkIf config.profiles.desktop.enable { environment.systemPackages = with pkgs; [ yubioath-desktop ]; diff --git a/systems/modules/profiles/sway.nix b/systems/modules/profiles/sway.nix @@ -12,12 +12,8 @@ in }; config = mkIf cfg.enable { - #profiles = { - # desktop.enable = true; - #}; profiles.avahi.enable = true; profiles.printing.enable = true; - # profiles.pulseaudio.enable = true; profiles.scanning.enable = true; profiles.syncthing.enable = true; diff --git a/systems/modules/profiles/yubikey.nix b/systems/modules/profiles/yubikey.nix @@ -1,46 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.profiles.yubikey; -in -{ - options = { - profiles.yubikey = { - enable = mkEnableOption "Enable yubikey profile"; - u2f = mkOption { - default = true; - description = "wether to enable auth with yubkeys throguh pam using u2f"; - type = types.bool; - }; - }; - }; - config = mkIf cfg.enable (mkMerge [ - { - environment = { - systemPackages = with pkgs; [ - yubico-piv-tool - yubikey-personalization - yubioath-desktop - yubikey-manager - ]; - }; - services = { - pcscd.enable = true; - udev = { - packages = with pkgs; [ yubikey-personalization ]; - extraRules = '' - # Yubico YubiKey - KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410", TAG+="uaccess", MODE="0660", GROUP="wheel" - # ACTION=="remove", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410", RUN+="${pkgs.systemd}/bin/loginctl lock-sessions" - ''; - }; - }; - } - (mkIf cfg.u2f { - security.pam.u2f = { - enable = true; - }; - }) - ]); -} diff --git a/users/vincent/default.nix b/users/vincent/default.nix @@ -13,7 +13,7 @@ let in { warnings = if (versionAtLeast config.system.nixos.release "21.11") then [ ] else [ "NixOS release: ${config.system.nixos.release}" ]; - sops.secrets.u2f_keys = mkIf (config.profiles.yubikey.enable && config.profiles.yubikey.u2f) { + sops.secrets.u2f_keys = mkIf (config.modules.hardware.yubikey.enable && config.modules.hardware.yubikey.u2f) { path = "/home/vincent/.config/Yubico/u2f_keys"; owner = "vincent"; };