commit d299d36626f8a431fb0da41092b7e7a2895332c2
parent 14c501feb8eb9ee04ead384aa8424b333d27ecab
Author: Vincent Demeester <vincent@sbr.pm>
Date: Sun, 3 Jan 2021 08:31:12 +0100
systems: temporary re-add some profiles…
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Diffstat:
2 files changed, 82 insertions(+), 0 deletions(-)
diff --git a/systems/modules/profiles/i3.nix b/systems/modules/profiles/i3.nix
@@ -0,0 +1,36 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+ cfg = config.profiles.desktop.i3;
+in
+{
+ options = {
+ profiles.desktop.i3 = {
+ enable = mkEnableOption "Enable i3 desktop profile";
+ };
+ };
+
+ config = mkIf cfg.enable {
+ profiles = {
+ desktop.enable = true;
+ };
+ services = {
+ blueman.enable = true;
+ autorandr.enable = true;
+ xserver = {
+ displayManager = {
+ defaultSession = "none+i3";
+ lightdm.enable = true;
+ lightdm.greeters.pantheon.enable = true;
+ };
+ windowManager.i3.enable = true;
+ };
+ dbus = {
+ enable = true;
+ # socketActivated = true;
+ packages = [ pkgs.gnome3.dconf ];
+ };
+ };
+ };
+}
diff --git a/systems/modules/profiles/yubikey.nix b/systems/modules/profiles/yubikey.nix
@@ -0,0 +1,46 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+ cfg = config.profiles.yubikey;
+in
+{
+ options = {
+ profiles.yubikey = {
+ enable = mkEnableOption "Enable yubikey profile";
+ u2f = mkOption {
+ default = true;
+ description = "wether to enable auth with yubkeys throguh pam using u2f";
+ type = types.bool;
+ };
+ };
+ };
+ config = mkIf cfg.enable (mkMerge [
+ {
+ environment = {
+ systemPackages = with pkgs; [
+ yubico-piv-tool
+ yubikey-personalization
+ yubioath-desktop
+ yubikey-manager
+ ];
+ };
+ services = {
+ pcscd.enable = true;
+ udev = {
+ packages = with pkgs; [ yubikey-personalization ];
+ extraRules = ''
+ # Yubico YubiKey
+ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410", TAG+="uaccess", MODE="0660", GROUP="wheel"
+ # ACTION=="remove", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0113|0114|0115|0116|0120|0402|0403|0406|0407|0410", RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
+ '';
+ };
+ };
+ }
+ (mkIf cfg.u2f {
+ security.pam.u2f = {
+ enable = true;
+ };
+ })
+ ]);
+}