From ede1765ee84319a454c4ab6a729dec7be5de82e9 Mon Sep 17 00:00:00 2001 From: Schrottkatze Date: Tue, 5 Mar 2024 13:49:22 +0100 Subject: [PATCH] move hardware key configs into one file --- common.nix | 10 ----- hosts/catbook-j/configuration.nix | 44 +------------------ .../monosodium-glutamate-g/configuration.nix | 38 +--------------- hosts/potatobook-g/configuration.nix | 9 ---- modules/desktop/specific-hardware/default.nix | 1 + .../specific-hardware/hardware_key.nix | 20 +++++++++ 6 files changed, 24 insertions(+), 98 deletions(-) create mode 100644 modules/desktop/specific-hardware/hardware_key.nix diff --git a/common.nix b/common.nix index 774f65f..d93b56b 100644 --- a/common.nix +++ b/common.nix @@ -29,9 +29,6 @@ with builtins; { environment = { systemPackages = with pkgs; [ - # pynitrokey - # nitrokey-app2 - veracrypt htmlq @@ -90,10 +87,6 @@ with builtins; { }; }; - # nitrokey - services.udev.packages = [pkgs.nitrokey-udev-rules]; - services.pcscd.enable = true; - programs = { ssh.startAgent = false; gnupg.agent = { @@ -138,9 +131,6 @@ with builtins; { users.users.jade = { isNormalUser = true; extraGroups = ["wheel" "input" "uinput" "libvirtd" "adbusers" "dialout" "plugdev" "wireshark"]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOaE8TFsIazpn4OnHvHcRpOFr9FfvMaWOiEjmHsmnAoE cardno:000F_70CD7D05" - ]; }; zramSwap = { diff --git a/hosts/catbook-j/configuration.nix b/hosts/catbook-j/configuration.nix index 406f484..71d44e0 100644 --- a/hosts/catbook-j/configuration.nix +++ b/hosts/catbook-j/configuration.nix @@ -103,55 +103,15 @@ "/crypto_keyfile.bin" = null; }; - # nixpkgs = { - # overlays = [ - # (self: super: { - # linux_zen_xeniafied = pkgs.linuxPackagesFor (pkgs.linuxKernel.kernels.linux_zen.override { - # structuredExtraConfig = with lib.kernel; { - # "FB" = yes; - # "FRAMEBUFFER_CONSOLE" = yes; - # "VGA_CONSOLE" = yes; - # "VIDEO_SELECT" = yes; - # LOGO = lib.mkForce yes; - # LOGO_LINUX_CLUT224 = yes; - # }; - # ignoreConfigErrors = true; - # }); - # }) - # ]; - # }; - boot.kernelPackages = pkgs.linuxPackages_zen; - # boot.kernelPatches = [ - # { - # name = "fomx"; - # patch = ../../other/0001-fomx.patch; - # } - # ]; - services.xserver.displayManager.autoLogin = { enable = true; user = "jade"; }; - networking.hostName = "catbook-j"; # Define your hostname. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - # Enable networking + # networking networking.networkmanager.enable = true; - - security.pam.services.jade.u2fAuth = true; - programs.i3lock.u2fSupport = true; - security.pam.u2f = { - enable = true; - cue = true; - control = "sufficient"; - authFile = "/home/jade/.ssh/u2f_keys"; - }; + networking.hostName = "catbook-j"; i18n.extraLocaleSettings = { LC_ADDRESS = "de_DE.UTF-8"; diff --git a/hosts/monosodium-glutamate-g/configuration.nix b/hosts/monosodium-glutamate-g/configuration.nix index 7010b36..b6cb3d9 100644 --- a/hosts/monosodium-glutamate-g/configuration.nix +++ b/hosts/monosodium-glutamate-g/configuration.nix @@ -8,24 +8,6 @@ ../../modules ]; - # nixpkgs = { - # overlays = [ - # (self: super: { - # linux_zen_xeniafied = pkgs.linuxPackagesFor (pkgs.linuxKernel.kernels.linux_zen.override { - # structuredExtraConfig = with lib.kernel; { - # "FB" = yes; - # "FRAMEBUFFER_CONSOLE" = yes; - # "VGA_CONSOLE" = yes; - # "VIDEO_SELECT" = yes; - # LOGO = lib.mkForce yes; - # LOGO_LINUX_CLUT224 = yes; - # }; - # ignoreConfigErrors = true; - # }); - # }) - # ]; - # }; - jade = { flatpak.enable = true; desktop = { @@ -46,16 +28,8 @@ systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; - # latest linux kernel - #boot.kernelPackages = pkgs.linuxPackages_latest; - #boot.kernelPackages = pkgs.linux_zen_xeniafied; + kernelPackages = pkgs.linuxPackages_zen; - # boot.kernelPatches = [ - # { - # name = "fomx"; - # patch = ../other/0001-fomx.patch; - # } - # ]; binfmt.emulatedSystems = ["aarch64-linux"]; }; @@ -82,16 +56,6 @@ enableRedistributableFirmware = true; }; - security.pam.services.jade.u2fAuth = true; - programs.i3lock.u2fSupport = true; - - security.pam.u2f = { - enable = true; - cue = true; - control = "sufficient"; - authFile = "/home/jade/.ssh/u2f_keys"; - }; - # missing: menu-qalc picom-jonaburg environment.systemPackages = with pkgs; [ # TODO: clean up. diff --git a/hosts/potatobook-g/configuration.nix b/hosts/potatobook-g/configuration.nix index 28a2e87..c45c889 100644 --- a/hosts/potatobook-g/configuration.nix +++ b/hosts/potatobook-g/configuration.nix @@ -116,17 +116,8 @@ services.gnome.gnome-keyring.enable = true; programs.seahorse.enable = true; security.pam.services.jade.enableGnomeKeyring = true; - security.pam.services.jade.u2fAuth = true; systemd.services."NetworkManager-wait-online".enable = false; - programs.i3lock.u2fSupport = true; - - security.pam.u2f = { - enable = true; - cue = true; - control = "sufficient"; - authFile = "/home/jade/.ssh/u2f_keys"; - }; # services.pixiecore = # let diff --git a/modules/desktop/specific-hardware/default.nix b/modules/desktop/specific-hardware/default.nix index 8faabd2..a28d10f 100644 --- a/modules/desktop/specific-hardware/default.nix +++ b/modules/desktop/specific-hardware/default.nix @@ -7,5 +7,6 @@ imports = [ ./spacenav.nix ./wacom.nix + ./hardware_key.nix ]; } diff --git a/modules/desktop/specific-hardware/hardware_key.nix b/modules/desktop/specific-hardware/hardware_key.nix new file mode 100644 index 0000000..8510d86 --- /dev/null +++ b/modules/desktop/specific-hardware/hardware_key.nix @@ -0,0 +1,20 @@ +{pkgs, ...}: { + # nitrokey + services.udev.packages = [pkgs.nitrokey-udev-rules]; + + # smartcard daemon + services.pcscd.enable = true; + + # authenticate using hw key + security.pam = { + services.jade.u2fAuth = true; + u2f = { + enable = true; + cue = true; + control = "sufficient"; + authFile = "/home/jade/.ssh/u2f_keys"; + }; + }; + + programs.i3lock.u2fSupport = true; +}