move hardware key configs into one file
This commit is contained in:
parent
7829fcd0ce
commit
ede1765ee8
6 changed files with 24 additions and 98 deletions
10
common.nix
10
common.nix
|
@ -29,9 +29,6 @@ with builtins; {
|
|||
|
||||
environment = {
|
||||
systemPackages = with pkgs; [
|
||||
# pynitrokey
|
||||
# nitrokey-app2
|
||||
|
||||
veracrypt
|
||||
|
||||
htmlq
|
||||
|
@ -90,10 +87,6 @@ with builtins; {
|
|||
};
|
||||
};
|
||||
|
||||
# nitrokey
|
||||
services.udev.packages = [pkgs.nitrokey-udev-rules];
|
||||
services.pcscd.enable = true;
|
||||
|
||||
programs = {
|
||||
ssh.startAgent = false;
|
||||
gnupg.agent = {
|
||||
|
@ -138,9 +131,6 @@ with builtins; {
|
|||
users.users.jade = {
|
||||
isNormalUser = true;
|
||||
extraGroups = ["wheel" "input" "uinput" "libvirtd" "adbusers" "dialout" "plugdev" "wireshark"];
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOaE8TFsIazpn4OnHvHcRpOFr9FfvMaWOiEjmHsmnAoE cardno:000F_70CD7D05"
|
||||
];
|
||||
};
|
||||
|
||||
zramSwap = {
|
||||
|
|
|
@ -103,55 +103,15 @@
|
|||
"/crypto_keyfile.bin" = null;
|
||||
};
|
||||
|
||||
# nixpkgs = {
|
||||
# overlays = [
|
||||
# (self: super: {
|
||||
# linux_zen_xeniafied = pkgs.linuxPackagesFor (pkgs.linuxKernel.kernels.linux_zen.override {
|
||||
# structuredExtraConfig = with lib.kernel; {
|
||||
# "FB" = yes;
|
||||
# "FRAMEBUFFER_CONSOLE" = yes;
|
||||
# "VGA_CONSOLE" = yes;
|
||||
# "VIDEO_SELECT" = yes;
|
||||
# LOGO = lib.mkForce yes;
|
||||
# LOGO_LINUX_CLUT224 = yes;
|
||||
# };
|
||||
# ignoreConfigErrors = true;
|
||||
# });
|
||||
# })
|
||||
# ];
|
||||
# };
|
||||
|
||||
boot.kernelPackages = pkgs.linuxPackages_zen;
|
||||
# boot.kernelPatches = [
|
||||
# {
|
||||
# name = "fomx";
|
||||
# patch = ../../other/0001-fomx.patch;
|
||||
# }
|
||||
# ];
|
||||
|
||||
services.xserver.displayManager.autoLogin = {
|
||||
enable = true;
|
||||
user = "jade";
|
||||
};
|
||||
|
||||
networking.hostName = "catbook-j"; # Define your hostname.
|
||||
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
||||
|
||||
# Configure network proxy if necessary
|
||||
# networking.proxy.default = "http://user:password@proxy:port/";
|
||||
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
|
||||
|
||||
# Enable networking
|
||||
# networking
|
||||
networking.networkmanager.enable = true;
|
||||
|
||||
security.pam.services.jade.u2fAuth = true;
|
||||
programs.i3lock.u2fSupport = true;
|
||||
security.pam.u2f = {
|
||||
enable = true;
|
||||
cue = true;
|
||||
control = "sufficient";
|
||||
authFile = "/home/jade/.ssh/u2f_keys";
|
||||
};
|
||||
networking.hostName = "catbook-j";
|
||||
|
||||
i18n.extraLocaleSettings = {
|
||||
LC_ADDRESS = "de_DE.UTF-8";
|
||||
|
|
|
@ -8,24 +8,6 @@
|
|||
../../modules
|
||||
];
|
||||
|
||||
# nixpkgs = {
|
||||
# overlays = [
|
||||
# (self: super: {
|
||||
# linux_zen_xeniafied = pkgs.linuxPackagesFor (pkgs.linuxKernel.kernels.linux_zen.override {
|
||||
# structuredExtraConfig = with lib.kernel; {
|
||||
# "FB" = yes;
|
||||
# "FRAMEBUFFER_CONSOLE" = yes;
|
||||
# "VGA_CONSOLE" = yes;
|
||||
# "VIDEO_SELECT" = yes;
|
||||
# LOGO = lib.mkForce yes;
|
||||
# LOGO_LINUX_CLUT224 = yes;
|
||||
# };
|
||||
# ignoreConfigErrors = true;
|
||||
# });
|
||||
# })
|
||||
# ];
|
||||
# };
|
||||
|
||||
jade = {
|
||||
flatpak.enable = true;
|
||||
desktop = {
|
||||
|
@ -46,16 +28,8 @@
|
|||
systemd-boot.enable = true;
|
||||
efi.canTouchEfiVariables = true;
|
||||
};
|
||||
# latest linux kernel
|
||||
#boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||
#boot.kernelPackages = pkgs.linux_zen_xeniafied;
|
||||
|
||||
kernelPackages = pkgs.linuxPackages_zen;
|
||||
# boot.kernelPatches = [
|
||||
# {
|
||||
# name = "fomx";
|
||||
# patch = ../other/0001-fomx.patch;
|
||||
# }
|
||||
# ];
|
||||
|
||||
binfmt.emulatedSystems = ["aarch64-linux"];
|
||||
};
|
||||
|
@ -82,16 +56,6 @@
|
|||
enableRedistributableFirmware = true;
|
||||
};
|
||||
|
||||
security.pam.services.jade.u2fAuth = true;
|
||||
programs.i3lock.u2fSupport = true;
|
||||
|
||||
security.pam.u2f = {
|
||||
enable = true;
|
||||
cue = true;
|
||||
control = "sufficient";
|
||||
authFile = "/home/jade/.ssh/u2f_keys";
|
||||
};
|
||||
|
||||
# missing: menu-qalc picom-jonaburg
|
||||
environment.systemPackages = with pkgs; [
|
||||
# TODO: clean up.
|
||||
|
|
|
@ -116,17 +116,8 @@
|
|||
services.gnome.gnome-keyring.enable = true;
|
||||
programs.seahorse.enable = true;
|
||||
security.pam.services.jade.enableGnomeKeyring = true;
|
||||
security.pam.services.jade.u2fAuth = true;
|
||||
|
||||
systemd.services."NetworkManager-wait-online".enable = false;
|
||||
programs.i3lock.u2fSupport = true;
|
||||
|
||||
security.pam.u2f = {
|
||||
enable = true;
|
||||
cue = true;
|
||||
control = "sufficient";
|
||||
authFile = "/home/jade/.ssh/u2f_keys";
|
||||
};
|
||||
|
||||
# services.pixiecore =
|
||||
# let
|
||||
|
|
|
@ -7,5 +7,6 @@
|
|||
imports = [
|
||||
./spacenav.nix
|
||||
./wacom.nix
|
||||
./hardware_key.nix
|
||||
];
|
||||
}
|
||||
|
|
20
modules/desktop/specific-hardware/hardware_key.nix
Normal file
20
modules/desktop/specific-hardware/hardware_key.nix
Normal file
|
@ -0,0 +1,20 @@
|
|||
{pkgs, ...}: {
|
||||
# nitrokey
|
||||
services.udev.packages = [pkgs.nitrokey-udev-rules];
|
||||
|
||||
# smartcard daemon
|
||||
services.pcscd.enable = true;
|
||||
|
||||
# authenticate using hw key
|
||||
security.pam = {
|
||||
services.jade.u2fAuth = true;
|
||||
u2f = {
|
||||
enable = true;
|
||||
cue = true;
|
||||
control = "sufficient";
|
||||
authFile = "/home/jade/.ssh/u2f_keys";
|
||||
};
|
||||
};
|
||||
|
||||
programs.i3lock.u2fSupport = true;
|
||||
}
|
Loading…
Reference in a new issue