move hardware key configs into one file

common.nix

@@ -29,9 +29,6 @@ with builtins; {
 
   environment = {
     systemPackages = with pkgs; [
-      # pynitrokey
-      # nitrokey-app2
-
       veracrypt
 
       htmlq
@@ -90,29 +87,6 @@ with builtins; {
     };
   };
 
-  console.colors = [
-    "282828"
-    "cc241d"
-    "98971a"
-    "d79921"
-    "458588"
-    "b16286"
-    "689d6a"
-    "a89984"
-    "928374"
-    "fb4934"
-    "b8bb26"
-    "fabd2f"
-    "83a598"
-    "d3869b"
-    "8ec07c"
-    "ebdbb2"
-  ];
-
-  # nitrokey
-  services.udev.packages = [pkgs.nitrokey-udev-rules];
-  services.pcscd.enable = true;
-
   programs = {
     ssh.startAgent = false;
     gnupg.agent = {
@@ -157,9 +131,6 @@ with builtins; {
   users.users.jade = {
     isNormalUser = true;
     extraGroups = ["wheel" "input" "uinput" "libvirtd" "adbusers" "dialout" "plugdev" "wireshark"];
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOaE8TFsIazpn4OnHvHcRpOFr9FfvMaWOiEjmHsmnAoE cardno:000F_70CD7D05"
-    ];
   };
 
   zramSwap = {

hosts/catbook-j/configuration.nix

@@ -103,55 +103,15 @@
     "/crypto_keyfile.bin" = null;
   };
 
-  # nixpkgs = {
-  #   overlays = [
-  #     (self: super: {
-  #       linux_zen_xeniafied = pkgs.linuxPackagesFor (pkgs.linuxKernel.kernels.linux_zen.override {
-  #         structuredExtraConfig = with lib.kernel; {
-  #           "FB" = yes;
-  #           "FRAMEBUFFER_CONSOLE" = yes;
-  #           "VGA_CONSOLE" = yes;
-  #           "VIDEO_SELECT" = yes;
-  #           LOGO = lib.mkForce yes;
-  #           LOGO_LINUX_CLUT224 = yes;
-  #         };
-  #         ignoreConfigErrors = true;
-  #       });
-  #     })
-  #   ];
-  # };
-
   boot.kernelPackages = pkgs.linuxPackages_zen;
-  # boot.kernelPatches = [
-  #   {
-  #     name = "fomx";
-  #     patch = ../../other/0001-fomx.patch;
-  #   }
-  # ];
-
   services.xserver.displayManager.autoLogin = {
     enable = true;
     user = "jade";
   };
 
-  networking.hostName = "catbook-j"; # Define your hostname.
+  # networking
-  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
-
-  # Configure network proxy if necessary
-  # networking.proxy.default = "http://user:password@proxy:port/";
-  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
-
-  # Enable networking
   networking.networkmanager.enable = true;
-
+  networking.hostName = "catbook-j";
-  security.pam.services.jade.u2fAuth = true;
-  programs.i3lock.u2fSupport = true;
-  security.pam.u2f = {
-    enable = true;
-    cue = true;
-    control = "sufficient";
-    authFile = "/home/jade/.ssh/u2f_keys";
-  };
 
   i18n.extraLocaleSettings = {
     LC_ADDRESS = "de_DE.UTF-8";

hosts/monosodium-glutamate-g/configuration.nix

@@ -8,24 +8,6 @@
     ../../modules
   ];
 
-  # nixpkgs = {
-  #   overlays = [
-  #     (self: super: {
-  #       linux_zen_xeniafied = pkgs.linuxPackagesFor (pkgs.linuxKernel.kernels.linux_zen.override {
-  #         structuredExtraConfig = with lib.kernel; {
-  #           "FB" = yes;
-  #           "FRAMEBUFFER_CONSOLE" = yes;
-  #           "VGA_CONSOLE" = yes;
-  #           "VIDEO_SELECT" = yes;
-  #           LOGO = lib.mkForce yes;
-  #           LOGO_LINUX_CLUT224 = yes;
-  #         };
-  #         ignoreConfigErrors = true;
-  #       });
-  #     })
-  #   ];
-  # };
-
   jade = {
     flatpak.enable = true;
     desktop = {
@@ -46,16 +28,8 @@
       systemd-boot.enable = true;
       efi.canTouchEfiVariables = true;
     };
-    # latest linux kernel
+
-    #boot.kernelPackages = pkgs.linuxPackages_latest;
-    #boot.kernelPackages = pkgs.linux_zen_xeniafied;
     kernelPackages = pkgs.linuxPackages_zen;
-    # boot.kernelPatches = [
-    #   {
-    #     name = "fomx";
-    #     patch = ../other/0001-fomx.patch;
-    #   }
-    # ];
 
     binfmt.emulatedSystems = ["aarch64-linux"];
   };
@@ -82,16 +56,6 @@
     enableRedistributableFirmware = true;
   };
 
-  security.pam.services.jade.u2fAuth = true;
-  programs.i3lock.u2fSupport = true;
-
-  security.pam.u2f = {
-    enable = true;
-    cue = true;
-    control = "sufficient";
-    authFile = "/home/jade/.ssh/u2f_keys";
-  };
-
   # missing: menu-qalc picom-jonaburg
   environment.systemPackages = with pkgs; [
     # TODO: clean up.

hosts/potatobook-g/configuration.nix

@@ -116,17 +116,8 @@
   services.gnome.gnome-keyring.enable = true;
   programs.seahorse.enable = true;
   security.pam.services.jade.enableGnomeKeyring = true;
-  security.pam.services.jade.u2fAuth = true;
 
   systemd.services."NetworkManager-wait-online".enable = false;
-  programs.i3lock.u2fSupport = true;
-
-  security.pam.u2f = {
-    enable = true;
-    cue = true;
-    control = "sufficient";
-    authFile = "/home/jade/.ssh/u2f_keys";
-  };
 
   # services.pixiecore =
   #   let

modules/default.nix

@@ -6,7 +6,6 @@
     ./flatpak.nix
     ./firewall.nix
     ./git.nix
-    ./kmscon.nix
     ./mprocs.nix
   ];
 }

modules/desktop/specific-hardware/default.nix

@@ -7,5 +7,6 @@
   imports = [
     ./spacenav.nix
     ./wacom.nix
+    ./hardware_key.nix
   ];
 }

modules/desktop/specific-hardware/hardware_key.nix

@@ -0,0 +1,20 @@
+{pkgs, ...}: {
+  # nitrokey
+  services.udev.packages = [pkgs.nitrokey-udev-rules];
+
+  # smartcard daemon
+  services.pcscd.enable = true;
+
+  # authenticate using hw key
+  security.pam = {
+    services.jade.u2fAuth = true;
+    u2f = {
+      enable = true;
+      cue = true;
+      control = "sufficient";
+      authFile = "/home/jade/.ssh/u2f_keys";
+    };
+  };
+
+  programs.i3lock.u2fSupport = true;
+}

modules/shell/default.nix

@@ -6,6 +6,7 @@
     ./zellij.nix
     ./carapace.nix
     ./direnv.nix
+    ./tty.nix
   ];
   programs.mosh.enable = true;
 }

modules/shell/tty.nix

@@ -34,6 +34,26 @@
       (getAttr (substring 5 2 (toUpper color)) hexLookupTable)
     ]);
 in {
+  # TODO: global colorscheme vars for everything
+  console.colors = [
+    "282828"
+    "cc241d"
+    "98971a"
+    "d79921"
+    "458588"
+    "b16286"
+    "689d6a"
+    "a89984"
+    "928374"
+    "fb4934"
+    "b8bb26"
+    "fabd2f"
+    "83a598"
+    "d3869b"
+    "8ec07c"
+    "ebdbb2"
+  ];
+
   services.kmscon = {
     enable = true;
     fonts = [