common.nix

@@ -29,6 +29,9 @@ with builtins; {
 
   environment = {
     systemPackages = with pkgs; [
+      # pynitrokey
+      # nitrokey-app2
+
       veracrypt
 
       htmlq
@@ -87,6 +90,29 @@ with builtins; {
     };
   };
 
+  console.colors = [
+    "282828"
+    "cc241d"
+    "98971a"
+    "d79921"
+    "458588"
+    "b16286"
+    "689d6a"
+    "a89984"
+    "928374"
+    "fb4934"
+    "b8bb26"
+    "fabd2f"
+    "83a598"
+    "d3869b"
+    "8ec07c"
+    "ebdbb2"
+  ];
+
+  # nitrokey
+  services.udev.packages = [pkgs.nitrokey-udev-rules];
+  services.pcscd.enable = true;
+
   programs = {
     ssh.startAgent = false;
     gnupg.agent = {
@@ -131,6 +157,9 @@ with builtins; {
   users.users.jade = {
     isNormalUser = true;
     extraGroups = ["wheel" "input" "uinput" "libvirtd" "adbusers" "dialout" "plugdev" "wireshark"];
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOaE8TFsIazpn4OnHvHcRpOFr9FfvMaWOiEjmHsmnAoE cardno:000F_70CD7D05"
+    ];
   };
 
   zramSwap = {

hosts/catbook-j/configuration.nix

@@ -103,15 +103,55 @@
     "/crypto_keyfile.bin" = null;
   };
 
+  # nixpkgs = {
+  #   overlays = [
+  #     (self: super: {
+  #       linux_zen_xeniafied = pkgs.linuxPackagesFor (pkgs.linuxKernel.kernels.linux_zen.override {
+  #         structuredExtraConfig = with lib.kernel; {
+  #           "FB" = yes;
+  #           "FRAMEBUFFER_CONSOLE" = yes;
+  #           "VGA_CONSOLE" = yes;
+  #           "VIDEO_SELECT" = yes;
+  #           LOGO = lib.mkForce yes;
+  #           LOGO_LINUX_CLUT224 = yes;
+  #         };
+  #         ignoreConfigErrors = true;
+  #       });
+  #     })
+  #   ];
+  # };
+
   boot.kernelPackages = pkgs.linuxPackages_zen;
+  # boot.kernelPatches = [
+  #   {
+  #     name = "fomx";
+  #     patch = ../../other/0001-fomx.patch;
+  #   }
+  # ];
+
   services.xserver.displayManager.autoLogin = {
     enable = true;
     user = "jade";
   };
 
-  # networking
+  networking.hostName = "catbook-j"; # Define your hostname.
+  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+
+  # Configure network proxy if necessary
+  # networking.proxy.default = "http://user:password@proxy:port/";
+  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+  # Enable networking
   networking.networkmanager.enable = true;
-  networking.hostName = "catbook-j";
+
+  security.pam.services.jade.u2fAuth = true;
+  programs.i3lock.u2fSupport = true;
+  security.pam.u2f = {
+    enable = true;
+    cue = true;
+    control = "sufficient";
+    authFile = "/home/jade/.ssh/u2f_keys";
+  };
 
   i18n.extraLocaleSettings = {
     LC_ADDRESS = "de_DE.UTF-8";

hosts/monosodium-glutamate-g/configuration.nix

@@ -8,6 +8,24 @@
     ../../modules
   ];
 
+  # nixpkgs = {
+  #   overlays = [
+  #     (self: super: {
+  #       linux_zen_xeniafied = pkgs.linuxPackagesFor (pkgs.linuxKernel.kernels.linux_zen.override {
+  #         structuredExtraConfig = with lib.kernel; {
+  #           "FB" = yes;
+  #           "FRAMEBUFFER_CONSOLE" = yes;
+  #           "VGA_CONSOLE" = yes;
+  #           "VIDEO_SELECT" = yes;
+  #           LOGO = lib.mkForce yes;
+  #           LOGO_LINUX_CLUT224 = yes;
+  #         };
+  #         ignoreConfigErrors = true;
+  #       });
+  #     })
+  #   ];
+  # };
+
   jade = {
     flatpak.enable = true;
     desktop = {
@@ -28,8 +46,16 @@
       systemd-boot.enable = true;
       efi.canTouchEfiVariables = true;
     };
-
+    # latest linux kernel
+    #boot.kernelPackages = pkgs.linuxPackages_latest;
+    #boot.kernelPackages = pkgs.linux_zen_xeniafied;
     kernelPackages = pkgs.linuxPackages_zen;
+    # boot.kernelPatches = [
+    #   {
+    #     name = "fomx";
+    #     patch = ../other/0001-fomx.patch;
+    #   }
+    # ];
 
     binfmt.emulatedSystems = ["aarch64-linux"];
   };
@@ -56,6 +82,16 @@
     enableRedistributableFirmware = true;
   };
 
+  security.pam.services.jade.u2fAuth = true;
+  programs.i3lock.u2fSupport = true;
+
+  security.pam.u2f = {
+    enable = true;
+    cue = true;
+    control = "sufficient";
+    authFile = "/home/jade/.ssh/u2f_keys";
+  };
+
   # missing: menu-qalc picom-jonaburg
   environment.systemPackages = with pkgs; [
     # TODO: clean up.

hosts/potatobook-g/configuration.nix

@@ -116,8 +116,17 @@
   services.gnome.gnome-keyring.enable = true;
   programs.seahorse.enable = true;
   security.pam.services.jade.enableGnomeKeyring = true;
+  security.pam.services.jade.u2fAuth = true;
 
   systemd.services."NetworkManager-wait-online".enable = false;
+  programs.i3lock.u2fSupport = true;
+
+  security.pam.u2f = {
+    enable = true;
+    cue = true;
+    control = "sufficient";
+    authFile = "/home/jade/.ssh/u2f_keys";
+  };
 
   # services.pixiecore =
   #   let

modules/default.nix

@@ -6,6 +6,7 @@
     ./flatpak.nix
     ./firewall.nix
     ./git.nix
+    ./kmscon.nix
     ./mprocs.nix
   ];
 }

modules/desktop/specific-hardware/default.nix

@@ -7,6 +7,5 @@
   imports = [
     ./spacenav.nix
     ./wacom.nix
-    ./hardware_key.nix
   ];
 }

modules/desktop/specific-hardware/hardware_key.nix

@@ -1,20 +0,0 @@
-{pkgs, ...}: {
-  # nitrokey
-  services.udev.packages = [pkgs.nitrokey-udev-rules];
-
-  # smartcard daemon
-  services.pcscd.enable = true;
-
-  # authenticate using hw key
-  security.pam = {
-    services.jade.u2fAuth = true;
-    u2f = {
-      enable = true;
-      cue = true;
-      control = "sufficient";
-      authFile = "/home/jade/.ssh/u2f_keys";
-    };
-  };
-
-  programs.i3lock.u2fSupport = true;
-}

modules/kmscon.nix

@@ -34,26 +34,6 @@
       (getAttr (substring 5 2 (toUpper color)) hexLookupTable)
     ]);
 in {
-  # TODO: global colorscheme vars for everything
-  console.colors = [
-    "282828"
-    "cc241d"
-    "98971a"
-    "d79921"
-    "458588"
-    "b16286"
-    "689d6a"
-    "a89984"
-    "928374"
-    "fb4934"
-    "b8bb26"
-    "fabd2f"
-    "83a598"
-    "d3869b"
-    "8ec07c"
-    "ebdbb2"
-  ];
-
   services.kmscon = {
     enable = true;
     fonts = [

modules/shell/default.nix

@@ -6,7 +6,6 @@
     ./zellij.nix
     ./carapace.nix
     ./direnv.nix
-    ./tty.nix
   ];
   programs.mosh.enable = true;
 }