diff --git a/hosts/nixos/yveltal/configuration.nix b/hosts/nixos/yveltal/configuration.nix index d5d622a..9d3664a 100644 --- a/hosts/nixos/yveltal/configuration.nix +++ b/hosts/nixos/yveltal/configuration.nix @@ -22,6 +22,7 @@ system = { secure_boot.enable = true; cifs_mounts.enable = true; + udiskie.enable = true; ssh.enable = true; sops.enable = true; yubikey.enable = true; diff --git a/modules/desktop/hypr/default.nix b/modules/desktop/hypr/default.nix index 5331cd9..06bd31e 100644 --- a/modules/desktop/hypr/default.nix +++ b/modules/desktop/hypr/default.nix @@ -15,6 +15,8 @@ in { programs.hyprland.enable = true; # give hyprlock perms to unlock - security.pam.services.hyprlock = {}; + security.pam.services.hyprlock = { + enable = true; + }; }; } diff --git a/modules/system/default.nix b/modules/system/default.nix index 8da6742..c77ccfa 100644 --- a/modules/system/default.nix +++ b/modules/system/default.nix @@ -18,6 +18,7 @@ ./flatpak ./secure_boot ./cifs_mounts + ./udiskie ]; system.ssh.enable = lib.mkDefault true; diff --git a/modules/system/tailscale/default.nix b/modules/system/tailscale/default.nix index 1c5d555..b70d554 100644 --- a/modules/system/tailscale/default.nix +++ b/modules/system/tailscale/default.nix @@ -21,6 +21,9 @@ in { "--accept-dns=true" # explicitly allow resolved ]; }; + systemd.services.tailscaled = { + after = [ "remote-fs.target" ]; # keep tailscale up until remote mounts are unmounted + }; # network config networking.firewall.trustedInterfaces = ["tailscale0"]; diff --git a/modules/system/udiskie/default.nix b/modules/system/udiskie/default.nix new file mode 100644 index 0000000..c43abd3 --- /dev/null +++ b/modules/system/udiskie/default.nix @@ -0,0 +1,16 @@ +{ + pkgs, + lib, + config, + ... +}: let + cfg = config.system.udiskie; +in { + options.system.udiskie = { + enable = lib.mkEnableOption "enable udiskie for automount on nixos side"; + }; + + config = lib.mkIf cfg.enable { + services.udisks2.enable = true; + }; +} diff --git a/modules/system/yubikey/default.nix b/modules/system/yubikey/default.nix index 27abd3d..927c245 100644 --- a/modules/system/yubikey/default.nix +++ b/modules/system/yubikey/default.nix @@ -5,7 +5,7 @@ ... }: /* -# to enroll a yubikey (works like .ssh/known_hosts) +# to enroll a yubikey with pam (works like .ssh/known_hosts) nix-shell -p pam_u2f mkdir -p ~/.config/Yubico pamu2fcfg > ~/.config/Yubico/u2f_keys @@ -15,6 +15,9 @@ pamu2fcfg -n >> ~/.config/Yubico/u2f_keys (to add additional yubikeys) nix-shell -p pamtester pamtester login authenticate pamtester sudo authenticate + +# to enroll yubikey with luks +`sudo systemd-cryptenroll --fido2-device=auto /dev/` */ let service = "yubikey"; @@ -46,9 +49,15 @@ in { # enable smartcard services.pcscd.enable = true; + # enables it for everything + security.pam.u2f = lib.mkIf (cfg.mode == "u2f") { + enable = true; + }; + + # selectivlt edit what u2f is enabled for security.pam.services = lib.mkIf (cfg.mode == "u2f") { - login.u2fAuth = true; - sudo.u2fAuth = true; + #login.u2fAuth = true; + #sudo.u2fAuth = true; }; security.pam.yubico = lib.mkIf (cfg.mode == "challenge-response") { diff --git a/users/blake/dots/core/default.nix b/users/blake/dots/core/default.nix index 86114a5..9dd3c0b 100644 --- a/users/blake/dots/core/default.nix +++ b/users/blake/dots/core/default.nix @@ -14,6 +14,7 @@ ./git ./xdg ./nh + ./udiskie ]; dots = { @@ -26,6 +27,7 @@ git.enable = lib.mkDefault true; xdg.enable = lib.mkDefault true; nh.enable = lib.mkDefault true; + udiskie.enable = lib.mkDefault true; }; diff --git a/users/blake/dots/core/lf/lfrc b/users/blake/dots/core/lf/lfrc index b5e9bcf..dc7481e 100644 --- a/users/blake/dots/core/lf/lfrc +++ b/users/blake/dots/core/lf/lfrc @@ -23,6 +23,7 @@ set ignorecase true # shortcuts map gb cd /holocron +map gz cd %{{ [ -d /holocron ] && printf /holocron || printf /media/holocron }} map gn cd ~/.nix map gc cd ~/.config diff --git a/users/blake/dots/core/udiskie/default.nix b/users/blake/dots/core/udiskie/default.nix new file mode 100644 index 0000000..1b54d99 --- /dev/null +++ b/users/blake/dots/core/udiskie/default.nix @@ -0,0 +1,34 @@ +{ + pkgs, + lib, + config, + ... +}: let + program = "udiskie"; + cfg = config.dots.${program}; + home_dir = config.home.homeDirectory; +in { + options.dots.${program} = { + enable = lib.mkEnableOption "enables ${program}"; + }; + + config = lib.mkIf cfg.enable { + programs.${program} = { + enable = true; + automount = true; + notify = true; + tray = "auto"; + settings = { + rules = [ + { + id_uuid = ["4E21-0000" "9EA2-A886"]; + automount = true; + } + ]; + }; + }; + + # add userspace tools + home.packages = with pkgs; [udiskie]; + }; +} diff --git a/users/blake/hosts/froakie.nix b/users/blake/hosts/froakie.nix new file mode 100644 index 0000000..f1be01c --- /dev/null +++ b/users/blake/hosts/froakie.nix @@ -0,0 +1,46 @@ +{ + config, + lib, + pkgs, + inputs, + ... +}: + +{ + imports = [ + ../dots + ]; + + dots = { + stylix = { + enable = true; + wallpaper = ../assets/wallpapers/yveltal.jpg; + }; + + programs.enable = true; + + kitty.enable = true; + librewolf.enable = true; + waybar.enable = true; + dunst.enable = true; + hypr.enable = true; + tofi.enable = true; + clipboard.enable = true; + cursor.enable = true; + + btop.enable = true; + lf.enable = true; + nvf.enable = true; + zsh.enable = true; + ssh.enable = true; + gpg.enable = true; + git.enable = true; + xdg.enable = true; + + libreoffice.enable = true; + gnucash.enable = true; + qalculate.enable = true; + bitwarden.enable = true; + }; + +}