add udiskie for automount
This commit is contained in:
@@ -15,6 +15,8 @@ in {
|
||||
programs.hyprland.enable = true;
|
||||
|
||||
# give hyprlock perms to unlock
|
||||
security.pam.services.hyprlock = {};
|
||||
security.pam.services.hyprlock = {
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -18,6 +18,7 @@
|
||||
./flatpak
|
||||
./secure_boot
|
||||
./cifs_mounts
|
||||
./udiskie
|
||||
];
|
||||
|
||||
system.ssh.enable = lib.mkDefault true;
|
||||
|
||||
@@ -21,6 +21,9 @@ in {
|
||||
"--accept-dns=true" # explicitly allow resolved
|
||||
];
|
||||
};
|
||||
systemd.services.tailscaled = {
|
||||
after = [ "remote-fs.target" ]; # keep tailscale up until remote mounts are unmounted
|
||||
};
|
||||
|
||||
# network config
|
||||
networking.firewall.trustedInterfaces = ["tailscale0"];
|
||||
|
||||
16
modules/system/udiskie/default.nix
Normal file
16
modules/system/udiskie/default.nix
Normal file
@@ -0,0 +1,16 @@
|
||||
{
|
||||
pkgs,
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
cfg = config.system.udiskie;
|
||||
in {
|
||||
options.system.udiskie = {
|
||||
enable = lib.mkEnableOption "enable udiskie for automount on nixos side";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.udisks2.enable = true;
|
||||
};
|
||||
}
|
||||
@@ -5,7 +5,7 @@
|
||||
...
|
||||
}:
|
||||
/*
|
||||
# to enroll a yubikey (works like .ssh/known_hosts)
|
||||
# to enroll a yubikey with pam (works like .ssh/known_hosts)
|
||||
nix-shell -p pam_u2f
|
||||
mkdir -p ~/.config/Yubico
|
||||
pamu2fcfg > ~/.config/Yubico/u2f_keys
|
||||
@@ -15,6 +15,9 @@ pamu2fcfg -n >> ~/.config/Yubico/u2f_keys (to add additional yubikeys)
|
||||
nix-shell -p pamtester
|
||||
pamtester login <username> authenticate
|
||||
pamtester sudo <username> authenticate
|
||||
|
||||
# to enroll yubikey with luks
|
||||
`sudo systemd-cryptenroll --fido2-device=auto /dev/<disk>`
|
||||
*/
|
||||
let
|
||||
service = "yubikey";
|
||||
@@ -46,9 +49,15 @@ in {
|
||||
# enable smartcard
|
||||
services.pcscd.enable = true;
|
||||
|
||||
# enables it for everything
|
||||
security.pam.u2f = lib.mkIf (cfg.mode == "u2f") {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
# selectivlt edit what u2f is enabled for
|
||||
security.pam.services = lib.mkIf (cfg.mode == "u2f") {
|
||||
login.u2fAuth = true;
|
||||
sudo.u2fAuth = true;
|
||||
#login.u2fAuth = true;
|
||||
#sudo.u2fAuth = true;
|
||||
};
|
||||
|
||||
security.pam.yubico = lib.mkIf (cfg.mode == "challenge-response") {
|
||||
|
||||
Reference in New Issue
Block a user