add udiskie for automount

hosts/nixos/yveltal/configuration.nix

@@ -22,6 +22,7 @@
   system = {
     secure_boot.enable = true;
     cifs_mounts.enable = true;
+    udiskie.enable = true;
     ssh.enable = true;
     sops.enable = true;
     yubikey.enable = true;

modules/desktop/hypr/default.nix

@@ -15,6 +15,8 @@ in {
     programs.hyprland.enable = true;
 
     # give hyprlock perms to unlock
-    security.pam.services.hyprlock = {};
+    security.pam.services.hyprlock = {
+      enable = true;
+    };
   };
 }

modules/system/default.nix

@@ -18,6 +18,7 @@
     ./flatpak
     ./secure_boot
     ./cifs_mounts
+    ./udiskie
   ];
 
   system.ssh.enable = lib.mkDefault true;

modules/system/tailscale/default.nix

@@ -21,6 +21,9 @@ in {
         "--accept-dns=true" # explicitly allow resolved
       ];
     };
+    systemd.services.tailscaled = {
+      after = [ "remote-fs.target" ];   # keep tailscale up until remote mounts are unmounted
+    };
 
     # network config
     networking.firewall.trustedInterfaces = ["tailscale0"];

modules/system/udiskie/default.nix

@@ -0,0 +1,16 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: let
+  cfg = config.system.udiskie;
+in {
+  options.system.udiskie = {
+    enable = lib.mkEnableOption "enable udiskie for automount on nixos side";
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.udisks2.enable = true;
+  };
+}

modules/system/yubikey/default.nix

@@ -5,7 +5,7 @@
   ...
 }:
 /*
-# to enroll a yubikey (works like .ssh/known_hosts)
+# to enroll a yubikey with pam (works like .ssh/known_hosts)
 nix-shell -p pam_u2f
 mkdir -p ~/.config/Yubico
 pamu2fcfg > ~/.config/Yubico/u2f_keys
@@ -15,6 +15,9 @@ pamu2fcfg -n >> ~/.config/Yubico/u2f_keys (to add additional yubikeys)
 nix-shell -p pamtester
 pamtester login <username> authenticate
 pamtester sudo <username> authenticate
+
+# to enroll yubikey with luks
+`sudo systemd-cryptenroll --fido2-device=auto /dev/<disk>`
 */
 let
   service = "yubikey";
@@ -46,9 +49,15 @@ in {
     # enable smartcard
     services.pcscd.enable = true;
 
+    # enables it for everything
+    security.pam.u2f = lib.mkIf (cfg.mode == "u2f") {
+      enable = true;
+    };
+
+    # selectivlt edit what u2f is enabled for
     security.pam.services = lib.mkIf (cfg.mode == "u2f") {
-      login.u2fAuth = true;
+      #login.u2fAuth = true;
-      sudo.u2fAuth = true;
+      #sudo.u2fAuth = true;
     };
 
     security.pam.yubico = lib.mkIf (cfg.mode == "challenge-response") {

users/blake/dots/core/default.nix

@@ -14,6 +14,7 @@
     ./git
     ./xdg
     ./nh
+    ./udiskie
   ];
 
   dots = {
@@ -26,6 +27,7 @@
     git.enable = lib.mkDefault true;
     xdg.enable = lib.mkDefault true;
     nh.enable = lib.mkDefault true;
+    udiskie.enable = lib.mkDefault true;
     };
  
 

users/blake/dots/core/lf/lfrc

@@ -23,6 +23,7 @@ set ignorecase true
 
 # shortcuts
 map gb cd /holocron
+map gz cd %{{ [ -d /holocron ] && printf /holocron || printf /media/holocron }}
 map gn cd ~/.nix
 map gc cd ~/.config
 

users/blake/dots/core/udiskie/default.nix

@@ -0,0 +1,34 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: let
+  program = "udiskie";
+  cfg = config.dots.${program};
+  home_dir = config.home.homeDirectory;
+in {
+  options.dots.${program} = {
+    enable = lib.mkEnableOption "enables ${program}";
+  };
+
+  config = lib.mkIf cfg.enable {
+    programs.${program} = {
+      enable = true;
+      automount = true;
+      notify = true;
+      tray = "auto";
+      settings = {
+        rules = [
+          {
+          id_uuid = ["4E21-0000" "9EA2-A886"];
+          automount = true;
+          }
+        ];
+      };
+    };
+
+    # add userspace tools
+    home.packages = with pkgs; [udiskie];
+  };
+}

users/blake/hosts/froakie.nix

@@ -0,0 +1,46 @@
+{
+  config,
+  lib,
+  pkgs,
+  inputs,
+  ...
+}:
+  
+{
+  imports = [
+    ../dots
+  ];
+
+  dots = {
+    stylix = {
+      enable = true;
+      wallpaper = ../assets/wallpapers/yveltal.jpg;
+    };
+
+    programs.enable = true;
+
+    kitty.enable = true;
+    librewolf.enable = true;
+    waybar.enable = true;
+    dunst.enable = true;
+    hypr.enable = true;
+    tofi.enable = true;
+    clipboard.enable = true;
+    cursor.enable = true;
+
+    btop.enable = true;
+    lf.enable = true;
+    nvf.enable = true;
+    zsh.enable = true;
+    ssh.enable = true;
+    gpg.enable = true;
+    git.enable = true;
+    xdg.enable = true;
+ 
+    libreoffice.enable = true;
+    gnucash.enable = true;
+    qalculate.enable = true;
+    bitwarden.enable = true;
+  };
+
+}