modules: add yubikey and i3lock

This commit is contained in:
Dmitriy Pleshevskiy 2024-05-18 15:42:44 +03:00
parent cad385b8a7
commit fbb63022cf
Signed by: pleshevskiy
GPG key ID: 17041163DA10A9A2
7 changed files with 62 additions and 6 deletions

View file

@ -7,6 +7,8 @@
./users
];
local.yubikey.enable = true;
################################################################################
# Services
################################################################################

View file

@ -7,9 +7,12 @@
# Enable keyboard on the boot
boot.initrd.availableKernelModules = [ "hid_asus" ];
# Enable containers
# See: https://github.com/NixOS/nixpkgs/issues/38676
boot.kernelModules = [ "veth" ];
boot.kernelModules = [
# Enable containers
# See: https://github.com/NixOS/nixpkgs/issues/38676
"veth"
];
powerManagement = {
enable = true;

View file

@ -348,7 +348,7 @@ myKeys conf =
system_kb =
[ -- Lock screen
("M4-l", spawn "dm-tool lock"),
("M4-l", spawn "loginctl lock-session"),
-- Quit xmonad
("M4-S-q", io exitSuccess)
]

View file

@ -1,4 +1,8 @@
{ ... }:
{
imports = [ ./waylock.nix ];
imports = [
./i3lock.nix
./waylock.nix
];
}

View file

@ -0,0 +1,19 @@
{ config, lib, ... }:
let
cfg = config.local.lockscreen.i3lock;
in
{
options.local.lockscreen.i3lock = with lib; {
enable = mkEnableOption "i3lock";
};
config = lib.mkIf cfg.enable {
programs.i3lock = {
enable = true;
u2fSupport = lib.mkDefault config.local.yubikey.enable;
};
programs.xss-lock.enable = true;
};
}

View file

@ -2,7 +2,7 @@
let cfg = config.local.window-manager.xmonad; in
{
options.local.window-manager.xmonad.enable = lib.mkEnableOption "window-manager";
options.local.window-manager.xmonad.enable = lib.mkEnableOption "xmonad";
config = lib.mkIf cfg.enable {
services.dbus = {
@ -17,5 +17,7 @@ let cfg = config.local.window-manager.xmonad; in
};
programs.gnupg.agent.pinentryFlavor = "gtk2";
local.lockscreen.i3lock.enable = lib.mkDefault true;
};
}

View file

@ -0,0 +1,26 @@
{ config, lib, pkgs, ... }:
let cfg = config.local.yubikey; in
{
options.local.yubikey = with lib; {
enable = mkEnableOption "yubikey";
};
config = lib.mkIf cfg.enable {
environment.systemPackages = [ pkgs.yubikey-manager pkgs.yubikey-personalization ];
services.udev.packages = [ pkgs.yubikey-personalization ];
security.pam.services = {
login.u2fAuth = true;
sudo.u2fAuth = true;
};
services.pcscd.enable = true;
services.udev.extraRules = lib.mkIf config.programs.xss-lock.enable ''
ACTION=="remove",\
ENV{DEVTYPE}=="usb_device",\
ENV{PRODUCT}=="1050/402/543",\
RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
'';
};
}