modules: add yubikey and i3lock
This commit is contained in:
parent
cad385b8a7
commit
fbb63022cf
7 changed files with 62 additions and 6 deletions
|
@ -7,6 +7,8 @@
|
|||
./users
|
||||
];
|
||||
|
||||
local.yubikey.enable = true;
|
||||
|
||||
################################################################################
|
||||
# Services
|
||||
################################################################################
|
||||
|
|
|
@ -7,9 +7,12 @@
|
|||
# Enable keyboard on the boot
|
||||
boot.initrd.availableKernelModules = [ "hid_asus" ];
|
||||
|
||||
# Enable containers
|
||||
# See: https://github.com/NixOS/nixpkgs/issues/38676
|
||||
boot.kernelModules = [ "veth" ];
|
||||
boot.kernelModules = [
|
||||
# Enable containers
|
||||
# See: https://github.com/NixOS/nixpkgs/issues/38676
|
||||
"veth"
|
||||
];
|
||||
|
||||
|
||||
powerManagement = {
|
||||
enable = true;
|
||||
|
|
|
@ -348,7 +348,7 @@ myKeys conf =
|
|||
|
||||
system_kb =
|
||||
[ -- Lock screen
|
||||
("M4-l", spawn "dm-tool lock"),
|
||||
("M4-l", spawn "loginctl lock-session"),
|
||||
-- Quit xmonad
|
||||
("M4-S-q", io exitSuccess)
|
||||
]
|
||||
|
|
|
@ -1,4 +1,8 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
imports = [ ./waylock.nix ];
|
||||
imports = [
|
||||
./i3lock.nix
|
||||
./waylock.nix
|
||||
];
|
||||
}
|
||||
|
|
19
modules/nixos/configs/lockscreen/i3lock.nix
Normal file
19
modules/nixos/configs/lockscreen/i3lock.nix
Normal file
|
@ -0,0 +1,19 @@
|
|||
{ config, lib, ... }:
|
||||
|
||||
let
|
||||
cfg = config.local.lockscreen.i3lock;
|
||||
in
|
||||
{
|
||||
options.local.lockscreen.i3lock = with lib; {
|
||||
enable = mkEnableOption "i3lock";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
programs.i3lock = {
|
||||
enable = true;
|
||||
u2fSupport = lib.mkDefault config.local.yubikey.enable;
|
||||
};
|
||||
|
||||
programs.xss-lock.enable = true;
|
||||
};
|
||||
}
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
let cfg = config.local.window-manager.xmonad; in
|
||||
{
|
||||
options.local.window-manager.xmonad.enable = lib.mkEnableOption "window-manager";
|
||||
options.local.window-manager.xmonad.enable = lib.mkEnableOption "xmonad";
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.dbus = {
|
||||
|
@ -17,5 +17,7 @@ let cfg = config.local.window-manager.xmonad; in
|
|||
};
|
||||
|
||||
programs.gnupg.agent.pinentryFlavor = "gtk2";
|
||||
|
||||
local.lockscreen.i3lock.enable = lib.mkDefault true;
|
||||
};
|
||||
}
|
||||
|
|
26
modules/nixos/configs/yubikey.nix
Normal file
26
modules/nixos/configs/yubikey.nix
Normal file
|
@ -0,0 +1,26 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let cfg = config.local.yubikey; in
|
||||
{
|
||||
options.local.yubikey = with lib; {
|
||||
enable = mkEnableOption "yubikey";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
environment.systemPackages = [ pkgs.yubikey-manager pkgs.yubikey-personalization ];
|
||||
|
||||
services.udev.packages = [ pkgs.yubikey-personalization ];
|
||||
security.pam.services = {
|
||||
login.u2fAuth = true;
|
||||
sudo.u2fAuth = true;
|
||||
};
|
||||
services.pcscd.enable = true;
|
||||
|
||||
services.udev.extraRules = lib.mkIf config.programs.xss-lock.enable ''
|
||||
ACTION=="remove",\
|
||||
ENV{DEVTYPE}=="usb_device",\
|
||||
ENV{PRODUCT}=="1050/402/543",\
|
||||
RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
|
||||
'';
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue