modules: add yubikey and i3lock

hosts/asus-gl553vd/configuration.nix

@@ -7,6 +7,8 @@
     ./users
   ];
 
+  local.yubikey.enable = true;
+
   ################################################################################
   # Services
   ################################################################################

hosts/asus-gl553vd/hardware-configuration/default.nix

@@ -7,9 +7,12 @@
   # Enable keyboard on the boot
   boot.initrd.availableKernelModules = [ "hid_asus" ];
 
-  # Enable containers
-  # See: https://github.com/NixOS/nixpkgs/issues/38676
-  boot.kernelModules = [ "veth" ];
+  boot.kernelModules = [
+    # Enable containers
+    # See: https://github.com/NixOS/nixpkgs/issues/38676
+    "veth"
+  ];
+
 
   powerManagement = {
     enable = true;

modules/home-manager/configs/window-manager/xmonad/xmonad_config.hs

@@ -348,7 +348,7 @@ myKeys conf =
 
     system_kb =
       [ -- Lock screen
-        ("M4-l", spawn "dm-tool lock"),
+        ("M4-l", spawn "loginctl lock-session"),
         -- Quit xmonad
         ("M4-S-q", io exitSuccess)
       ]

modules/nixos/configs/lockscreen/default.nix

@@ -1,4 +1,8 @@
 { ... }:
+
 {
-  imports = [ ./waylock.nix ];
+  imports = [
+    ./i3lock.nix
+    ./waylock.nix
+  ];
 }

modules/nixos/configs/lockscreen/i3lock.nix

@@ -0,0 +1,19 @@
+{ config, lib, ... }:
+
+let
+  cfg = config.local.lockscreen.i3lock;
+in
+{
+  options.local.lockscreen.i3lock = with lib; {
+    enable = mkEnableOption "i3lock";
+  };
+
+  config = lib.mkIf cfg.enable {
+    programs.i3lock = {
+      enable = true;
+      u2fSupport = lib.mkDefault config.local.yubikey.enable;
+    };
+
+    programs.xss-lock.enable = true;
+  };
+}

modules/nixos/configs/window-manager/xmonad.nix

@@ -2,7 +2,7 @@
 
 let cfg = config.local.window-manager.xmonad; in
 {
-  options.local.window-manager.xmonad.enable = lib.mkEnableOption "window-manager";
+  options.local.window-manager.xmonad.enable = lib.mkEnableOption "xmonad";
 
   config = lib.mkIf cfg.enable {
     services.dbus = {
@@ -17,5 +17,7 @@ let cfg = config.local.window-manager.xmonad; in
     };
 
     programs.gnupg.agent.pinentryFlavor = "gtk2";
+
+    local.lockscreen.i3lock.enable = lib.mkDefault true;
   };
 }

modules/nixos/configs/yubikey.nix

@@ -0,0 +1,26 @@
+{ config, lib, pkgs, ... }:
+
+let cfg = config.local.yubikey; in
+{
+  options.local.yubikey = with lib; {
+    enable = mkEnableOption "yubikey";
+  };
+
+  config = lib.mkIf cfg.enable {
+    environment.systemPackages = [ pkgs.yubikey-manager pkgs.yubikey-personalization ];
+
+    services.udev.packages = [ pkgs.yubikey-personalization ];
+    security.pam.services = {
+      login.u2fAuth = true;
+      sudo.u2fAuth = true;
+    };
+    services.pcscd.enable = true;
+
+    services.udev.extraRules = lib.mkIf config.programs.xss-lock.enable ''
+      ACTION=="remove",\
+       ENV{DEVTYPE}=="usb_device",\
+       ENV{PRODUCT}=="1050/402/543",\
+       RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
+    '';
+  };
+}