From fbb63022cfc77a83b4ccde75b60dc8c47900b45c Mon Sep 17 00:00:00 2001
From: Dmitriy Pleshevskiy <dmitriy@pleshevski.ru>
Date: Sat, 18 May 2024 15:42:44 +0300
Subject: [PATCH] modules: add yubikey and i3lock

---
 hosts/asus-gl553vd/configuration.nix          |  2 ++
 .../hardware-configuration/default.nix        |  9 ++++---
 .../window-manager/xmonad/xmonad_config.hs    |  2 +-
 modules/nixos/configs/lockscreen/default.nix  |  6 ++++-
 modules/nixos/configs/lockscreen/i3lock.nix   | 19 ++++++++++++++
 .../nixos/configs/window-manager/xmonad.nix   |  4 ++-
 modules/nixos/configs/yubikey.nix             | 26 +++++++++++++++++++
 7 files changed, 62 insertions(+), 6 deletions(-)
 create mode 100644 modules/nixos/configs/lockscreen/i3lock.nix
 create mode 100644 modules/nixos/configs/yubikey.nix

diff --git a/hosts/asus-gl553vd/configuration.nix b/hosts/asus-gl553vd/configuration.nix
index 0529c61..14ccd19 100644
--- a/hosts/asus-gl553vd/configuration.nix
+++ b/hosts/asus-gl553vd/configuration.nix
@@ -7,6 +7,8 @@
     ./users
   ];
 
+  local.yubikey.enable = true;
+
   ################################################################################
   # Services
   ################################################################################
diff --git a/hosts/asus-gl553vd/hardware-configuration/default.nix b/hosts/asus-gl553vd/hardware-configuration/default.nix
index d594157..fe5feb3 100644
--- a/hosts/asus-gl553vd/hardware-configuration/default.nix
+++ b/hosts/asus-gl553vd/hardware-configuration/default.nix
@@ -7,9 +7,12 @@
   # Enable keyboard on the boot
   boot.initrd.availableKernelModules = [ "hid_asus" ];
 
-  # Enable containers
-  # See: https://github.com/NixOS/nixpkgs/issues/38676
-  boot.kernelModules = [ "veth" ];
+  boot.kernelModules = [
+    # Enable containers
+    # See: https://github.com/NixOS/nixpkgs/issues/38676
+    "veth"
+  ];
+
 
   powerManagement = {
     enable = true;
diff --git a/modules/home-manager/configs/window-manager/xmonad/xmonad_config.hs b/modules/home-manager/configs/window-manager/xmonad/xmonad_config.hs
index e5d4207..76a6870 100644
--- a/modules/home-manager/configs/window-manager/xmonad/xmonad_config.hs
+++ b/modules/home-manager/configs/window-manager/xmonad/xmonad_config.hs
@@ -348,7 +348,7 @@ myKeys conf =
 
     system_kb =
       [ -- Lock screen
-        ("M4-l", spawn "dm-tool lock"),
+        ("M4-l", spawn "loginctl lock-session"),
         -- Quit xmonad
         ("M4-S-q", io exitSuccess)
       ]
diff --git a/modules/nixos/configs/lockscreen/default.nix b/modules/nixos/configs/lockscreen/default.nix
index 2373ef4..32a793e 100644
--- a/modules/nixos/configs/lockscreen/default.nix
+++ b/modules/nixos/configs/lockscreen/default.nix
@@ -1,4 +1,8 @@
 { ... }:
+
 {
-  imports = [ ./waylock.nix ];
+  imports = [
+    ./i3lock.nix
+    ./waylock.nix
+  ];
 }
diff --git a/modules/nixos/configs/lockscreen/i3lock.nix b/modules/nixos/configs/lockscreen/i3lock.nix
new file mode 100644
index 0000000..6dc39ac
--- /dev/null
+++ b/modules/nixos/configs/lockscreen/i3lock.nix
@@ -0,0 +1,19 @@
+{ config, lib, ... }:
+
+let
+  cfg = config.local.lockscreen.i3lock;
+in
+{
+  options.local.lockscreen.i3lock = with lib; {
+    enable = mkEnableOption "i3lock";
+  };
+
+  config = lib.mkIf cfg.enable {
+    programs.i3lock = {
+      enable = true;
+      u2fSupport = lib.mkDefault config.local.yubikey.enable;
+    };
+
+    programs.xss-lock.enable = true;
+  };
+}
diff --git a/modules/nixos/configs/window-manager/xmonad.nix b/modules/nixos/configs/window-manager/xmonad.nix
index 9d7d43c..333daa5 100644
--- a/modules/nixos/configs/window-manager/xmonad.nix
+++ b/modules/nixos/configs/window-manager/xmonad.nix
@@ -2,7 +2,7 @@
 
 let cfg = config.local.window-manager.xmonad; in
 {
-  options.local.window-manager.xmonad.enable = lib.mkEnableOption "window-manager";
+  options.local.window-manager.xmonad.enable = lib.mkEnableOption "xmonad";
 
   config = lib.mkIf cfg.enable {
     services.dbus = {
@@ -17,5 +17,7 @@ let cfg = config.local.window-manager.xmonad; in
     };
 
     programs.gnupg.agent.pinentryFlavor = "gtk2";
+
+    local.lockscreen.i3lock.enable = lib.mkDefault true;
   };
 }
diff --git a/modules/nixos/configs/yubikey.nix b/modules/nixos/configs/yubikey.nix
new file mode 100644
index 0000000..00b08a1
--- /dev/null
+++ b/modules/nixos/configs/yubikey.nix
@@ -0,0 +1,26 @@
+{ config, lib, pkgs, ... }:
+
+let cfg = config.local.yubikey; in
+{
+  options.local.yubikey = with lib; {
+    enable = mkEnableOption "yubikey";
+  };
+
+  config = lib.mkIf cfg.enable {
+    environment.systemPackages = [ pkgs.yubikey-manager pkgs.yubikey-personalization ];
+
+    services.udev.packages = [ pkgs.yubikey-personalization ];
+    security.pam.services = {
+      login.u2fAuth = true;
+      sudo.u2fAuth = true;
+    };
+    services.pcscd.enable = true;
+
+    services.udev.extraRules = lib.mkIf config.programs.xss-lock.enable ''
+      ACTION=="remove",\
+       ENV{DEVTYPE}=="usb_device",\
+       ENV{PRODUCT}=="1050/402/543",\
+       RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
+    '';
+  };
+}