modules: add yubikey and i3lock
This commit is contained in:
parent
cad385b8a7
commit
fbb63022cf
7 changed files with 62 additions and 6 deletions
|
@ -7,6 +7,8 @@
|
||||||
./users
|
./users
|
||||||
];
|
];
|
||||||
|
|
||||||
|
local.yubikey.enable = true;
|
||||||
|
|
||||||
################################################################################
|
################################################################################
|
||||||
# Services
|
# Services
|
||||||
################################################################################
|
################################################################################
|
||||||
|
|
|
@ -7,9 +7,12 @@
|
||||||
# Enable keyboard on the boot
|
# Enable keyboard on the boot
|
||||||
boot.initrd.availableKernelModules = [ "hid_asus" ];
|
boot.initrd.availableKernelModules = [ "hid_asus" ];
|
||||||
|
|
||||||
# Enable containers
|
boot.kernelModules = [
|
||||||
# See: https://github.com/NixOS/nixpkgs/issues/38676
|
# Enable containers
|
||||||
boot.kernelModules = [ "veth" ];
|
# See: https://github.com/NixOS/nixpkgs/issues/38676
|
||||||
|
"veth"
|
||||||
|
];
|
||||||
|
|
||||||
|
|
||||||
powerManagement = {
|
powerManagement = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -348,7 +348,7 @@ myKeys conf =
|
||||||
|
|
||||||
system_kb =
|
system_kb =
|
||||||
[ -- Lock screen
|
[ -- Lock screen
|
||||||
("M4-l", spawn "dm-tool lock"),
|
("M4-l", spawn "loginctl lock-session"),
|
||||||
-- Quit xmonad
|
-- Quit xmonad
|
||||||
("M4-S-q", io exitSuccess)
|
("M4-S-q", io exitSuccess)
|
||||||
]
|
]
|
||||||
|
|
|
@ -1,4 +1,8 @@
|
||||||
{ ... }:
|
{ ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [ ./waylock.nix ];
|
imports = [
|
||||||
|
./i3lock.nix
|
||||||
|
./waylock.nix
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|
19
modules/nixos/configs/lockscreen/i3lock.nix
Normal file
19
modules/nixos/configs/lockscreen/i3lock.nix
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
{ config, lib, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.local.lockscreen.i3lock;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.local.lockscreen.i3lock = with lib; {
|
||||||
|
enable = mkEnableOption "i3lock";
|
||||||
|
};
|
||||||
|
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
programs.i3lock = {
|
||||||
|
enable = true;
|
||||||
|
u2fSupport = lib.mkDefault config.local.yubikey.enable;
|
||||||
|
};
|
||||||
|
|
||||||
|
programs.xss-lock.enable = true;
|
||||||
|
};
|
||||||
|
}
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
let cfg = config.local.window-manager.xmonad; in
|
let cfg = config.local.window-manager.xmonad; in
|
||||||
{
|
{
|
||||||
options.local.window-manager.xmonad.enable = lib.mkEnableOption "window-manager";
|
options.local.window-manager.xmonad.enable = lib.mkEnableOption "xmonad";
|
||||||
|
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
services.dbus = {
|
services.dbus = {
|
||||||
|
@ -17,5 +17,7 @@ let cfg = config.local.window-manager.xmonad; in
|
||||||
};
|
};
|
||||||
|
|
||||||
programs.gnupg.agent.pinentryFlavor = "gtk2";
|
programs.gnupg.agent.pinentryFlavor = "gtk2";
|
||||||
|
|
||||||
|
local.lockscreen.i3lock.enable = lib.mkDefault true;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
26
modules/nixos/configs/yubikey.nix
Normal file
26
modules/nixos/configs/yubikey.nix
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
let cfg = config.local.yubikey; in
|
||||||
|
{
|
||||||
|
options.local.yubikey = with lib; {
|
||||||
|
enable = mkEnableOption "yubikey";
|
||||||
|
};
|
||||||
|
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
environment.systemPackages = [ pkgs.yubikey-manager pkgs.yubikey-personalization ];
|
||||||
|
|
||||||
|
services.udev.packages = [ pkgs.yubikey-personalization ];
|
||||||
|
security.pam.services = {
|
||||||
|
login.u2fAuth = true;
|
||||||
|
sudo.u2fAuth = true;
|
||||||
|
};
|
||||||
|
services.pcscd.enable = true;
|
||||||
|
|
||||||
|
services.udev.extraRules = lib.mkIf config.programs.xss-lock.enable ''
|
||||||
|
ACTION=="remove",\
|
||||||
|
ENV{DEVTYPE}=="usb_device",\
|
||||||
|
ENV{PRODUCT}=="1050/402/543",\
|
||||||
|
RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in a new issue