modules: add yubikey and i3lock

This commit is contained in:
Dmitriy Pleshevskiy 2024-05-18 15:42:44 +03:00
parent cad385b8a7
commit fbb63022cf
Signed by: pleshevskiy
GPG key ID: 17041163DA10A9A2
7 changed files with 62 additions and 6 deletions

View file

@ -7,6 +7,8 @@
./users ./users
]; ];
local.yubikey.enable = true;
################################################################################ ################################################################################
# Services # Services
################################################################################ ################################################################################

View file

@ -7,9 +7,12 @@
# Enable keyboard on the boot # Enable keyboard on the boot
boot.initrd.availableKernelModules = [ "hid_asus" ]; boot.initrd.availableKernelModules = [ "hid_asus" ];
# Enable containers boot.kernelModules = [
# See: https://github.com/NixOS/nixpkgs/issues/38676 # Enable containers
boot.kernelModules = [ "veth" ]; # See: https://github.com/NixOS/nixpkgs/issues/38676
"veth"
];
powerManagement = { powerManagement = {
enable = true; enable = true;

View file

@ -348,7 +348,7 @@ myKeys conf =
system_kb = system_kb =
[ -- Lock screen [ -- Lock screen
("M4-l", spawn "dm-tool lock"), ("M4-l", spawn "loginctl lock-session"),
-- Quit xmonad -- Quit xmonad
("M4-S-q", io exitSuccess) ("M4-S-q", io exitSuccess)
] ]

View file

@ -1,4 +1,8 @@
{ ... }: { ... }:
{ {
imports = [ ./waylock.nix ]; imports = [
./i3lock.nix
./waylock.nix
];
} }

View file

@ -0,0 +1,19 @@
{ config, lib, ... }:
let
cfg = config.local.lockscreen.i3lock;
in
{
options.local.lockscreen.i3lock = with lib; {
enable = mkEnableOption "i3lock";
};
config = lib.mkIf cfg.enable {
programs.i3lock = {
enable = true;
u2fSupport = lib.mkDefault config.local.yubikey.enable;
};
programs.xss-lock.enable = true;
};
}

View file

@ -2,7 +2,7 @@
let cfg = config.local.window-manager.xmonad; in let cfg = config.local.window-manager.xmonad; in
{ {
options.local.window-manager.xmonad.enable = lib.mkEnableOption "window-manager"; options.local.window-manager.xmonad.enable = lib.mkEnableOption "xmonad";
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.dbus = { services.dbus = {
@ -17,5 +17,7 @@ let cfg = config.local.window-manager.xmonad; in
}; };
programs.gnupg.agent.pinentryFlavor = "gtk2"; programs.gnupg.agent.pinentryFlavor = "gtk2";
local.lockscreen.i3lock.enable = lib.mkDefault true;
}; };
} }

View file

@ -0,0 +1,26 @@
{ config, lib, pkgs, ... }:
let cfg = config.local.yubikey; in
{
options.local.yubikey = with lib; {
enable = mkEnableOption "yubikey";
};
config = lib.mkIf cfg.enable {
environment.systemPackages = [ pkgs.yubikey-manager pkgs.yubikey-personalization ];
services.udev.packages = [ pkgs.yubikey-personalization ];
security.pam.services = {
login.u2fAuth = true;
sudo.u2fAuth = true;
};
services.pcscd.enable = true;
services.udev.extraRules = lib.mkIf config.programs.xss-lock.enable ''
ACTION=="remove",\
ENV{DEVTYPE}=="usb_device",\
ENV{PRODUCT}=="1050/402/543",\
RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
'';
};
}