diff options
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/common.nix | 3 | ||||
| -rw-r--r-- | modules/hardware-keys.nix | 29 | ||||
| -rw-r--r-- | modules/home/common.nix | 1 | ||||
| -rw-r--r-- | modules/home/yubikeys.nix | 17 |
4 files changed, 49 insertions, 1 deletions
diff --git a/modules/common.nix b/modules/common.nix index cfbf2fa..30fd3ab 100644 --- a/modules/common.nix +++ b/modules/common.nix @@ -11,6 +11,7 @@ ./fonts.nix ./flatpak.nix ./libreoffice.nix + ./hardware-keys.nix ./nix-ld.nix ]; @@ -81,7 +82,7 @@ environment.systemPackages = (with pkgs; [ file unzip jq dig htop wget screen - gnupg pinentry-gnome3 age agenix minisign openssl + gnupg pinentry-gnome3 age agenix minisign openssl cryptsetup pamtester inetutils pciutils usbutils lshw lsof inxi iw pmutils acpi acpid avrdude minicom miniserve netcat-gnu socat tcpdump nmap iftop iperf mtr arp-scan ethtool sysprof wireshark mitmproxy hardinfo remmina diff --git a/modules/hardware-keys.nix b/modules/hardware-keys.nix new file mode 100644 index 0000000..e6ae089 --- /dev/null +++ b/modules/hardware-keys.nix @@ -0,0 +1,29 @@ +{ pkgs, ... }: + +{ + programs = { + yubikey-touch-detector = { + enable = true; + libnotify = true; + }; + }; + + services = { + yubikey-agent.enable = true; + }; + + # see `modules/home/yubikeys.nix` for the YubiKey + # universal second factor (u2f) configuration file. + security = { + pam.services = { + login.u2fAuth = true; + sudo.u2fAuth = true; + }; + }; + + environment.systemPackages = with pkgs; [ + yubikey-manager yubikey-manager-qt + yubikey-personalization yubikey-personalization-gui + age-plugin-yubikey pam_u2f + ]; +} diff --git a/modules/home/common.nix b/modules/home/common.nix index e2b57f7..cdf8c1c 100644 --- a/modules/home/common.nix +++ b/modules/home/common.nix @@ -5,6 +5,7 @@ ../foundation/home ./shell.nix + ./yubikeys.nix ./code.nix ./zed.nix ]; diff --git a/modules/home/yubikeys.nix b/modules/home/yubikeys.nix new file mode 100644 index 0000000..266ce9d --- /dev/null +++ b/modules/home/yubikeys.nix @@ -0,0 +1,17 @@ +{ ... }: + +let + keys = [ + # username of YubiKey owner (me! :3) + "mel" + # "carnal" YubiKey + "7dYKqa9yw69hXwmYd61Bw0hnnxbSsASieIBmokmbAHArJexkPz+TGRVdXW2U8QiLAoe9l1QKo3jrtQxxbBiuFQ==,N7bABlRz0DvIqwxgBnTiyNZ4/JnRIRUEhVk+95h7+KtbTYdnoGnSaqiiimGQxTWxOHfpHbuii127f0HUwYPmXw==,es256,+presence" + # "anatomy" YubiKey + "//CLbB23LlMtMwefGzrMVELgTkIcfMRSjxJlQDvQ3FKRrlyPA75rosYVl5tqQbkPyed0fwsAkr1vhqPtth4GMQ==,VwxKl0ZYDmCTU02ziMigG1ZVC1MXDH9qeuBT1qplw1pt++tV32xao/yHayiRc2hvbJdJjfplQxT7mLnW90u9WQ==,es256,+presence" + ]; +in +{ + xdg.configFile = { + "Yubico/u2f_keys".text = builtins.concatStringsSep ":" keys; + }; +} |