From 9a1f243b499a30e35750dc4a44b15e074833a88c Mon Sep 17 00:00:00 2001 From: Jo Date: Tue, 3 Dec 2024 19:55:58 +0100 Subject: [PATCH] fix: disable git warn-dirty messages feat: finish yubikey login and sudo requests setup --- modules/nixos/common/fonts/default.nix | 22 ++++------ modules/nixos/common/nix/default.nix | 1 + modules/nixos/security/yubikey/default.nix | 40 +++++++++++++++++++ systems/x86_64-linux/puzzlevision/default.nix | 1 + 4 files changed, 50 insertions(+), 14 deletions(-) create mode 100644 modules/nixos/security/yubikey/default.nix diff --git a/modules/nixos/common/fonts/default.nix b/modules/nixos/common/fonts/default.nix index c60ad49..7c7a9d7 100644 --- a/modules/nixos/common/fonts/default.nix +++ b/modules/nixos/common/fonts/default.nix @@ -8,14 +8,14 @@ let cfg = config.${namespace}.common.fonts; in { - options.${namespace}.common.fonts = { + options.${namespace}.common.fonts = with types; { enable = mkEnableOption "Enable system font management"; - #fonts = mkOption { - # type = types.package; - # default = noto-fonts; - # example = [ noto-fonts noto-fonts-emoji ]; - # description = "Install additional font packages"; - #}; + fonts = mkOption { + type = listOf package; + default = with pkgs; [ noto-fonts noto-fonts-cjk-sans noto-fonts-cjk-serif noto-fonts-emoji nerdfonts ]; + example = [ noto-fonts noto-fonts-emoji ]; + description = "Install additional font packages"; + }; }; config = mkIf cfg.enable { @@ -25,12 +25,6 @@ in { environment.systemPackages = with pkgs; [ font-manager ]; - fonts.packages = with pkgs; [ - noto-fonts - noto-fonts-cjk-sans - noto-fonts-cjk-serif - noto-fonts-emoji - nerdfonts - ]; # ++ cfg.fonts; + fonts.packages = cfg.fonts; }; } diff --git a/modules/nixos/common/nix/default.nix b/modules/nixos/common/nix/default.nix index 2d95834..1114504 100644 --- a/modules/nixos/common/nix/default.nix +++ b/modules/nixos/common/nix/default.nix @@ -22,6 +22,7 @@ in { keep-derivations = true; keep-outputs = true; max-jobs = "auto"; + warn-dirty = false; }; # Garbage collection configuration. diff --git a/modules/nixos/security/yubikey/default.nix b/modules/nixos/security/yubikey/default.nix new file mode 100644 index 0000000..3ce3aeb --- /dev/null +++ b/modules/nixos/security/yubikey/default.nix @@ -0,0 +1,40 @@ +{ + lib, + pkgs, + config, + namespace, + ... +}: with lib; with lib.${namespace}; +let + cfg = config.${namespace}.security.yubikey; +in +{ + options.${namespace}.security.yubikey = with types; { + enable = mkEnableOption "Enable the Yubikey as a security device."; + key-id = mkOption { + type = listOf str; + default = [ "30650551" ]; + example = [ "123456" "1234567" ]; + description = "Register additional Yubikey IDs."; + }; + }; + + config = mkIf cfg.enable { + environment.systemPackages = with pkgs; [ yubikey-manager yubioath-flutter ]; + + services.udev.packages = [ pkgs.yubikey-personalization ]; + services.pcscd.enable = true; + + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + security.pam.yubico = { + enable = true; + debug = false; + mode = "challenge-response"; + id = cfg.key-id; + }; + }; +} \ No newline at end of file diff --git a/systems/x86_64-linux/puzzlevision/default.nix b/systems/x86_64-linux/puzzlevision/default.nix index a619683..12d6c26 100644 --- a/systems/x86_64-linux/puzzlevision/default.nix +++ b/systems/x86_64-linux/puzzlevision/default.nix @@ -51,6 +51,7 @@ # Set system configuration puzzlevision = { archetypes.workstation.enable = true; + security.yubikey.enable = true; }; # Enable flatpak support.