fix: disable git warn-dirty messages

feat: finish yubikey login and sudo requests setup
2025-11-03 23:28:48 +00:00 · 2024-12-03 19:55:58 +01:00 · 2024-12-03 19:55:58 +01:00 · 9a1f243b49
commit 9a1f243b49
parent 6443c085d4
4 changed files with 50 additions and 14 deletions
--- a/modules/nixos/common/fonts/default.nix
+++ b/modules/nixos/common/fonts/default.nix
@ -8,14 +8,14 @@
 let
  cfg = config.${namespace}.common.fonts;
 in {
-  options.${namespace}.common.fonts = {
+  options.${namespace}.common.fonts = with types; {
    enable = mkEnableOption "Enable system font management";
-    #fonts = mkOption {
-    #  type = types.package;
-    #  default = noto-fonts;
-    #  example = [ noto-fonts noto-fonts-emoji ];
-    #  description = "Install additional font packages";
-    #};
+    fonts = mkOption {
+      type = listOf package;
+      default = with pkgs; [ noto-fonts noto-fonts-cjk-sans noto-fonts-cjk-serif noto-fonts-emoji nerdfonts ];
+      example = [ noto-fonts noto-fonts-emoji ];
+      description = "Install additional font packages";
+    };
  };

  config = mkIf cfg.enable {
@ -25,12 +25,6 @@ in {

    environment.systemPackages = with pkgs; [ font-manager ];

-    fonts.packages = with pkgs; [
-      noto-fonts
-      noto-fonts-cjk-sans
-      noto-fonts-cjk-serif
-      noto-fonts-emoji
-      nerdfonts
-    ]; # ++ cfg.fonts;
+    fonts.packages = cfg.fonts;
  };
 }
--- a/modules/nixos/common/nix/default.nix
+++ b/modules/nixos/common/nix/default.nix
@ -22,6 +22,7 @@ in {
        keep-derivations = true;
        keep-outputs = true;
        max-jobs = "auto";
+        warn-dirty = false;
      };

      # Garbage collection configuration.
--- a/modules/nixos/security/yubikey/default.nix
+++ b/modules/nixos/security/yubikey/default.nix
@ -0,0 +1,40 @@
+{
+  lib,
+  pkgs,
+  config,
+  namespace,
+  ...
+}: with lib; with lib.${namespace};
+let
+  cfg = config.${namespace}.security.yubikey;
+in 
+{
+  options.${namespace}.security.yubikey = with types; {
+    enable = mkEnableOption "Enable the Yubikey as a security device.";
+    key-id = mkOption {
+      type = listOf str;
+      default = [ "30650551" ];
+      example = [ "123456" "1234567" ];
+      description = "Register additional Yubikey IDs.";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = with pkgs; [ yubikey-manager yubioath-flutter ];
+    
+    services.udev.packages = [ pkgs.yubikey-personalization ];
+    services.pcscd.enable = true;
+
+    programs.gnupg.agent = {
+      enable = true;
+      enableSSHSupport = true;
+    };
+
+    security.pam.yubico = {
+      enable = true;
+      debug = false;
+      mode = "challenge-response";
+      id = cfg.key-id;
+    };
+  };
+}
--- a/systems/x86_64-linux/puzzlevision/default.nix
+++ b/systems/x86_64-linux/puzzlevision/default.nix
@ -51,6 +51,7 @@
  # Set system configuration
  puzzlevision = {
    archetypes.workstation.enable = true;
+    security.yubikey.enable = true;
  };

  # Enable flatpak support.