From a5b583f43a256ac2cac44992607b9bd5174ca803 Mon Sep 17 00:00:00 2001 From: Jo Date: Sat, 14 Dec 2024 00:45:35 +0100 Subject: [PATCH] feat(puzzlevision): add zen browser and remove firefox feat: implement super basic Yubikey configuration --- flake.lock | 37 ++++++++++++++++++- flake.nix | 4 ++ .../x86_64-linux/jo@puzzlevision/default.nix | 5 +++ modules/nixos/security/yubikey/default.nix | 10 ++--- systems/x86_64-linux/puzzlevision/default.nix | 3 +- 5 files changed, 51 insertions(+), 8 deletions(-) diff --git a/flake.lock b/flake.lock index 72bce9a..bc285a9 100644 --- a/flake.lock +++ b/flake.lock @@ -152,6 +152,22 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1733759999, + "narHash": "sha256-463SNPWmz46iLzJKRzO3Q2b0Aurff3U1n0nYItxq7jU=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "a73246e2eef4c6ed172979932bc80e1404ba2d56", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "root": { "inputs": { "catppuccin": "catppuccin", @@ -160,7 +176,8 @@ "nix-flatpak": "nix-flatpak", "nixpkgs": "nixpkgs", "snowfall-lib": "snowfall-lib", - "sops-nix": "sops-nix" + "sops-nix": "sops-nix", + "zen-browser": "zen-browser" } }, "snowfall-lib": { @@ -220,6 +237,24 @@ "repo": "default", "type": "github" } + }, + "zen-browser": { + "inputs": { + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1734038753, + "narHash": "sha256-v2NetNrFvObcTx5Gw0MV9leJQr0KfCLtbpC4gZaq+Tc=", + "owner": "0xc000022070", + "repo": "zen-browser-flake", + "rev": "b2a4aeaad1cdb4a0d8901313d6388a8b4bf2c59d", + "type": "github" + }, + "original": { + "owner": "0xc000022070", + "repo": "zen-browser-flake", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index dba152e..ea0c4c0 100644 --- a/flake.nix +++ b/flake.nix @@ -37,6 +37,10 @@ nix-flatpak = { url = "github:gmodena/nix-flatpak/?ref=v0.4.1"; }; + + zen-browser = { + url = "github:0xc000022070/zen-browser-flake"; + }; }; outputs = inputs: diff --git a/homes/x86_64-linux/jo@puzzlevision/default.nix b/homes/x86_64-linux/jo@puzzlevision/default.nix index a707122..125e127 100644 --- a/homes/x86_64-linux/jo@puzzlevision/default.nix +++ b/homes/x86_64-linux/jo@puzzlevision/default.nix @@ -12,6 +12,10 @@ themes.catppuccin.gtk.enable = true; + home.file."~/.config/Yubico/u2f_keys".text = '' + jo:gtKwCQKVw5O4IkWg8J8o7vHIo3hStmOqVcnmk97E335DwHnPUMIDTMnD46qEn/1tucTZlYfGABfzVVG+iYeUOA==,fVRFZb9iBiqjOXvk5Gm9ygO/O4huEUR1Uq3DGBlnS1RtqqK0shif8aOlNLkmn8Xe9+x4HYIeNEX4fc8Z7Y2Hgw==,es256,+presence + ''; + # Flatpak configuration. services.flatpak = { enable = true; @@ -44,6 +48,7 @@ python39 nil zed-editor + bruno ### Rust development specific rustup diff --git a/modules/nixos/security/yubikey/default.nix b/modules/nixos/security/yubikey/default.nix index 3ce3aeb..4ae1cf8 100644 --- a/modules/nixos/security/yubikey/default.nix +++ b/modules/nixos/security/yubikey/default.nix @@ -21,7 +21,7 @@ in config = mkIf cfg.enable { environment.systemPackages = with pkgs; [ yubikey-manager yubioath-flutter ]; - + services.udev.packages = [ pkgs.yubikey-personalization ]; services.pcscd.enable = true; @@ -30,11 +30,9 @@ in enableSSHSupport = true; }; - security.pam.yubico = { - enable = true; - debug = false; - mode = "challenge-response"; - id = cfg.key-id; + security.pam.services = { + login.u2fAuth = true; + sudo.u2fAuth = true; }; }; } \ No newline at end of file diff --git a/systems/x86_64-linux/puzzlevision/default.nix b/systems/x86_64-linux/puzzlevision/default.nix index 12d6c26..560ef6a 100644 --- a/systems/x86_64-linux/puzzlevision/default.nix +++ b/systems/x86_64-linux/puzzlevision/default.nix @@ -4,6 +4,7 @@ inputs, namespace, config, + system, ... }: with lib; with lib.${namespace}; { @@ -72,8 +73,8 @@ environment.systemPackages = with pkgs; [ ### General nano - firefox chromium + inputs.zen-browser.packages."${system}".specific vlc spotify