hektor/nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: hektor:6a2c1e2330cdcd4dca1f13a09cd57756998df085
Branches Tags
hektor:main
..
compare: hektor:06c858e0943cc2eba104705397476f46de244ceb
Branches Tags
hektor:main

5 Commits
6a2c1e2330 ... 06c858e094

Author SHA1 Message Date
Hektor Misplon
06c858e094 chore: update lockfile 2026-03-10 21:03:12 +01:00
Hektor Misplon
8cfd621319 refactor(home): organize home manager modules 2026-03-10 21:00:28 +01:00
Hektor Misplon
4356d8b202 feat: add 'yubikey' module to 'andromache' host 2026-03-10 20:56:59 +01:00
Hektor Misplon
1b4f853342 refactor: move 'sshfs' into 'ssh' module 2026-03-10 20:56:59 +01:00
Hektor Misplon
71c507b4c2 refactor: remove redundant 'vimPlugins.vim-plug' package 2026-03-10 20:56:59 +01:00
20 changed files with 149 additions and 53 deletions
Expand all files Collapse all files

36
flake.lock generated
View File

@@ -121,11 +121,11 @@
}, },
"locked": { "locked": {
"dir": "pkgs/firefox-addons", "dir": "pkgs/firefox-addons",
"lastModified": 1772424169, "lastModified": 1773115390,
"narHash": "sha256-mhv7yclJj+qCagNv0WOuob5yQNV1aTqKcJLfBMUqsVA=", "narHash": "sha256-nl1kcyM1locj//JnzC43hZIjY4z5opcTPqv1RnMZqPU=",
"owner": "rycee", "owner": "rycee",
"repo": "nur-expressions", "repo": "nur-expressions",
"rev": "701de032cc247a1c309a34f0ed646e824efd7ac6", "rev": "aecb1fc3e18c3cdcbdd96485b392ffa4584467e8",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@@ -284,11 +284,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1772024342, "lastModified": 1772893680,
"narHash": "sha256-+eXlIc4/7dE6EcPs9a2DaSY3fTA9AE526hGqkNID3Wg=", "narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "6e34e97ed9788b17796ee43ccdbaf871a5c2b476", "rev": "8baab586afc9c9b57645a734c820e4ac0a604af9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -344,11 +344,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1772380461, "lastModified": 1773093840,
"narHash": "sha256-O3ukj3Bb3V0Tiy/4LUfLlBpWypJ9P0JeUgsKl2nmZZY=", "narHash": "sha256-u/96NoAyN8BSRuM3ZimGf7vyYgXa3pLx4MYWjokuoH4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "f140aa04d7d14f8a50ab27f3691b5766b17ae961", "rev": "bb014746edb2a98d975abde4dd40fa240de4cf86",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -453,11 +453,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1771969195, "lastModified": 1772972630,
"narHash": "sha256-qwcDBtrRvJbrrnv1lf/pREQi8t2hWZxVAyeMo7/E9sw=", "narHash": "sha256-mUJxsNOrBMNOUJzN0pfdVJ1r2pxeqm9gI/yIKXzVVbk=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "41c6b421bdc301b2624486e11905c9af7b8ec68e", "rev": "3966ce987e1a9a164205ac8259a5fe8a64528f72",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -469,11 +469,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1772198003, "lastModified": 1772963539,
"narHash": "sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE=", "narHash": "sha256-9jVDGZnvCckTGdYT53d/EfznygLskyLQXYwJLKMPsZs=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "dd9b079222d43e1943b6ebd802f04fd959dc8e61", "rev": "9dcb002ca1690658be4a04645215baea8b95f31d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -667,11 +667,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1772401007, "lastModified": 1773096132,
"narHash": "sha256-YHykQg0h9hrlZGpMcywnaFzQ1Kn/5YNCCOSaaAl6z7Q=", "narHash": "sha256-M3zEnq9OElB7zqc+mjgPlByPm1O5t2fbUrH3t/Hm5Ag=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "d8be5ea4cd3bc363492ab5bc6e874ccdc5465fe4", "rev": "d1ff3b1034d5bab5d7d8086a7803c5a5968cd784",
"type": "github" "type": "github"
}, },
"original": { "original": {

20
home/hosts/andromache/default.nix
View File

@@ -11,26 +11,26 @@ in
{ {
imports = [ imports = [
../../modules ../../modules
../../modules/ai-tools.nix ../../modules/3d
../../modules/ai-tools
../../modules/anki
../../modules/audio ../../modules/audio
../../modules/browser
../../modules/cloud ../../modules/cloud
../../modules/comms ../../modules/comms
../../modules/desktop/niri ../../modules/desktop/niri
../../modules/direnv ../../modules/direnv
../../modules/3d
../../modules/git ../../modules/git
../../modules/k8s/k9s.nix ../../modules/k8s/k9s.nix
../../modules/kitty.nix ../../modules/keepassxc
../../modules/music ../../modules/music
../../modules/nvim.nix ../../modules/nvim
../../modules/pandoc.nix ../../modules/pandoc
../../modules/ssh.nix
../../modules/taskwarrior.nix
../../modules/keepassxc.nix
../../modules/anki.nix
../../modules/photography ../../modules/photography
../../modules/browser
../../modules/shell ../../modules/shell
../../modules/ssh
../../modules/taskwarrior
../../modules/terminal
]; ];
home = { home = {

20
home/hosts/astyanax/default.nix
View File

@@ -10,25 +10,25 @@ in
{ {
imports = [ imports = [
../../modules ../../modules
../../modules/ai-tools.nix ../../modules/ai-tools
../../modules/anki
../../modules/audio ../../modules/audio
../../modules/anki.nix ../../modules/browser
../../modules/cloud ../../modules/cloud
../../modules/comms ../../modules/comms
../../modules/direnv
../../modules/desktop/niri ../../modules/desktop/niri
../../modules/direnv
../../modules/git ../../modules/git
../../modules/k8s/k9s.nix ../../modules/k8s/k9s.nix
../../modules/kitty.nix ../../modules/keepassxc
../../modules/music ../../modules/music
../../modules/nfc ../../modules/nfc
../../modules/nvim.nix ../../modules/nvim
../../modules/pandoc.nix ../../modules/pandoc
../../modules/ssh.nix
../../modules/taskwarrior.nix
../../modules/keepassxc.nix
../../modules/browser
../../modules/shell ../../modules/shell
../../modules/ssh
../../modules/taskwarrior
../../modules/terminal
]; ];
home = { home = {

2
home/hosts/packages.nix
View File

@@ -15,10 +15,8 @@ with pkgs;
ripgrep ripgrep
silver-searcher silver-searcher
sops sops
sshfs
tldr tldr
tree tree
unzip unzip
vimPlugins.vim-plug
wget wget
] ]

24
home/hosts/work/default.nix
View File

@@ -12,31 +12,31 @@ in
imports = [ imports = [
inputs.sops-nix.homeManagerModules.sops inputs.sops-nix.homeManagerModules.sops
../../modules ../../modules
../../modules/stylix.nix ../../modules/ai-tools
../../modules/ai-tools.nix
../../modules/anki.nix ../../modules/anki.nix
../../modules/browser
../../modules/bruno
../../modules/cloud ../../modules/cloud
../../modules/comms ../../modules/comms
../../modules/dconf
../../modules/desktop/niri ../../modules/desktop/niri
../../modules/dconf.nix
../../modules/direnv ../../modules/direnv
../../modules/docker ../../modules/docker
../../modules/git ../../modules/git
../../modules/go ../../modules/go
../../modules/k8s ../../modules/k8s
../../modules/k8s/k9s.nix ../../modules/k8s/k9s.nix
../../modules/keepassxc.nix ../../modules/keepassxc
../../modules/kitty.nix ../../modules/kitty.nix
../../modules/nvim.nix
../../modules/pandoc.nix
../../modules/secrets
../../modules/browser
../../modules/shell
../../modules/music ../../modules/music
../../modules/nodejs.nix ../../modules/nodejs.nix
../../modules/taskwarrior.nix ../../modules/nvim
../../modules/bruno.nix ../../modules/pandoc
../../modules/pandoc.nix ../../modules/secrets
../../modules/shell
../../modules/stylix
../../modules/taskwarrior
../../modules/terminal
../../modules/vscode.nix ../../modules/vscode.nix
]; ];

0
home/modules/ai-tools.nix → home/modules/ai-tools/default.nix
View File

0
home/modules/anki.nix → home/modules/anki/default.nix
View File

0
home/modules/bruno.nix → home/modules/bruno/default.nix
View File

0
home/modules/dconf.nix → home/modules/dconf/default.nix
View File

0
home/modules/keepassxc.nix → home/modules/keepassxc/default.nix
View File

0
home/modules/nvim.nix → home/modules/nvim/default.nix
View File

0
home/modules/pandoc.nix → home/modules/pandoc/default.nix
View File

2
home/modules/shell/default.nix
View File

@@ -3,6 +3,6 @@
./bash.nix ./bash.nix
./utils.nix ./utils.nix
./prompt.nix ./prompt.nix
../tmux.nix ../tmux
]; ];
} }

3
home/modules/ssh.nix → home/modules/ssh/default.nix
View File

@@ -1,6 +1,7 @@
{ {
outputs, outputs,
lib, lib,
pkgs,
... ...
}: }:
let let
@@ -14,6 +15,8 @@ let
) allHosts; ) allHosts;
in in
{ {
home.packages = with pkgs; [ sshfs ];
programs.ssh = { programs.ssh = {
enable = true; enable = true;
enableDefaultConfig = false; enableDefaultConfig = false;

0
home/modules/stylix.nix → home/modules/stylix/default.nix
View File

0
home/modules/taskwarrior.nix → home/modules/taskwarrior/default.nix
View File

0
home/modules/kitty.nix → home/modules/terminal/default.nix
View File

0
home/modules/tmux.nix → home/modules/tmux/default.nix
View File

20
hosts/andromache/default.nix
View File

@@ -42,6 +42,7 @@ in
../../modules/docker ../../modules/docker
../../modules/syncthing ../../modules/syncthing
../../modules/nvidia ../../modules/nvidia
../../modules/yubikey
]; ];
home-manager.users.${username} = import ../../home/hosts/andromache { home-manager.users.${username} = import ../../home/hosts/andromache {
@@ -91,6 +92,25 @@ in
inputs.colmena.packages.${pkgs.stdenv.hostPlatform.system}.colmena inputs.colmena.packages.${pkgs.stdenv.hostPlatform.system}.colmena
]; ];
my.yubikey = {
enable = true;
inherit username;
keys = [
{
handle = "<KeyHandle1>";
userKey = "<UserKey1>";
coseType = "<CoseType1>";
options = "<Options1>";
}
{
handle = "<KeyHandle2>";
userKey = "<UserKey2>";
coseType = "<CoseType2>";
options = "<Options2>";
}
];
};
services = { services = {
locate = { locate = {
enable = true; enable = true;

75
modules/yubikey/default.nix Normal file
View File

@@ -0,0 +1,75 @@
{
lib,
config,
pkgs,
...
}:
with lib;
let
cfg = config.my.yubikey;
formatKey = key: ":${key.handle},${key.userKey},${key.coseType},${key.options}";
authfileContent = username: keys: username + lib.concatMapStrings formatKey keys;
in
{
options.my.yubikey = {
enable = mkEnableOption "yubiKey U2F authentication";
username = mkOption {
type = types.str;
default = "h";
};
origin = mkOption {
type = types.str;
default = "pam://yubi";
};
keys = mkOption {
type = types.listOf (
types.submodule {
options = {
handle = mkOption {
type = types.str;
example = "<KeyHandle1>";
};
userKey = mkOption {
type = types.str;
example = "<UserKey1>";
};
coseType = mkOption {
type = types.str;
default = "es256";
};
options = mkOption {
type = types.str;
default = "";
};
};
}
);
default = [ ];
};
};
config = mkIf cfg.enable {
security.pam = {
u2f = {
enable = true;
settings = {
interactive = true;
cue = true;
origin = cfg.origin;
authfile = pkgs.writeText "u2f-mappings" (authfileContent cfg.username cfg.keys);
};
};
services = {
login.u2fAuth = true;
sudo.u2fAuth = true;
};
};
services.udev.packages = [ pkgs.yubikey-personalization ];
};
}