Compare commits
3 Commits
dd8a485632
...
06c858e094
| Author | SHA1 | Date | |
|---|---|---|---|
| 06c858e094 | |||
| 8cfd621319 | |||
| 4356d8b202 |
36
flake.lock
generated
36
flake.lock
generated
@@ -121,11 +121,11 @@
|
||||
},
|
||||
"locked": {
|
||||
"dir": "pkgs/firefox-addons",
|
||||
"lastModified": 1772424169,
|
||||
"narHash": "sha256-mhv7yclJj+qCagNv0WOuob5yQNV1aTqKcJLfBMUqsVA=",
|
||||
"lastModified": 1773115390,
|
||||
"narHash": "sha256-nl1kcyM1locj//JnzC43hZIjY4z5opcTPqv1RnMZqPU=",
|
||||
"owner": "rycee",
|
||||
"repo": "nur-expressions",
|
||||
"rev": "701de032cc247a1c309a34f0ed646e824efd7ac6",
|
||||
"rev": "aecb1fc3e18c3cdcbdd96485b392ffa4584467e8",
|
||||
"type": "gitlab"
|
||||
},
|
||||
"original": {
|
||||
@@ -284,11 +284,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1772024342,
|
||||
"narHash": "sha256-+eXlIc4/7dE6EcPs9a2DaSY3fTA9AE526hGqkNID3Wg=",
|
||||
"lastModified": 1772893680,
|
||||
"narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=",
|
||||
"owner": "cachix",
|
||||
"repo": "git-hooks.nix",
|
||||
"rev": "6e34e97ed9788b17796ee43ccdbaf871a5c2b476",
|
||||
"rev": "8baab586afc9c9b57645a734c820e4ac0a604af9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -344,11 +344,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1772380461,
|
||||
"narHash": "sha256-O3ukj3Bb3V0Tiy/4LUfLlBpWypJ9P0JeUgsKl2nmZZY=",
|
||||
"lastModified": 1773093840,
|
||||
"narHash": "sha256-u/96NoAyN8BSRuM3ZimGf7vyYgXa3pLx4MYWjokuoH4=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "f140aa04d7d14f8a50ab27f3691b5766b17ae961",
|
||||
"rev": "bb014746edb2a98d975abde4dd40fa240de4cf86",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -453,11 +453,11 @@
|
||||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1771969195,
|
||||
"narHash": "sha256-qwcDBtrRvJbrrnv1lf/pREQi8t2hWZxVAyeMo7/E9sw=",
|
||||
"lastModified": 1772972630,
|
||||
"narHash": "sha256-mUJxsNOrBMNOUJzN0pfdVJ1r2pxeqm9gI/yIKXzVVbk=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "41c6b421bdc301b2624486e11905c9af7b8ec68e",
|
||||
"rev": "3966ce987e1a9a164205ac8259a5fe8a64528f72",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -469,11 +469,11 @@
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1772198003,
|
||||
"narHash": "sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE=",
|
||||
"lastModified": 1772963539,
|
||||
"narHash": "sha256-9jVDGZnvCckTGdYT53d/EfznygLskyLQXYwJLKMPsZs=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "dd9b079222d43e1943b6ebd802f04fd959dc8e61",
|
||||
"rev": "9dcb002ca1690658be4a04645215baea8b95f31d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -667,11 +667,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1772401007,
|
||||
"narHash": "sha256-YHykQg0h9hrlZGpMcywnaFzQ1Kn/5YNCCOSaaAl6z7Q=",
|
||||
"lastModified": 1773096132,
|
||||
"narHash": "sha256-M3zEnq9OElB7zqc+mjgPlByPm1O5t2fbUrH3t/Hm5Ag=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "d8be5ea4cd3bc363492ab5bc6e874ccdc5465fe4",
|
||||
"rev": "d1ff3b1034d5bab5d7d8086a7803c5a5968cd784",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
||||
@@ -11,26 +11,26 @@ in
|
||||
{
|
||||
imports = [
|
||||
../../modules
|
||||
../../modules/ai-tools.nix
|
||||
../../modules/3d
|
||||
../../modules/ai-tools
|
||||
../../modules/anki
|
||||
../../modules/audio
|
||||
../../modules/browser
|
||||
../../modules/cloud
|
||||
../../modules/comms
|
||||
../../modules/desktop/niri
|
||||
../../modules/direnv
|
||||
../../modules/3d
|
||||
../../modules/git
|
||||
../../modules/k8s/k9s.nix
|
||||
../../modules/kitty.nix
|
||||
../../modules/keepassxc
|
||||
../../modules/music
|
||||
../../modules/nvim.nix
|
||||
../../modules/pandoc.nix
|
||||
../../modules/ssh.nix
|
||||
../../modules/taskwarrior.nix
|
||||
../../modules/keepassxc.nix
|
||||
../../modules/anki.nix
|
||||
../../modules/nvim
|
||||
../../modules/pandoc
|
||||
../../modules/photography
|
||||
../../modules/browser
|
||||
../../modules/shell
|
||||
../../modules/ssh
|
||||
../../modules/taskwarrior
|
||||
../../modules/terminal
|
||||
];
|
||||
|
||||
home = {
|
||||
|
||||
@@ -10,25 +10,25 @@ in
|
||||
{
|
||||
imports = [
|
||||
../../modules
|
||||
../../modules/ai-tools.nix
|
||||
../../modules/ai-tools
|
||||
../../modules/anki
|
||||
../../modules/audio
|
||||
../../modules/anki.nix
|
||||
../../modules/browser
|
||||
../../modules/cloud
|
||||
../../modules/comms
|
||||
../../modules/direnv
|
||||
../../modules/desktop/niri
|
||||
../../modules/direnv
|
||||
../../modules/git
|
||||
../../modules/k8s/k9s.nix
|
||||
../../modules/kitty.nix
|
||||
../../modules/keepassxc
|
||||
../../modules/music
|
||||
../../modules/nfc
|
||||
../../modules/nvim.nix
|
||||
../../modules/pandoc.nix
|
||||
../../modules/ssh.nix
|
||||
../../modules/taskwarrior.nix
|
||||
../../modules/keepassxc.nix
|
||||
../../modules/browser
|
||||
../../modules/nvim
|
||||
../../modules/pandoc
|
||||
../../modules/shell
|
||||
../../modules/ssh
|
||||
../../modules/taskwarrior
|
||||
../../modules/terminal
|
||||
];
|
||||
|
||||
home = {
|
||||
|
||||
@@ -12,31 +12,31 @@ in
|
||||
imports = [
|
||||
inputs.sops-nix.homeManagerModules.sops
|
||||
../../modules
|
||||
../../modules/stylix.nix
|
||||
../../modules/ai-tools.nix
|
||||
../../modules/ai-tools
|
||||
../../modules/anki.nix
|
||||
../../modules/browser
|
||||
../../modules/bruno
|
||||
../../modules/cloud
|
||||
../../modules/comms
|
||||
../../modules/dconf
|
||||
../../modules/desktop/niri
|
||||
../../modules/dconf.nix
|
||||
../../modules/direnv
|
||||
../../modules/docker
|
||||
../../modules/git
|
||||
../../modules/go
|
||||
../../modules/k8s
|
||||
../../modules/k8s/k9s.nix
|
||||
../../modules/keepassxc.nix
|
||||
../../modules/keepassxc
|
||||
../../modules/kitty.nix
|
||||
../../modules/nvim.nix
|
||||
../../modules/pandoc.nix
|
||||
../../modules/secrets
|
||||
../../modules/browser
|
||||
../../modules/shell
|
||||
../../modules/music
|
||||
../../modules/nodejs.nix
|
||||
../../modules/taskwarrior.nix
|
||||
../../modules/bruno.nix
|
||||
../../modules/pandoc.nix
|
||||
../../modules/nvim
|
||||
../../modules/pandoc
|
||||
../../modules/secrets
|
||||
../../modules/shell
|
||||
../../modules/stylix
|
||||
../../modules/taskwarrior
|
||||
../../modules/terminal
|
||||
../../modules/vscode.nix
|
||||
];
|
||||
|
||||
|
||||
@@ -3,6 +3,6 @@
|
||||
./bash.nix
|
||||
./utils.nix
|
||||
./prompt.nix
|
||||
../tmux.nix
|
||||
../tmux
|
||||
];
|
||||
}
|
||||
|
||||
@@ -42,6 +42,7 @@ in
|
||||
../../modules/docker
|
||||
../../modules/syncthing
|
||||
../../modules/nvidia
|
||||
../../modules/yubikey
|
||||
];
|
||||
|
||||
home-manager.users.${username} = import ../../home/hosts/andromache {
|
||||
@@ -91,6 +92,25 @@ in
|
||||
inputs.colmena.packages.${pkgs.stdenv.hostPlatform.system}.colmena
|
||||
];
|
||||
|
||||
my.yubikey = {
|
||||
enable = true;
|
||||
inherit username;
|
||||
keys = [
|
||||
{
|
||||
handle = "<KeyHandle1>";
|
||||
userKey = "<UserKey1>";
|
||||
coseType = "<CoseType1>";
|
||||
options = "<Options1>";
|
||||
}
|
||||
{
|
||||
handle = "<KeyHandle2>";
|
||||
userKey = "<UserKey2>";
|
||||
coseType = "<CoseType2>";
|
||||
options = "<Options2>";
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
services = {
|
||||
locate = {
|
||||
enable = true;
|
||||
|
||||
75
modules/yubikey/default.nix
Normal file
75
modules/yubikey/default.nix
Normal file
@@ -0,0 +1,75 @@
|
||||
{
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.my.yubikey;
|
||||
formatKey = key: ":${key.handle},${key.userKey},${key.coseType},${key.options}";
|
||||
authfileContent = username: keys: username + lib.concatMapStrings formatKey keys;
|
||||
in
|
||||
{
|
||||
options.my.yubikey = {
|
||||
enable = mkEnableOption "yubiKey U2F authentication";
|
||||
|
||||
username = mkOption {
|
||||
type = types.str;
|
||||
default = "h";
|
||||
};
|
||||
|
||||
origin = mkOption {
|
||||
type = types.str;
|
||||
default = "pam://yubi";
|
||||
};
|
||||
|
||||
keys = mkOption {
|
||||
type = types.listOf (
|
||||
types.submodule {
|
||||
options = {
|
||||
handle = mkOption {
|
||||
type = types.str;
|
||||
example = "<KeyHandle1>";
|
||||
};
|
||||
userKey = mkOption {
|
||||
type = types.str;
|
||||
example = "<UserKey1>";
|
||||
};
|
||||
coseType = mkOption {
|
||||
type = types.str;
|
||||
default = "es256";
|
||||
};
|
||||
options = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
};
|
||||
};
|
||||
}
|
||||
);
|
||||
default = [ ];
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
security.pam = {
|
||||
u2f = {
|
||||
enable = true;
|
||||
settings = {
|
||||
interactive = true;
|
||||
cue = true;
|
||||
origin = cfg.origin;
|
||||
authfile = pkgs.writeText "u2f-mappings" (authfileContent cfg.username cfg.keys);
|
||||
};
|
||||
};
|
||||
services = {
|
||||
login.u2fAuth = true;
|
||||
sudo.u2fAuth = true;
|
||||
};
|
||||
};
|
||||
|
||||
services.udev.packages = [ pkgs.yubikey-personalization ];
|
||||
};
|
||||
}
|
||||
Reference in New Issue
Block a user