✨ - Code clean up - adding new yubikey feaures - seperated cpu into a module

xaiya.dev / dotfiles

fork atom

NixOS configuration 🪄

fork atom

Signed-off-by: Xaiya Schumin <d.schumin@proton.me>

xaiya.dev 10 months ago 9c7da62d 1655a3fc

+78 -17

11 changed files

expand all

unified split

modules

nixos

boot

default.nix

graphical

windowManager

gnome.nix

hardware

cpu

amd.nix

default.nix

power.nix

yubikey.nix

secrets

yubikey-pam_u2f.age

systems

pineapple

default.nix

hardware.nix

secrets

1a978abd66a915b0a8f8b3c1cc9bdc55-yubikey-pam_u2f.age

-1

modules/nixos/boot/default.nix

··· 57 57 kernelModules = [ ]; 58 58 }; 59 59 60 - # TODO: Should I move this? 61 60 kernelModules = [ "acpi_call" ]; 62 61 63 62 kernelParams = [

+10

modules/nixos/graphical/windowManager/gnome.nix

··· 36 36 environment.systemPackages = [ 37 37 pkgs.resources # System monitor, but cuter 38 38 ]; 39 + 40 + # 41 + services.udev.extraRules = '' 42 + ACTION=="remove",\ 43 + ENV{ID_BUS}=="usb",\ 44 + ENV{ID_MODEL_ID}=="0407",\ 45 + ENV{ID_VENDOR_ID}=="1050",\ 46 + ENV{ID_VENDOR}=="Yubico",\ 47 + RUN+="${pkgs.systemd}/bin/loginctl lock-sessions" 48 + ''; 39 49 }; 40 50 41 51 }

+23

modules/nixos/hardware/cpu/amd.nix

··· 1 + { lib, self, config, ...}: 2 + let 3 + inherit (lib) mkIf; 4 + 5 + cpu = config.sylveon.hardware.cpu; 6 + in 7 + { 8 + config = mkIf (cpu == "amd") { 9 + hardware.cpu.amd.updateMicrocode = true; 10 + 11 + boot = { 12 + kernelModules = [ 13 + "kvm-amd" 14 + "amd-pstate" 15 + ]; 16 + 17 + kernelParams = [ 18 + # Fix Color accuracy in Power saving modes 19 + "amdgpu.abmlevel=0" 20 + ]; 21 + }; 22 + }; 23 + }

+17

modules/nixos/hardware/cpu/default.nix

··· 1 + { self, lib, ... }: 2 + let 3 + inherit (lib.types) enum; 4 + 5 + inherit (self.lib.modules) mkOpt; 6 + in 7 + { 8 + imports = [ 9 + ./amd.nix 10 + ]; 11 + 12 + # TODO: add intel for apricot 13 + # TODO: move to a global option? (in base) 14 + options.sylveon.hardware.cpu = 15 + mkOpt (enum [ "amd" ]) null "What cpu your system uses"; 16 + 17 + }

modules/nixos/hardware/default.nix

··· 1 1 { 2 2 imports = [ 3 3 ./networking 4 + ./cpu 4 5 5 6 ./audio.nix 6 7 ./power.nix

modules/nixos/hardware/power.nix

··· 58 58 # Disable power-management services that are sometimes automatically activated 59 59 power-profiles-daemon.enable = false; 60 60 tlp.enable = false; 61 + 62 + # TODO: move into a framework/laptop module? 63 + # Prevent wakeup if lid is closed 64 + udev.extraRules = '' 65 + SUBSYSTEM=="usb", DRIVERS=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0012", ATTR{power/wakeup}="disabled", ATTR{driver/1-1.1.1.4/power/wakeup}="disabled" 66 + SUBSYSTEM=="usb", DRIVERS=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0014", ATTR{power/wakeup}="disabled", ATTR{driver/1-1.1.1.4/power/wakeup}="disabled" 67 + ''; 61 68 }; 62 69 63 70 };

+18 -3

modules/nixos/hardware/yubikey.nix

··· 13 13 mkOpt bool true "Whether or not yubikey support should be enabled"; 14 14 15 15 config = mkIf cfg.enable { 16 + age.secrets."yubikey-pam_u2f".rekeyFile = "${self}/secrets/yubikey-pam_u2f.age"; # Loading authFile for pam_u2f 17 + 16 18 # Enables support for login and authentication with the yubikey 17 19 security.pam.u2f = { 18 20 enable = true; 19 - # settings.authFile = TODO: add one file location for all users 21 + settings.authFile = config.age.secrets."yubikey-pam_u2f".path; 20 22 }; 21 23 22 24 ··· 27 29 udev.packages = [ pkgs.yubikey-personalization ]; 28 30 }; 29 31 30 - # use gnupg agent as main agent 32 + # use gpg agent instead of the ssh agent 31 33 programs = { 32 34 ssh.startAgent = false; 33 35 34 36 gnupg.agent = { 35 37 enable = true; 36 38 enableSSHSupport = true; 37 - # enableBrowserSocket = true; TODO: do that? 39 + enableBrowserSocket = true; 38 40 }; 39 41 }; 40 42 ··· 43 45 pkgs.yubikey-manager # cli 44 46 pkgs.yubioath-flutter # gui 45 47 ]; 48 + 49 + 50 + # Lock screen if yubikey is removed 51 + # TODO: add support for sway 52 + services.udev.extraRules = '' 53 + ACTION=="remove",\ 54 + ENV{ID_BUS}=="usb",\ 55 + ENV{ID_MODEL_ID}=="0407",\ 56 + ENV{ID_VENDOR_ID}=="1050",\ 57 + ENV{ID_VENDOR}=="Yubico",\ 58 + RUN+="${pkgs.systemd}/bin/loginctl lock-sessions" 59 + ''; 60 + 46 61 }; 47 62 }

secrets/yubikey-pam_u2f.age

This is a binary file and will not be displayed.

systems/pineapple/default.nix

··· 7 7 users = [ "xaiya" "blmedia" ]; 8 8 profiles = [ "laptop" ]; 9 9 10 + hardware.cpu = "amd"; 11 + 10 12 theme = { 11 13 name = "rose-pine"; 12 14

-13

systems/pineapple/hardware.nix

··· 1 - { config, lib, modulesPath, ... }: 2 - 3 1 { 4 - imports = 5 - [ (modulesPath + "/installer/scan/not-detected.nix") ]; 6 - 7 - # Prevent wakeup if lid is closed 8 - services.udev.extraRules = '' 9 - SUBSYSTEM=="usb", DRIVERS=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0012", ATTR{power/wakeup}="disabled", ATTR{driver/1-1.1.1.4/power/wakeup}="disabled" 10 - SUBSYSTEM=="usb", DRIVERS=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0014", ATTR{power/wakeup}="disabled", ATTR{driver/1-1.1.1.4/power/wakeup}="disabled" 11 - ''; 12 - 13 2 fileSystems."/" = 14 3 { device = "/dev/disk/by-uuid/876574d0-dec1-4237-a231-d78a7677539a"; 15 4 fsType = "ext4"; ··· 24 13 swapDevices = 25 14 [ { device = "/dev/disk/by-uuid/5efadec9-c5a4-4dfa-92bd-086dfccf6430"; } 26 15 ]; 27 - 28 - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 29 16 }

systems/pineapple/secrets/1a978abd66a915b0a8f8b3c1cc9bdc55-yubikey-pam_u2f.age

This is a binary file and will not be displayed.