diff --git a/modules/default.nix b/modules/default.nix index b73244a..1eb8dad 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -316,4 +316,5 @@ rec { }; virtualisation = import ./virtualisation {}; + udev = import ./udev {}; } diff --git a/modules/git/default.nix b/modules/git/default.nix index 9408d53..c0eeac9 100644 --- a/modules/git/default.nix +++ b/modules/git/default.nix @@ -53,7 +53,7 @@ pretty = { fixes = ''Fixes: %h ("%s")''; }; - url."git@github.com:" = { insteadOf = "https://github.com/"; }; + # url."git@github.com:" = { insteadOf = "https://github.com/"; }; status.submoduleSummary = true; pull.rebase = false; diff --git a/modules/udev/default.nix b/modules/udev/default.nix new file mode 100644 index 0000000..0760282 --- /dev/null +++ b/modules/udev/default.nix @@ -0,0 +1,29 @@ +# Universe - The big bang to my universe +# +# Copyright (c) 2023-2024 Sameer Rahmani +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, version 2. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +{ ...}: +{ + pio = { pkgs, ... }: { + services.udev.packages = with pkgs; [ platformio-core.udev ]; + services.udev.extraRules = '' + ACTION=="remove",\ + ENV{ID_BUS}=="usb",\ + ENV{ID_MODEL_ID}=="0407",\ + ENV{ID_VENDOR_ID}=="1050",\ + ENV{ID_VENDOR}=="Yubico",\ + RUN+="${pkgs.systemd}/bin/loginctl lock-sessions" + ''; + }; +} diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 0cdbf40..4fbed47 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -29,4 +29,5 @@ in { "lxsameer/user.age".publicKeys = [ lxsameer.pub ]; "mary/user.age".publicKeys = [ mary.pub ]; + } diff --git a/users/lxsameer/default.nix b/users/lxsameer/default.nix index 834a71a..5fcc6a9 100644 --- a/users/lxsameer/default.nix +++ b/users/lxsameer/default.nix @@ -83,8 +83,11 @@ rec { extraGroups = [ "wheel" "networkmanager" + "dialout" + "video" + "kvm" ]; - hashedPasswordFile = config.age.secrets.user.path; + # hashedPasswordFile = config.age.secrets.user.path; #password = "123123"; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG3aV2dwnll3KxFR57Oj6Br51c7gJ/pkRa+IkKM6slve lxsameer@lxsameer.com" diff --git a/users/lxsameer/desktop.nix b/users/lxsameer/desktop.nix index 697cd56..281f9e7 100644 --- a/users/lxsameer/desktop.nix +++ b/users/lxsameer/desktop.nix @@ -13,8 +13,13 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see . -{ config, lib, pkgs, ... }@params: -let modules = import ../../modules params; +{ config, lib, pkgs, inputs, ... }@params: +let + modules = import ../../modules params; + rager = pkgs.callPackage ../../derivations/rager.nix { + ageBin = "${pkgs.rage}/bin/rage"; + }; + in { imports = [ @@ -31,6 +36,7 @@ in { }; }; }) + inputs.agenix.homeManagerModules.default ]; home.username = "lxsameer"; @@ -46,7 +52,9 @@ in { home.file.".fg42.el".source = ./fg42.el; home.file.".ssh/config".source = ./ssh/config; home.file.".config/mpv/mpv.conf".source = ./mpv.conf; - + home.file.".config/Yubico/u2f_keys".source = ./u2f_keys; + home.file.".yubico/challenge-24571728".source = ./yubico/challenge-24571728; + home.file.".yubico/challenge-24571700".source = ./yubico/challenge-24571700; # set cursor size and dpi for 4k monitor xresources.properties = { "Xcursor.size" = lib.mkDefault 16; @@ -400,7 +408,7 @@ in { programs.direnv = { enable = true; enableBashIntegration = true; # see note on other shells below - nix-direnv.enable = true; + nix-direnv.enable = true; }; } diff --git a/users/lxsameer/u2f_keys b/users/lxsameer/u2f_keys new file mode 100644 index 0000000..c8af43c --- /dev/null +++ b/users/lxsameer/u2f_keys @@ -0,0 +1 @@ +lxsameer:9XJ66TTZ9gmiOI6xrI/ERcgWQNkErQdXCxULrO7bTUycmh/2515YRT0ewHbf1WuMRIAam2TUzPFV/YhnQBqixQ==,VvdSuUvJzFRu3g2bU/lH6iamONa38f4tQOmK6aroDkUH6WDKN7bP8L48N4Vs3mYjJ9cq1q6s6/Oi3Fah9NAa2g==,es256,+presence:dHyrtuETx4EbjRM8H2qkHTVdCHCOQj1E+D6HFKgkC8c5C7FeMdZLtUUhlIXuMTjeIOmpaZ2izYxiY2tf1NqOoQ==,CdIZm6rItIHVTlXA4pzIHOhv0CrWHf/kTsaZ3vRglMtPKB61uihLKnF0b/VqLZCQcaAroblqjSABXXXUF6RZxg==,es256,+presence \ No newline at end of file diff --git a/users/lxsameer/yubico/challenge-24571700 b/users/lxsameer/yubico/challenge-24571700 new file mode 100644 index 0000000..62a572b --- /dev/null +++ b/users/lxsameer/yubico/challenge-24571700 @@ -0,0 +1 @@ +v2:e615b1e6a546b8bd0bc2940a5583dfde5f32346c263614efffa2d73b48ec8ab8260bdba4d412dc86a9850fbe861bc22516e92b726f85df59622a281a1f9731:2c4beb7ac872fccdb0784724fe40544b813684e6:3e761e4617c1484c9fa0f23e67e25bbf815d7fabae4c41805250cbb92239d4aa:10000:2 diff --git a/users/lxsameer/yubico/challenge-24571728 b/users/lxsameer/yubico/challenge-24571728 new file mode 100644 index 0000000..e4110ba --- /dev/null +++ b/users/lxsameer/yubico/challenge-24571728 @@ -0,0 +1 @@ +v2:726c230a9eeb14e4ec46d4938d01c18f6a035d6bcb6bac090f178a0647cb6fe36434edd6949cc5a0cdee681ddd7816094fa101d753e13745693a25b9af513f:c5cce4a3ee4bd4c874aeac15082a67203f60ac22:d01bcfb3294fb103dc86cda5d3a72e20d085d162953cec401c289955c4adc1e6:10000:2 diff --git a/users/mary/desktop.nix b/users/mary/desktop.nix index 74dc603..b633a9e 100644 --- a/users/mary/desktop.nix +++ b/users/mary/desktop.nix @@ -20,6 +20,8 @@ home.homeDirectory = "/home/mary"; home.file.".config/mpv/mpv.conf".source = ./mpv.conf; + home.file.".yubico/challenge-24571727".source = ./yubico/challenge-24571727; + home.file.".yubico/challenge-24571716".source = ./yubico/challenge-24571716; # set cursor size and dpi for 4k monitor xresources.properties = { diff --git a/users/mary/yubico/challenge-24571716 b/users/mary/yubico/challenge-24571716 new file mode 100644 index 0000000..580690c --- /dev/null +++ b/users/mary/yubico/challenge-24571716 @@ -0,0 +1 @@ +v2:7ef62bfdac20c5a3f2ccf6e877783bae81237657bb7cc7b101f19ae7b525746483341c7df3da7984295db5152fdf08aed371d96a0bdaae3d1f8efdbc61e0f0:a80acce6ba7b38d801fd19aee43be85363325fc1:9308b59c384176839a9bcbbd7ad3db8f5fa310c93865cc71be46c74a76d25364:10000:2 diff --git a/users/mary/yubico/challenge-24571727 b/users/mary/yubico/challenge-24571727 new file mode 100644 index 0000000..8d18c09 --- /dev/null +++ b/users/mary/yubico/challenge-24571727 @@ -0,0 +1 @@ +v2:8408a5cc638d4f58feade6a2b8697e573d721d3cd122bd557e9a3b0d365c7813647ccb9259c7d8cda6529cf4208531371fef34c39e7b9bc5fd1f7d6c29b147:a4436515f93ac50fc289c46e860fafa599f52fd9:2029d44916683f82c3a439bfbe3870bdd40f1273236fbaa7c41ca89021cedac7:10000:2 diff --git a/worlds/majin.nix b/worlds/majin.nix index 238d904..4668633 100644 --- a/worlds/majin.nix +++ b/worlds/majin.nix @@ -52,6 +52,19 @@ let enable = true; allowedTCPPorts = [ 8000 ]; }; + security.pam = { + services = { + login.u2fAuth = true; + sudo.u2fAuth = true; + }; + yubico = { + enable = true; + debug = true; + mode = "challenge-response"; + id = [ "24571728" "24571700" ]; + }; + }; + }; lxsameer = pkgs.callPackage ../users/lxsameer/default.nix {}; @@ -83,6 +96,7 @@ in { desktop styles yubikey + udev.pio virtualisation.podman inputs.home-manager.nixosModules.home-manager { diff --git a/worlds/maryland.nix b/worlds/maryland.nix index 426963e..9bec584 100644 --- a/worlds/maryland.nix +++ b/worlds/maryland.nix @@ -71,6 +71,19 @@ let allowedTCPPorts = [ 8000 22 ]; }; + security.pam = { + services = { + login.u2fAuth = true; + sudo.u2fAuth = true; + }; + yubico = { + enable = true; + debug = true; + mode = "challenge-response"; + id = [ "24571716" "24571727" ]; + }; + }; + }; mary = pkgs.callPackage ../users/mary/default.nix {};