yubikey cool

isabelroses · Nov 3, 2023 · 131692f · 131692f
1 parent 0282e17
commit 131692f
Show file tree

Hide file tree

Showing 9 changed files with 47 additions and 2 deletions.
diff --git a/hosts/amatarasu/default.nix b/hosts/amatarasu/default.nix
@@ -40,6 +40,7 @@ in {
         sound.enable = true;
         bluetooth.enable = false;
         printing.enable = false;
+        yubikeySupport.enable = true;
 
         security = {
           auditd.enable = true;

diff --git a/hosts/hydra/default.nix b/hosts/hydra/default.nix
@@ -6,7 +6,7 @@ _: {
         type = "laptop";
         cpu = "intel";
         gpu = null;
-        monitors = ["HDMI-A-1" "eDP-1"];
+        monitors = ["eDP-1"];
         hasTPM = true;
         hasBluetooth = true;
         hasSound = true;
@@ -28,6 +28,7 @@ _: {
         sound.enable = true;
         bluetooth.enable = true;
         printing.enable = false;
+        yubikeySupport.enable = true;
 
         security = {
           fixWebcam = false;

diff --git a/modules/base/common/host/default.nix b/modules/base/common/host/default.nix
@@ -4,7 +4,6 @@ _: {
     ./emulation # emulation setup
     ./encryption # keeping my stuff hidden from you strange people
     ./hardware # hardware - bluetooth etc.
-    ./media # sound and video
     ./nix # nix the package manger options
     ./os # system configurations
     ./security # keeping the system safe

diff --git a/modules/base/common/host/hardware/default.nix b/modules/base/common/host/hardware/default.nix
@@ -3,6 +3,8 @@ _: {
     ./cpu # cpu specific options
     ./gpu # gpu specific options
     ./tmp # Trusted Platform Module
+    ./media # sound and video
     ./bluetooth # bluetooth
+    ./yubikey # yubikey device support and management tools
   ];
 }
diff --git a/modules/base/common/host/media/default.nix → ...se/common/host/hardware/media/default.nix b/modules/base/common/host/media/default.nix → ...se/common/host/hardware/media/default.nix
diff --git a/.../base/common/host/media/sound/default.nix → ...mon/host/hardware/media/sound/default.nix b/.../base/common/host/media/sound/default.nix → ...mon/host/hardware/media/sound/default.nix
diff --git a/.../base/common/host/media/video/default.nix → ...mon/host/hardware/media/video/default.nix b/.../base/common/host/media/video/default.nix → ...mon/host/hardware/media/video/default.nix
diff --git a/modules/base/common/host/hardware/yubikey/default.nix b/modules/base/common/host/hardware/yubikey/default.nix
@@ -0,0 +1,33 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  config = lib.mkIf config.modules.system.yubikeySupport.enable {
+    hardware.gpgSmartcards.enable = true;
+
+    services = {
+      pcscd.enable = true;
+      udev.packages = [pkgs.yubikey-personalization];
+    };
+
+    programs = {
+      ssh.startAgent = false;
+      gnupg.agent = {
+        enable = true;
+        enableSSHSupport = true;
+      };
+    };
+
+    environment.systemPackages = with pkgs; [
+      # Yubico's official tools
+      yubikey-manager # cli
+      yubikey-manager-qt # gui
+      yubikey-personalization # cli
+      yubikey-personalization-gui # gui
+      yubico-piv-tool # cli
+      yubioath-flutter # gui
+    ];
+  };
+}
diff --git a/modules/base/options/system/default.nix b/modules/base/options/system/default.nix
@@ -70,6 +70,15 @@ in {
       description = "The path to the configuration";
     };
 
+    yubikeySupport = {
+      enable = mkEnableOption "yubikey support";
+      deviceType = mkOption {
+        type = with types; nullOr enum ["NFC5" "nano"];
+        default = null;
+        description = "A list of devices to enable Yubikey support for";
+      };
+    };
+
     sound = {
       enable = mkEnableOption "sound";
       description = "Does the device have sound and its related programs be enabled";