From 131692f0a4b177f8e8e96fc13d81a03348346d5d Mon Sep 17 00:00:00 2001
From: isabel <isabel@isabelroses.com>
Date: Fri, 3 Nov 2023 22:23:10 +0000
Subject: [PATCH] yubikey cool

---
 hosts/amatarasu/default.nix                   |  1 +
 hosts/hydra/default.nix                       |  3 +-
 modules/base/common/host/default.nix          |  1 -
 modules/base/common/host/hardware/default.nix |  2 ++
 .../host/{ => hardware}/media/default.nix     |  0
 .../{ => hardware}/media/sound/default.nix    |  0
 .../{ => hardware}/media/video/default.nix    |  0
 .../common/host/hardware/yubikey/default.nix  | 33 +++++++++++++++++++
 modules/base/options/system/default.nix       |  9 +++++
 9 files changed, 47 insertions(+), 2 deletions(-)
 rename modules/base/common/host/{ => hardware}/media/default.nix (100%)
 rename modules/base/common/host/{ => hardware}/media/sound/default.nix (100%)
 rename modules/base/common/host/{ => hardware}/media/video/default.nix (100%)
 create mode 100644 modules/base/common/host/hardware/yubikey/default.nix

diff --git a/hosts/amatarasu/default.nix b/hosts/amatarasu/default.nix
index 43826e00a..115248c6d 100644
--- a/hosts/amatarasu/default.nix
+++ b/hosts/amatarasu/default.nix
@@ -40,6 +40,7 @@ in {
         sound.enable = true;
         bluetooth.enable = false;
         printing.enable = false;
+        yubikeySupport.enable = true;
 
         security = {
           auditd.enable = true;
diff --git a/hosts/hydra/default.nix b/hosts/hydra/default.nix
index a4eebb19c..579afaf43 100644
--- a/hosts/hydra/default.nix
+++ b/hosts/hydra/default.nix
@@ -6,7 +6,7 @@ _: {
         type = "laptop";
         cpu = "intel";
         gpu = null;
-        monitors = ["HDMI-A-1" "eDP-1"];
+        monitors = ["eDP-1"];
         hasTPM = true;
         hasBluetooth = true;
         hasSound = true;
@@ -28,6 +28,7 @@ _: {
         sound.enable = true;
         bluetooth.enable = true;
         printing.enable = false;
+        yubikeySupport.enable = true;
 
         security = {
           fixWebcam = false;
diff --git a/modules/base/common/host/default.nix b/modules/base/common/host/default.nix
index 0b8368bb8..60e0dcfb1 100644
--- a/modules/base/common/host/default.nix
+++ b/modules/base/common/host/default.nix
@@ -4,7 +4,6 @@ _: {
     ./emulation # emulation setup
     ./encryption # keeping my stuff hidden from you strange people
     ./hardware # hardware - bluetooth etc.
-    ./media # sound and video
     ./nix # nix the package manger options
     ./os # system configurations
     ./security # keeping the system safe
diff --git a/modules/base/common/host/hardware/default.nix b/modules/base/common/host/hardware/default.nix
index 49967cf86..f1b91f7d4 100644
--- a/modules/base/common/host/hardware/default.nix
+++ b/modules/base/common/host/hardware/default.nix
@@ -3,6 +3,8 @@ _: {
     ./cpu # cpu specific options
     ./gpu # gpu specific options
     ./tmp # Trusted Platform Module
+    ./media # sound and video
     ./bluetooth # bluetooth
+    ./yubikey # yubikey device support and management tools
   ];
 }
diff --git a/modules/base/common/host/media/default.nix b/modules/base/common/host/hardware/media/default.nix
similarity index 100%
rename from modules/base/common/host/media/default.nix
rename to modules/base/common/host/hardware/media/default.nix
diff --git a/modules/base/common/host/media/sound/default.nix b/modules/base/common/host/hardware/media/sound/default.nix
similarity index 100%
rename from modules/base/common/host/media/sound/default.nix
rename to modules/base/common/host/hardware/media/sound/default.nix
diff --git a/modules/base/common/host/media/video/default.nix b/modules/base/common/host/hardware/media/video/default.nix
similarity index 100%
rename from modules/base/common/host/media/video/default.nix
rename to modules/base/common/host/hardware/media/video/default.nix
diff --git a/modules/base/common/host/hardware/yubikey/default.nix b/modules/base/common/host/hardware/yubikey/default.nix
new file mode 100644
index 000000000..6fc56a862
--- /dev/null
+++ b/modules/base/common/host/hardware/yubikey/default.nix
@@ -0,0 +1,33 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  config = lib.mkIf config.modules.system.yubikeySupport.enable {
+    hardware.gpgSmartcards.enable = true;
+
+    services = {
+      pcscd.enable = true;
+      udev.packages = [pkgs.yubikey-personalization];
+    };
+
+    programs = {
+      ssh.startAgent = false;
+      gnupg.agent = {
+        enable = true;
+        enableSSHSupport = true;
+      };
+    };
+
+    environment.systemPackages = with pkgs; [
+      # Yubico's official tools
+      yubikey-manager # cli
+      yubikey-manager-qt # gui
+      yubikey-personalization # cli
+      yubikey-personalization-gui # gui
+      yubico-piv-tool # cli
+      yubioath-flutter # gui
+    ];
+  };
+}
diff --git a/modules/base/options/system/default.nix b/modules/base/options/system/default.nix
index 1110f0e1e..b524fe1f3 100644
--- a/modules/base/options/system/default.nix
+++ b/modules/base/options/system/default.nix
@@ -70,6 +70,15 @@ in {
       description = "The path to the configuration";
     };
 
+    yubikeySupport = {
+      enable = mkEnableOption "yubikey support";
+      deviceType = mkOption {
+        type = with types; nullOr enum ["NFC5" "nano"];
+        default = null;
+        description = "A list of devices to enable Yubikey support for";
+      };
+    };
+
     sound = {
       enable = mkEnableOption "sound";
       description = "Does the device have sound and its related programs be enabled";