From 42789692ad47fb308db53cd129cc77263c862744 Mon Sep 17 00:00:00 2001
From: foglar <kohout.fi.2023@skola.ssps.cz>
Date: Fri, 27 Dec 2024 16:14:08 +0100
Subject: [PATCH] sops update and ssh fix

---
 TODO.md                                       | 24 ++++++++++++-------
 ginoza/configuration.nix                      |  5 ++++
 kogami/configuration.nix                      | 13 +++++++++-
 kogami/home.nix                               |  5 +---
 nixos/home/packages/tools/shell.nix           |  2 +-
 nixos/system/packages.nix                     | 11 +++++----
 .../system/packages/sops/secrets/secrets.yaml |  6 +++--
 nixos/system/packages/sops/sops.nix           |  9 +++++++
 nixos/system/packages/yubikey.nix             |  9 +++++--
 9 files changed, 61 insertions(+), 23 deletions(-)

diff --git a/TODO.md b/TODO.md
index 497829d..88306c4 100644
--- a/TODO.md
+++ b/TODO.md
@@ -7,18 +7,26 @@
 - [x] cliphist manager fix
 - [x] stylix theming to each module
 - [x] rofi theme and other themes, where are colors setup declaratively
-- [ ] enabling nvidia graphics and disabling it
-- [ ] modularity connected via configuration.nix file with home manager (disable gnome, gnome configuration will be disabled too)
+- [x] enabling nvidia graphics and disabling it
+- [x] add zsh to my config
 - [x] custom if else statements
+- [x] move sops
+- [x] figure out yubico authentication
+- [x] options for YUBIKEY to make more sense and control
+- [x] power profiles solution in waybar
+- [x] auto-cpufreq
+- [ ] modularity connected via configuration.nix file with home manager (disable gnome, gnome configuration will be disabled too)
 - [ ] neovim
 - [ ] librewolf and firefox fix
-- [ ] fix kde theme in stylix
-- [x] move sops
-- [ ] figure out yubico authentication
 - [ ] graph of my system structure
-- [x] add zsh to my config
-- [ ] ?tryout starship?
 - [ ] cleanup hyprland subtools (rofi, hyprlock, waybar)
-- [ ] auto-cpufreq
 - [ ] modularize hyprland config into multiple files
 - [ ] consider moving nh config helper into module
+- [ ] make static background folder and figure out how to simply manage backgrounds across my devices
+- [ ] NVIDIA options
+- [ ] fix plasma manager and extend gnome configuration
+- [ ] merge shell aliases
+
+- [ ] update my home page and create new web
+- [ ] fix kde theme in stylix
+- [ ] ?tryout starship?
diff --git a/ginoza/configuration.nix b/ginoza/configuration.nix
index d960411..84f6752 100644
--- a/ginoza/configuration.nix
+++ b/ginoza/configuration.nix
@@ -62,6 +62,11 @@
     tor.enable = false;
     virt-manager.enable = false;
     virtualbox.enable = false;
+    yubikey = {
+      enable = false;
+      lock-on-remove = false;
+      notify = false;
+    };
   };
 
   # Basic programs to enable
diff --git a/kogami/configuration.nix b/kogami/configuration.nix
index f80f79b..2529329 100644
--- a/kogami/configuration.nix
+++ b/kogami/configuration.nix
@@ -66,7 +66,11 @@
     tor.enable = true;
     virt-manager.enable = true;
     virtualbox.enable = false;
-    yubikey.enable = true;
+    yubikey = {
+      enable = true;
+      lock-on-remove = false;
+      notify = true;
+    };
   };
 
   # Basic programs to enable
@@ -74,6 +78,13 @@
   programs.wireshark.enable = true;
   programs.auto-cpufreq.enable = true;
 
+  programs.ssh.extraConfig = ''
+    Host masaoka
+      HostName 192.168.8.140
+      User foglar
+      IdentityFile ~/.ssh/id_masaoka
+  '';
+
   #services.twingate.enable = true;
 
   # Allow unfree packages
diff --git a/kogami/home.nix b/kogami/home.nix
index fe24ac2..4d04440 100644
--- a/kogami/home.nix
+++ b/kogami/home.nix
@@ -1,7 +1,4 @@
-{
-  userSettings,
-  ...
-}: {
+{userSettings, ...}: {
   # Home manager configuration
   home.username = "${userSettings.username}";
   home.homeDirectory = "/home/${userSettings.username}";
diff --git a/nixos/home/packages/tools/shell.nix b/nixos/home/packages/tools/shell.nix
index 75c4573..168d5d1 100644
--- a/nixos/home/packages/tools/shell.nix
+++ b/nixos/home/packages/tools/shell.nix
@@ -27,7 +27,7 @@
           respawn = "clear; ${pkgs.pfetch}/bin/pfetch";
           mkdir = "mkdir -p";
           cat = "${pkgs.bat}/bin/bat --style plain";
-          rasp = "s foglar@192.168.8.140";
+          rasp = "s masaoka";
           hist = "history | awk '{for (i=2; i<=NF; i++) printf \$i\" \"; print \"\"}' | fzf | wl-copy";
           cdx = "${pkgs.zoxide}/bin/zoxide query --interactive";
 
diff --git a/nixos/system/packages.nix b/nixos/system/packages.nix
index 751a494..aeff4c5 100644
--- a/nixos/system/packages.nix
+++ b/nixos/system/packages.nix
@@ -1,7 +1,4 @@
-{
-  lib,
-  ...
-}: {
+{lib, ...}: {
   imports = [
     ./packages/docker.nix
     ./packages/podman.nix
@@ -20,7 +17,11 @@
     tor.enable = lib.mkDefault true;
     virt-manager.enable = lib.mkDefault true;
     virtualbox.enable = lib.mkDefault true;
-    yubikey.enable = lib.mkDefault false;
+    yubikey = {
+      enable = lib.mkDefault false;
+      lock-on-remove = lib.mkDefault false;
+      notify = lib.mkDefault false;
+    };
   };
   sys.desktop.steamdeck.enable = lib.mkDefault false;
   sys.security.sops.enable = lib.mkDefault true;
diff --git a/nixos/system/packages/sops/secrets/secrets.yaml b/nixos/system/packages/sops/secrets/secrets.yaml
index 2935f41..e5ba4e2 100644
--- a/nixos/system/packages/sops/secrets/secrets.yaml
+++ b/nixos/system/packages/sops/secrets/secrets.yaml
@@ -3,6 +3,8 @@ kogami:
 ginoza:
     password-hash: ENC[AES256_GCM,data:xqE0y3Z7+kasYFQLn4Wuo+/c9L8BEakf2HKgN5BsttC2iDuzYSvXrP8K6pe5Skdi5Aq0MVz9LixJFM3PBgLORL1C6k0iDSardw==,iv:bKL40h0rGNmnnkA7EieKAD5KyENXOiTNsTVH1V0B7HU=,tag:c1MsRuiOK/j2b0iKOyO8FQ==,type:str]
 yubikey_id: ENC[AES256_GCM,data:ZyamX5gxoW4=,iv:4tW7muk6AaJf9VmXmFd6Ut63U27fFD8QgYSBx3RgOfw=,tag:IFlSiOffMyc33Rw1gxwCPA==,type:int]
+ssh_keys:
+    masaoka: ENC[AES256_GCM,data:VNR1euaaG0wfDvuSbwqga86QC/yir/GJ1sZLT6mzu3DxrxjexXbXP0nO79+l7FRQENZEU/e/wZ+V8Pb+9Tw/whDOVYM3EgAgsuialdc7LAkaaGyRe47+PpPaN7n/O6pPBRGSApDVf0xsw1R95pmL2jsM7nzs6WiiC+yG5FM2VdSxkxVJPkABmQpMzjoMyuB6QlQGCU+Q/+cuOL/7tsW6JFyKu8snTXyQg3EKomR07ZpxcE8whbEfmxdZbiNFitNmsnaRLGqkyd9iVHfW5PlvfU9s0C0CWZPTw23okCpGjaUwnbHcKVWlb6b1qbQRRoHwqFIArqC44COY6zT50rPsbwjLvU0gozBMCRYmZtZtMFQ50NYn2mfEU/6ZTWS67EmjYHwyR6mxTM9TeLpgsYWIqewB1te87y1q5+/EFHUAba3iINx/P/yJUUVUS9B85eosMgQsn4sn+3iMq7aZbNQeDOLU78xwFZpxHYK8MXVSLZf0dwQHyyFAHPtfHSXKJc3sWqMOeRuB8L3Xdn+k2cJAOfHZb4AidYYdie37oFXaVjLyCBgtvZzVFGUTameByD46TU82kFDzgNxKBzBNpNK5xM6l1eyE1Xm6t1bH69RiWF5Hn2i2UQj2vm3ScTlHdOymLy/DRBpg9BuhkkxA6FoaM0Iw0c0EInvcj2HdBR8FhoknktwBZDU/+zWj4vEkEnvvDyBJ0UH4QkgMDast6f+STqdURGCJAB/rBJcbmvJTsDa7,iv:wI2fH8hCBopVz3rWXj8el0Uof3DeL0lkezqE6MeMJ/k=,tag:uKDGStJ96RRqxX1wdIzgaQ==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -18,8 +20,8 @@ sops:
             T0cxV21SN0hJaFg3R3hpTjIxa3lJNVEKdIrR5XDHxpCojk2A1pxc4dYtSJRrObbY
             JS/nDgu74LugEchiOhuIJ7nh3MS5XBOmmt2GTHrqxZEZFoIykjIGug==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-12-26T19:06:52Z"
-    mac: ENC[AES256_GCM,data:1n5O72DFe6dgvEfE6ZOAP1JR4TFZQAWeDYU/NLtisjoVliREcVmaZEM3vxDnrLueLFdNZ0jxu9fEjG0cnwUDkJNIeFyj8mhzY3bIC5LiSVriKPLGiJW3fMBsK6btJTa8OJ7xJsFIKgXpVHAgOit9ZBT24VnLZ9zFgWk84whR1eE=,iv:RaKCWl5zfKsD0502WVRv8Vx2+jGz3J7yhRkSzb/RFPM=,tag:JT2sKaoK7SCKCk1nWrHZMQ==,type:str]
+    lastmodified: "2024-12-27T12:09:56Z"
+    mac: ENC[AES256_GCM,data:AFNKn5oyHEwxKkLHh67le/02QaBitPipF1+BzvYdxQgHjTm5JCGn1yZZHmNDMIRAVTSECubWh1fvBiCVbkTSIGnYjXEb/Kw3732E+Cb4RYAPQRVkdJeg9h1ZwmdGUGajjZwCtnuuUl65ZMpW7njVHT0M+y91nWAQJ4CAbrAfAbw=,iv:2wmu+hBG3azJT+wrvlZPpdfqaEAbBCeDM0ncgfvhzOg=,tag:5PVBh6a/bsLV9YsXnPO5aw==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.2
diff --git a/nixos/system/packages/sops/sops.nix b/nixos/system/packages/sops/sops.nix
index 4bca528..e4948a6 100644
--- a/nixos/system/packages/sops/sops.nix
+++ b/nixos/system/packages/sops/sops.nix
@@ -18,6 +18,15 @@
       neededForUsers = true;
     };
 
+    # SSH private keys
+    sops.secrets = {
+      "ssh_keys/masaoka" = {
+        path = "/home/${userSettings.username}/.ssh/id_masaoka";
+        owner = userSettings.username;
+        group = "users";
+      };
+    };
+
     users.users.${userSettings.username}.hashedPasswordFile = "${config.sops.secrets."${userSettings.hostname}/password-hash".path}";
     security.pam.yubico.id =
       []
diff --git a/nixos/system/packages/yubikey.nix b/nixos/system/packages/yubikey.nix
index de53e4e..afab288 100644
--- a/nixos/system/packages/yubikey.nix
+++ b/nixos/system/packages/yubikey.nix
@@ -7,9 +7,8 @@
   options = {
     program.yubikey = {
       enable = lib.mkEnableOption "Enable YubiKey authentication";
-    };
-    program.yubikey = {
       lock-on-remove = lib.mkEnableOption "Lock the session when the YubiKey is removed";
+      notify = lib.mkEnableOption "Notify when the YubiKey is touched";
     };
   };
 
@@ -47,6 +46,12 @@
         enableSSHSupport = true;
       };
     })
+    (lib.mkIf config.program.yubikey.notify {
+      programs.yubikey-touch-detector = {
+        enable = true;
+        libnotify = true;
+      };
+    })
     (lib.mkIf config.program.yubikey.lock-on-remove {
       services.udev.extraRules = ''
         ACTION=="remove",\