diff --git a/flake.lock b/flake.lock index 545985e..fb46347 100644 --- a/flake.lock +++ b/flake.lock @@ -33,6 +33,26 @@ "type": "github" } }, + "auto-cpufreq": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733175750, + "narHash": "sha256-tczSI0dnsitstia/uVt7FyGQbtuW8lMhhMYj0TRSAT4=", + "owner": "AdnanHodzic", + "repo": "auto-cpufreq", + "rev": "4dae1d4b59bedc1d57118a9eb704c2e1cde5f83c", + "type": "github" + }, + "original": { + "owner": "AdnanHodzic", + "repo": "auto-cpufreq", + "type": "github" + } + }, "base16": { "inputs": { "fromYaml": "fromYaml" @@ -641,6 +661,7 @@ }, "root": { "inputs": { + "auto-cpufreq": "auto-cpufreq", "firefox-addons": "firefox-addons", "home-manager": "home-manager", "hyprland": "hyprland", diff --git a/flake.nix b/flake.nix index a970b30..b2494e0 100644 --- a/flake.nix +++ b/flake.nix @@ -45,6 +45,11 @@ url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; + + auto-cpufreq = { + url = "github:AdnanHodzic/auto-cpufreq"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { @@ -98,6 +103,7 @@ inputs.stylix.nixosModules.stylix inputs.nix-ld.nixosModules.nix-ld inputs.sops-nix.nixosModules.sops + inputs.auto-cpufreq.nixosModules.default ]; }; ginoza = nixpkgs.lib.nixosSystem { diff --git a/nixos/system/packages/yubikey.nix b/nixos/system/packages/yubikey.nix index 54ef6eb..de53e4e 100644 --- a/nixos/system/packages/yubikey.nix +++ b/nixos/system/packages/yubikey.nix @@ -8,48 +8,54 @@ program.yubikey = { enable = lib.mkEnableOption "Enable YubiKey authentication"; }; + program.yubikey = { + lock-on-remove = lib.mkEnableOption "Lock the session when the YubiKey is removed"; + }; }; - config = lib.mkIf config.program.yubikey.enable { - environment.systemPackages = with pkgs; [ - yubioath-flutter - yubikey-manager - pam_u2f - ]; + config = lib.mkMerge [ + (lib.mkIf config.program.yubikey.enable { + environment.systemPackages = with pkgs; [ + yubioath-flutter + yubikey-manager + pam_u2f + ]; - # Only have to be connected to the notebook - #security.pam.services = { - # login.u2fAuth = true; - # sudo.u2fAuth = true; - #}; + # Only have to be connected to the notebook + #security.pam.services = { + # login.u2fAuth = true; + # sudo.u2fAuth = true; + #}; - security.pam.yubico = { - enable = true; - debug = false; - mode = "challenge-response"; - control = "sufficient"; - #! id = [ "1234567890" ]; - #! YubiKey ID is stored in SOPS - #! and is set in the module configuration - #! file ./sops/sops.nix - }; + security.pam.yubico = { + enable = true; + debug = false; + mode = "challenge-response"; + control = "sufficient"; + #! id = [ "1234567890" ]; + #! YubiKey ID is stored in SOPS + #! and is set in the module configuration + #! file ./sops/sops.nix + }; - services.pcscd = { - enable = true; - }; + services.pcscd = { + enable = true; + }; - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - - services.udev.extraRules = '' - ACTION=="remove",\ - ENV{ID_BUS}=="usb",\ - ENV{ID_MODEL_ID}=="0407",\ - ENV{ID_VENDOR_ID}=="1050",\ - ENV{ID_VENDOR}=="Yubico",\ - RUN+="${pkgs.systemd}/bin/loginctl lock-sessions" - ''; - }; + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + }) + (lib.mkIf config.program.yubikey.lock-on-remove { + services.udev.extraRules = '' + ACTION=="remove",\ + ENV{ID_BUS}=="usb",\ + ENV{ID_MODEL_ID}=="0407",\ + ENV{ID_VENDOR_ID}=="1050",\ + ENV{ID_VENDOR}=="Yubico",\ + RUN+="${pkgs.systemd}/bin/loginctl lock-sessions" + ''; + }) + ]; } diff --git a/nixos/system/settings/desktops.nix b/nixos/system/settings/desktops.nix index f9b49a6..9ea0cb8 100644 --- a/nixos/system/settings/desktops.nix +++ b/nixos/system/settings/desktops.nix @@ -60,8 +60,6 @@ }; services.udisks2.enable = true; - services.power-profiles-daemon.enable = true; - security = { polkit.enable = true; pam.services.hyprlock = {};