foglar/nixos-config
foglar/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

auto-cpufreq added

Browse Source
This commit is contained in:
foglar 2024-12-27 10:32:32 +01:00
parent 34d77cf53b
commit d99d544813
4 changed files with 71 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
flake.lock
View File

@ -33,6 +33,26 @@
"type": "github"
}
},
"auto-cpufreq": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1733175750,
"narHash": "sha256-tczSI0dnsitstia/uVt7FyGQbtuW8lMhhMYj0TRSAT4=",
"owner": "AdnanHodzic",
"repo": "auto-cpufreq",
"rev": "4dae1d4b59bedc1d57118a9eb704c2e1cde5f83c",
"type": "github"
},
"original": {
"owner": "AdnanHodzic",
"repo": "auto-cpufreq",
"type": "github"
}
},
"base16": {
"inputs": {
"fromYaml": "fromYaml"
@ -641,6 +661,7 @@
},
"root": {
"inputs": {
"auto-cpufreq": "auto-cpufreq",
"firefox-addons": "firefox-addons",
"home-manager": "home-manager",
"hyprland": "hyprland",

6
flake.nix
View File

@ -45,6 +45,11 @@
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
auto-cpufreq = {
url = "github:AdnanHodzic/auto-cpufreq";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = {
@ -98,6 +103,7 @@
inputs.stylix.nixosModules.stylix
inputs.nix-ld.nixosModules.nix-ld
inputs.sops-nix.nixosModules.sops
inputs.auto-cpufreq.nixosModules.default
];
};
ginoza = nixpkgs.lib.nixosSystem {

82
nixos/system/packages/yubikey.nix
View File

@ -8,48 +8,54 @@
program.yubikey = {
enable = lib.mkEnableOption "Enable YubiKey authentication";
};
program.yubikey = {
lock-on-remove = lib.mkEnableOption "Lock the session when the YubiKey is removed";
};
};
config = lib.mkIf config.program.yubikey.enable {
environment.systemPackages = with pkgs; [
yubioath-flutter
yubikey-manager
pam_u2f
];
config = lib.mkMerge [
(lib.mkIf config.program.yubikey.enable {
environment.systemPackages = with pkgs; [
yubioath-flutter
yubikey-manager
pam_u2f
];
# Only have to be connected to the notebook
#security.pam.services = {
# login.u2fAuth = true;
# sudo.u2fAuth = true;
#};
# Only have to be connected to the notebook
#security.pam.services = {
# login.u2fAuth = true;
# sudo.u2fAuth = true;
#};
security.pam.yubico = {
enable = true;
debug = false;
mode = "challenge-response";
control = "sufficient";
#! id = [ "1234567890" ];
#! YubiKey ID is stored in SOPS
#! and is set in the module configuration
#! file ./sops/sops.nix
};
security.pam.yubico = {
enable = true;
debug = false;
mode = "challenge-response";
control = "sufficient";
#! id = [ "1234567890" ];
#! YubiKey ID is stored in SOPS
#! and is set in the module configuration
#! file ./sops/sops.nix
};
services.pcscd = {
enable = true;
};
services.pcscd = {
enable = true;
};
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
services.udev.extraRules = ''
ACTION=="remove",\
ENV{ID_BUS}=="usb",\
ENV{ID_MODEL_ID}=="0407",\
ENV{ID_VENDOR_ID}=="1050",\
ENV{ID_VENDOR}=="Yubico",\
RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
'';
};
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
})
(lib.mkIf config.program.yubikey.lock-on-remove {
services.udev.extraRules = ''
ACTION=="remove",\
ENV{ID_BUS}=="usb",\
ENV{ID_MODEL_ID}=="0407",\
ENV{ID_VENDOR_ID}=="1050",\
ENV{ID_VENDOR}=="Yubico",\
RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
'';
})
];
}

2
nixos/system/settings/desktops.nix
View File

@ -60,8 +60,6 @@
};
services.udisks2.enable = true;
services.power-profiles-daemon.enable = true;
security = {
polkit.enable = true;
pam.services.hyprlock = {};