Yubikey and Oh-my-posh improvements

README.md

@@ -2,32 +2,48 @@
 
 - my personal nix dotfiles in the **flake**
 
+## Build and deploy
+
 - simple build command for system
 
 ```bash
-git clone https://git.foglar.tech/foglar/dotfiles.git $HOME/dotfiles 
+git clone https://git.foglar.tech/foglar/dotfiles.git $HOME/.dotfiles 
-sudo nixos-rebuild switch --flake ~/dotfiles#laptop
+sudo nixos-rebuild switch --flake ~/.dotfiles#kogami
 ```
 
 - generate a vm of the flake with this command
 
 ```bash
-nix run github:nix-community/nixos-generators -- -c ./flake.nix --flake '#leanix' -f vm --disk-size 20480 
+nix run github:nix-community/nixos-generators -- -c ./flake.nix --flake '#ginoza' -f vm --disk-size 20480 
 ```
 
 - deploy configuration on the new system
 
 ```bash
 # Copy my repository
-git clone https://git.foglar.tech/foglar/dotfiles.git $HOME/dotfiles --depth 1
+git clone https://git.foglar.tech/foglar/dotfiles.git $HOME/.dotfiles --depth 1
 
 # Generate your own hardware configurations for system
-sudo nixos-generate-config --dir ~/dotfiles/zenith
+sudo nixos-generate-config --dir ~/.dotfiles/kogami
 # or
-sudo nixos-generate-config --dir ~/dotfiles/leanix
+sudo nixos-generate-config --dir ~/.dotfiles/ginoza
 
 # Rebuild your system from the flake
-sudo nixos-rebuild switch --flake ~/dotfiles#zenith
+sudo nixos-rebuild switch --flake ~/.dotfiles#kogami
 ```
 
 ## Features
+
+### Secure Operations
+
+- file for sops is in **~/.config/sops/ags/keys.txt**
+
+### Yubikey
+
+- setup your yubikey to work with current user
+
+```bash
+nix-shell -p yubico-pam -p yubikey-manager
+ykman otp chalresp --touch --generate 2
+ykpamcfg -2 -v
+```

config/clipboard.rasi

@@ -42,7 +42,7 @@ wallbox {
     expand:                      false;
     orientation:                 horizontal;
     background-color:            transparent;
-    background-image:            url("~/dotfiles/config/backgrounds/aurora_borealis.png", width);
+    background-image:            url("~/.dotfiles/config/backgrounds/aurora_borealis.png", width);
     children:                    [ "wallframe" , "inputbar" ];
 }
 wallframe {
@@ -51,7 +51,7 @@ wallframe {
     padding:                     0em;
     expand:                      false;
     background-color:            @main-bg;
-    background-image:            url("~/dotfiles/config/backgrounds/aurora_borealis.png", width);
+    background-image:            url("~/.dotfiles/config/backgrounds/aurora_borealis.png", width);
 }
 
 

config/hyprlock.conf

@@ -10,7 +10,7 @@ general {
 
 background {
     monitor =
-    path = /home/foglar/dotfiles/config/backgrounds/aurora_borealis.png
+    path = /home/shinya/.dotfiles/config/backgrounds/aurora_borealis.png
     color = rgba(25, 20, 20, 1.0)
 
     # all these options are taken from hyprland, see https://wiki.hyprland.org/Configuring/Variables/#blur for explanations

flake.nix

@@ -54,11 +54,11 @@
     ...
   } @ inputs: let
     userSettings = {
-      username = "foglar"; # konsta or shinya (else defaulting to shinya or none)
+      username = "shinya"; # konsta or shinya (else defaulting to shinya or none)
       hostname = "kogami"; # kogami or ginoza
 
       shell = "zsh"; # bash, zsh, none
-      terminal = "kitty"; # kitty, alacritty
+      terminal = "kitty"; # kitty, alacritty, gnome-terminal
       browser = "librewolf"; # firefox, librewolf, qutebrowser
       editor = "neovim"; # neovim, vscode
 

kogami/home.nix

@@ -11,7 +11,7 @@
 
   # Desktop management
   desktop.hyprland.enable = true;
-  desktop.kde.enable = true;
+  desktop.kde.enable = false;
   desktop.gnome.enable = false;
 
   # Shell management

nixos/home/apps/applications.nix

@@ -12,7 +12,7 @@
   config = lib.mkIf config.app_list.applications.enable {
     home.packages =
       (with pkgs; [
-        #librewolf
+        librewolf
         qutebrowser
         ferdium
 

nixos/home/desktop/hyprland/rofi.nix

@@ -58,7 +58,7 @@
           orientation = mkLiteral "vertical";
           children = ["inputbar" "listbox"];
           background-color = mkLiteral "transparent";
-          background-image = mkLiteral "url(\"~/dotfiles/config/backgrounds/aurora_borealis.png\", height)";
+          background-image = mkLiteral "url(\"~/.dotfiles/config/backgrounds/aurora_borealis.png\", height)";
         };
       
         # Input bar settings
@@ -68,7 +68,7 @@
           padding = mkLiteral "5em";
           children = ["entry"];
           background-color = mkLiteral "transparent";
-          background-image = mkLiteral "url(\"~/dotfiles/config/backgrounds/aurora_borealis.png\", width)";
+          background-image = mkLiteral "url(\"~/.dotfiles/config/backgrounds/aurora_borealis.png\", width)";
         };
       
         # Entry field settings

nixos/home/desktop/hyprland/waybar.nix

@@ -44,7 +44,7 @@
           };
 
           "hyprland/window" = {
-            format = "   {}";
+            format = "  {}";
             #rotate = ${r_deg};
             separate-outputs = true;
             rewrite = {
@@ -75,12 +75,12 @@
               "m" = 30; # medium
             };
             interval = 30;
-            format = "󰾆  {used}GB";
+            format = "󰾆 {used}GB";
             #rotate = ${r_deg};
-            format-m = "󰾅  {used}GB";
+            format-m = "󰾅 {used}GB";
-            format-h = "󰓅  {used}GB";
+            format-h = "󰓅 {used}GB";
-            format-c = "  {used}GB";
+            format-c = " {used}GB";
-            format-alt = "󰾆  {percentage}%";
+            format-alt = "󰾆 {percentage}%";
             max-length = 10;
             tooltip = true;
             tooltip-format = "󰾆  {percentage}%\n  {used:0.1f}GB/{total:0.1f}GB";
@@ -188,13 +188,13 @@
           };
 
           "pulseaudio" = {
-            format = "{icon}  {volume}";
+            format = "{icon} {volume}";
             rotate = 0;
             format-muted = "婢";
-            on-click = "pavucontrol -t 3";
+            on-click = "${pkgs.pavucontrol}/bin/pavucontrol -t 3";
-            on-click-middle = "swayosd-client --output-volume mute-toggle";
+            on-click-middle = "${pkgs.swayosd}/bin/swayosd-client --output-volume mute-toggle";
-            on-scroll-up = "swayosd-client --output-volume 5";
+            on-scroll-up = "${pkgs.swayosd}/bin/swayosd-client --output-volume 5";
-            on-scroll-down = "swayosd-client --output-volume -5";
+            on-scroll-down = "${pkgs.swayosd}/bin/swayosd-client --output-volume -5";
             tooltip-format = "{icon} {desc} // {volume}%";
             scroll-step = 5;
             format-icons = {
@@ -213,10 +213,10 @@
             rotate = 0;
             format-source = "";
             format-source-muted = "";
-            on-click = "pavucontrol -t 4";
+            on-click = "${pkgs.pavucontrol}/bin/pavucontrol -t 4";
-            on-click-middle = "swayosd-client --input-volume mute-toggle";
+            on-click-middle = "${pkgs.swayosd}/bin/swayosd-client --input-volume mute-toggle";
-            on-scroll-up = "swayosd-client --input-volume 5";
+            on-scroll-up = "${pkgs.swayosd}/bin/swayosd-client --input-volume 5";
-            on-scroll-down = "swayosd-client --input-volume -5";
+            on-scroll-down = "${pkgs.swayosd}/bin/swayosd-client --input-volume -5";
             tooltip-format = "{format_source} {source_desc} // {source_volume}%";
             scroll-step = 5;
           };
@@ -236,8 +236,8 @@
             format = " {}";
             rotate = 0;
             exec = "echo ; echo  logout";
-            on-click = "wlogout -b 2";
+            on-click = "${pkgs.wlogout}/bin/wlogout -b 2";
-            on-click-right = "wlogout -b 2";
+            on-click-right = "${pkgs.wlogout}/bin/wlogout -b 2";
             interval = 86400; # once every day
             tooltip = true;
           };

nixos/home/packages/applications/firefox.nix

@@ -13,6 +13,7 @@
   config = lib.mkIf config.program.firefox.enable {
     programs.firefox = {
       enable = true;
+      package = pkgs.firefox;
 
       profiles.default = {
         search.engines = {

nixos/home/packages/programming/code.nix

@@ -80,6 +80,9 @@
           # Remote
           ms-vscode-remote.remote-ssh
           ms-vscode-remote.remote-ssh-edit
+
+          pkief.material-product-icons
+          pkief.material-icon-theme
         ];
       };
     })
@@ -206,8 +209,6 @@
         zhuangtongfa.material-theme
         oderwat.indent-rainbow
         enkia.tokyo-night
-        pkief.material-product-icons
-        pkief.material-icon-theme
       ];
     })
 

nixos/home/packages/tools/oh-my-posh.nix

@@ -2,6 +2,7 @@
   lib,
   config,
   pkgs,
+  userSettings,
   ...
 }: {
   options = {
@@ -21,8 +22,14 @@
   config = lib.mkIf config.sh.oh-my-posh.enable {
     programs.oh-my-posh = {
       enable = true;
-      enableBashIntegration = if config.sh.bash.enable == true then true else false;
+      enableBashIntegration =
-      enableZshIntegration = if config.sh.zsh.enable == true then true else false;
+        if config.sh.bash.enable == true
+        then true
+        else false;
+      enableZshIntegration =
+        if config.sh.zsh.enable == true
+        then true
+        else false;
       settings = {
         "$schema" = "https://raw.githubusercontent.com/JanDeDobbeleer/oh-my-posh/main/themes/schema.json";
         "blocks" = [
@@ -83,7 +90,7 @@
                   "style" = "full";
                 };
                 "style" = "plain";
-                "template" = "<{{ if .Root }}lightBlue{{ else }}green{{ end }}>-[</>{{if eq .Folder \"foglar\"}}~{{else}}{{ .Folder }}{{end}}<{{ if .Root }}lightBlue{{ else }}green{{ end }}>]</>";
+                "template" = "<{{ if .Root }}lightBlue{{ else }}green{{ end }}>-[</>{{if eq .Folder \"${userSettings.username}\"}}~{{else}}{{ .Folder }}{{end}}<{{ if .Root }}lightBlue{{ else }}green{{ end }}>]</>";
               }
               {
                 "type" = "git";

nixos/system/packages/sops/secrets/secrets.yaml

@@ -2,6 +2,7 @@ kogami:
     password-hash: ENC[AES256_GCM,data:HXuzumA7zAzBUcOBszeslYVDLA7r3W7gINn2FvMCTEHkc+y3zWftK4CVnk+TuRcgP9/htUphs2BmusogFAdmRQ3HmQU8WGQN0A==,iv:n2063dWbEmFKEvXbY2uk+C6lwF7WzA8jalKOFHPVICc=,tag:wb5bq4Dk3a9UnzYFBInHEA==,type:str]
 ginoza:
     password-hash: ENC[AES256_GCM,data:xqE0y3Z7+kasYFQLn4Wuo+/c9L8BEakf2HKgN5BsttC2iDuzYSvXrP8K6pe5Skdi5Aq0MVz9LixJFM3PBgLORL1C6k0iDSardw==,iv:bKL40h0rGNmnnkA7EieKAD5KyENXOiTNsTVH1V0B7HU=,tag:c1MsRuiOK/j2b0iKOyO8FQ==,type:str]
+yubikey_id: ENC[AES256_GCM,data:ZyamX5gxoW4=,iv:4tW7muk6AaJf9VmXmFd6Ut63U27fFD8QgYSBx3RgOfw=,tag:IFlSiOffMyc33Rw1gxwCPA==,type:int]
 sops:
     kms: []
     gcp_kms: []
@@ -17,8 +18,8 @@ sops:
             T0cxV21SN0hJaFg3R3hpTjIxa3lJNVEKdIrR5XDHxpCojk2A1pxc4dYtSJRrObbY
             JS/nDgu74LugEchiOhuIJ7nh3MS5XBOmmt2GTHrqxZEZFoIykjIGug==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-12-26T14:50:21Z"
+    lastmodified: "2024-12-26T19:06:52Z"
-    mac: ENC[AES256_GCM,data:db57wvxR3NK0OgI9qAzpjOg2dvcb5H7kY1GvyZmfyUoQpapwTuci36sEwFHDPSUXynzobmhiv49kAEsYm0xhvOhTW1tPReVKi4pKh4EFYl0qOeMs0/cM0pwDCyVkjTQh3qlRR+PFB2oSxDdi7rZFfz26P1iFlEHhvsYug/v16Rs=,iv:m40T1K279d5/7u2jtytwS5UMv6V7RDFpNXQxFEAOauU=,tag:+UQ61SLtcVUIixsT0JnXYA==,type:str]
+    mac: ENC[AES256_GCM,data:1n5O72DFe6dgvEfE6ZOAP1JR4TFZQAWeDYU/NLtisjoVliREcVmaZEM3vxDnrLueLFdNZ0jxu9fEjG0cnwUDkJNIeFyj8mhzY3bIC5LiSVriKPLGiJW3fMBsK6btJTa8OJ7xJsFIKgXpVHAgOit9ZBT24VnLZ9zFgWk84whR1eE=,iv:RaKCWl5zfKsD0502WVRv8Vx2+jGz3J7yhRkSzb/RFPM=,tag:JT2sKaoK7SCKCk1nWrHZMQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.2

nixos/system/packages/sops/sops.nix

@@ -19,5 +19,6 @@
     };
 
     users.users.${userSettings.username}.hashedPasswordFile = "${config.sops.secrets."${userSettings.hostname}/password-hash".path}";
+    security.pam.yubico.id = ["${config.sops.secrets.yubikey_id}".value];
   };
 }

nixos/system/packages/yubikey.nix

@@ -6,7 +6,7 @@
 }: {
   options = {
     program.yubikey = {
-      enable = lib.mkEnableOption "Enable YubiKey support";
+      enable = lib.mkEnableOption "Enable YubiKey authentication";
     };
   };
 
@@ -17,30 +17,39 @@
       pam_u2f
     ];
 
+    # Only have to be connected to the notebook
+    #security.pam.services = {
+    #  login.u2fAuth = true;
+    #  sudo.u2fAuth = true;
+    #};
+
+    security.pam.yubico = {
+      enable = true;
+      debug = false;
+      mode = "challenge-response";
+      control = "sufficient";
+      #! id = [ "1234567890" ];
+      #! YubiKey ID is stored in SOPS
+      #! and is set in the module configuration
+      #! file ./sops/sops.nix
+    };
+
     services.pcscd = {
       enable = true;
     };
-    #services.udev.packages = [pkgs.yubikey-personalization];
+
-#
+    programs.gnupg.agent = {
-    #services.yubikey-agent.enable = true;
+      enable = true;
-#
+      enableSSHSupport = true;
-    #security.pam = {
+    };
-    #  sshAgentAuth.enable = true;
+
-    #  u2f = {
+    services.udev.extraRules = ''
-    #    enable = true;
+      ACTION=="remove",\
-    #    settings = {
+       ENV{ID_BUS}=="usb",\
-    #      cue = false;
+       ENV{ID_MODEL_ID}=="0407",\
-    #      authfile = "${config.home.homeDirectory}/.config/yubikeys/u2f_keys";
+       ENV{ID_VENDOR_ID}=="1050",\
-    #      # debug = true;
+       ENV{ID_VENDOR}=="Yubico",\
-    #    };
+       RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
-    #  };
+    '';
-    #  services = {
-    #    login.u2fAuth = true;
-    #    sudo = {
-    #      u2fAuth = true;
-    #      sshAgentAuth = true;
-    #    };
-    #  };
-    #};
   };
 }

nixos/system/settings/user.nix

@@ -4,6 +4,7 @@
     isNormalUser = true;
     description = "${userSettings.username}";
     extraGroups = ["wheel"];
+    #! hashedPasswordFile = "password-hash";
     #! User Hashed password is stored in SOPS
     #! and is set in the module configuration
     #! file ../packages/sops/sops.nix