59 lines
1.3 KiB
Nix
59 lines
1.3 KiB
Nix
{ config, namespace, lib, pkgs, ... }:
|
|
let
|
|
hasGui = config.${namespace}.desktop.hyprland.enable || config.${namespace}.desktop.gnome.enable || config.${namespace}.desktop.cosmic.enable;
|
|
in
|
|
{
|
|
security = {
|
|
rtkit.enable = lib.mkDefault true;
|
|
|
|
pam.u2f = {
|
|
enable = true;
|
|
settings.cue = true;
|
|
};
|
|
|
|
# configure sudo
|
|
sudo.enable = lib.mkForce false;
|
|
sudo-rs = {
|
|
enable = lib.mkForce true;
|
|
extraRules = [
|
|
{
|
|
commands = [
|
|
{
|
|
command = "${lib.getExe' pkgs.systemd "systemctl"} suspend";
|
|
options = [ "NOPASSWD" ];
|
|
}
|
|
{
|
|
command = "${lib.getExe' pkgs.systemd "reboot"}";
|
|
options = [ "NOPASSWD" ];
|
|
}
|
|
{
|
|
command = "${lib.getExe' pkgs.systemd "poweroff"}";
|
|
options = [ "NOPASSWD" ];
|
|
}
|
|
];
|
|
groups = [ "wheel" ];
|
|
}
|
|
];
|
|
};
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
age-plugin-yubikey
|
|
libsecret
|
|
yubikey-manager
|
|
yubikey-personalization
|
|
] ++ (if hasGui then [ yubioath-flutter ] else [ ]);
|
|
|
|
services = {
|
|
yubikey-agent.enable = true;
|
|
passSecretService.enable = false;
|
|
pcscd.enable = true;
|
|
};
|
|
|
|
programs = {
|
|
yubikey-touch-detector = {
|
|
enable = true;
|
|
};
|
|
};
|
|
}
|