56 lines
1.1 KiB
Nix
56 lines
1.1 KiB
Nix
{ lib, pkgs, ... }:
|
|
{
|
|
security = {
|
|
rtkit.enable = lib.mkDefault true;
|
|
|
|
pam.u2f = {
|
|
enable = true;
|
|
settings.cue = true;
|
|
};
|
|
|
|
# configure sudo
|
|
sudo.enable = lib.mkDefault false;
|
|
sudo-rs = {
|
|
enable = lib.mkDefault true;
|
|
extraRules = [
|
|
{
|
|
commands = [
|
|
{
|
|
command = "${lib.getExe' pkgs.systemd "systemctl"} suspend";
|
|
options = [ "NOPASSWD" ];
|
|
}
|
|
{
|
|
command = "${lib.getExe' pkgs.systemd "reboot"}";
|
|
options = [ "NOPASSWD" ];
|
|
}
|
|
{
|
|
command = "${lib.getExe' pkgs.systemd "poweroff"}";
|
|
options = [ "NOPASSWD" ];
|
|
}
|
|
];
|
|
groups = [ "wheel" ];
|
|
}
|
|
];
|
|
};
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
age-plugin-yubikey
|
|
yubikey-manager
|
|
yubikey-personalization
|
|
yubioath-flutter
|
|
];
|
|
|
|
services = {
|
|
yubikey-agent.enable = true;
|
|
passSecretService.enable = true;
|
|
pcscd.enable = true;
|
|
};
|
|
|
|
programs = {
|
|
yubikey-touch-detector = {
|
|
enable = true;
|
|
};
|
|
};
|
|
}
|