72 lines
1.4 KiB
Nix
Executable File
72 lines
1.4 KiB
Nix
Executable File
{
|
|
config,
|
|
namespace,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
let
|
|
hasGui =
|
|
config.${namespace}.desktop.hyprland.enable
|
|
|| config.${namespace}.desktop.gnome.enable
|
|
|| config.${namespace}.desktop.cosmic.enable;
|
|
in
|
|
{
|
|
security = {
|
|
rtkit.enable = lib.mkDefault true;
|
|
|
|
pam.u2f = {
|
|
enable = true;
|
|
settings.cue = true;
|
|
};
|
|
|
|
# configure sudo
|
|
sudo.enable = lib.mkForce false;
|
|
sudo-rs = {
|
|
enable = lib.mkForce true;
|
|
execWheelOnly = true;
|
|
extraRules = [
|
|
{
|
|
commands = [
|
|
{
|
|
command = "${lib.getExe' pkgs.systemd "systemctl"} suspend";
|
|
options = [ "NOPASSWD" ];
|
|
}
|
|
{
|
|
command = "${lib.getExe' pkgs.systemd "reboot"}";
|
|
options = [ "NOPASSWD" ];
|
|
}
|
|
{
|
|
command = "${lib.getExe' pkgs.systemd "poweroff"}";
|
|
options = [ "NOPASSWD" ];
|
|
}
|
|
];
|
|
groups = [ "wheel" ];
|
|
}
|
|
];
|
|
};
|
|
};
|
|
|
|
environment.systemPackages =
|
|
with pkgs;
|
|
[
|
|
age-plugin-yubikey
|
|
libsecret
|
|
yubikey-manager
|
|
yubikey-personalization
|
|
]
|
|
++ (if hasGui then [ yubioath-flutter ] else [ ]);
|
|
|
|
services = {
|
|
yubikey-agent.enable = true;
|
|
passSecretService.enable = false;
|
|
pcscd.enable = true;
|
|
};
|
|
|
|
programs = {
|
|
yubikey-touch-detector = {
|
|
enable = true;
|
|
};
|
|
};
|
|
}
|