diff --git a/flake.lock b/flake.lock index 4c678c0..0d9ee5b 100644 --- a/flake.lock +++ b/flake.lock @@ -998,11 +998,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1725826545, - "narHash": "sha256-L64N1rpLlXdc94H+F6scnrbuEu+utC03cDDVvvJGOME=", + "lastModified": 1725930920, + "narHash": "sha256-RVhD9hnlTT2nJzPHlAqrWqCkA7T6CYrP41IoVRkciZM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f4c846aee8e1e29062aa8514d5e0ab270f4ec2f9", + "rev": "44a71ff39c182edaf25a7ace5c9454e7cba2c658", "type": "github" }, "original": { @@ -1014,11 +1014,11 @@ }, "nur": { "locked": { - "lastModified": 1726022314, - "narHash": "sha256-VR7O2VQh5aQ0tEHTWPJNvjGjmdHmfqexu3VoAA/sMLM=", + "lastModified": 1726249500, + "narHash": "sha256-ykW2dN3jL/UXZMlwBd6OZzY13CkYPkCjS1knkNH7E5M=", "owner": "nix-community", "repo": "NUR", - "rev": "d1d1e8640bbcff47c11c5d8f575d6c47be956089", + "rev": "0c3404cce1f91b1582168544584c13c60fb23eb2", "type": "github" }, "original": { @@ -1260,11 +1260,11 @@ }, "unstable": { "locked": { - "lastModified": 1725634671, - "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", + "lastModified": 1726062873, + "narHash": "sha256-IiA3jfbR7K/B5+9byVi9BZGWTD4VSbWe8VLpp9B/iYk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", + "rev": "4f807e8940284ad7925ebd0a0993d2a1791acb2f", "type": "github" }, "original": { @@ -1276,11 +1276,11 @@ }, "vpsadminos": { "locked": { - "lastModified": 1725810385, - "narHash": "sha256-+6UULi05KMHmLfhlrNGhMdLZUoQeC5Dc1nLFdINyeyI=", + "lastModified": 1726208697, + "narHash": "sha256-GRcHU1zuJQozu+F3ejHeT+83/nCGIu/evtAPjAGVYfI=", "owner": "vpsfreecz", "repo": "vpsadminos", - "rev": "37c5eb47ca3f11deac83e4ada20a6c21d5487f29", + "rev": "e6e4245dc1e6365a601ddf5022976b14de789e0e", "type": "github" }, "original": { diff --git a/home/platforms/fabian@posixlycorrect/gui/default.nix b/home/platforms/fabian@posixlycorrect/gui/default.nix index d649b87..dd66640 100644 --- a/home/platforms/fabian@posixlycorrect/gui/default.nix +++ b/home/platforms/fabian@posixlycorrect/gui/default.nix @@ -10,10 +10,10 @@ ./i3.nix ./polybar.nix ./startx.nix + ./picom.nix ]; services = { - picom.enable = true; dunst.enable = true; betterlockscreen.enable = true; }; diff --git a/home/platforms/fabian@posixlycorrect/gui/picom.nix b/home/platforms/fabian@posixlycorrect/gui/picom.nix new file mode 100644 index 0000000..22a18ab --- /dev/null +++ b/home/platforms/fabian@posixlycorrect/gui/picom.nix @@ -0,0 +1,42 @@ +{ + config, + pkgs, + lib, + ... +}: { + services.picom = { + enable = true; + fade = true; + fadeSteps = [0.1 0.1]; + fadeDelta = 10; + settings = { + animations = [ + { + triggers = [ + "open" + "show" + ]; + + preset = "appear"; + duration = "1"; + } + { + triggers = [ + "close" + "hide" + ]; + + preset = "disappear"; + duration = "1"; + } + { + triggers = [ + "geometry" + ]; + preset = "geometry-change"; + duration = "1"; + } + ]; + }; + }; +} diff --git a/home/platforms/fabian@posixlycorrect/gui/startx.nix b/home/platforms/fabian@posixlycorrect/gui/startx.nix index 59a6311..d19e317 100644 --- a/home/platforms/fabian@posixlycorrect/gui/startx.nix +++ b/home/platforms/fabian@posixlycorrect/gui/startx.nix @@ -7,16 +7,10 @@ with lib; { xsession.enable = true; - #TODO: why is intel mentioned here? i dont use intel home.file.".xinitrc".source = let - content = - if config.local.nixos - then '' - exec ~/.xsession - '' - else '' - exec ${pkgs.nixgl.nixGLIntel}/bin/nixGLIntel ~/.xsession - ''; + content = '' + exec ~/.xsession + ''; in pkgs.writeShellScript "xinitrc" content; } diff --git a/home/platforms/fabian@posixlycorrect/lib/default.nix b/home/platforms/fabian@posixlycorrect/lib/default.nix index b00a0c7..73fe593 100644 --- a/home/platforms/fabian@posixlycorrect/lib/default.nix +++ b/home/platforms/fabian@posixlycorrect/lib/default.nix @@ -45,6 +45,9 @@ vlc vpsfree-client vscodium-fhs + yubikey-manager + yubico-pam + yubikey-personalization zip zola zoom-us diff --git a/home/platforms/fabian@posixlycorrect/lib/steam/default.nix b/home/platforms/fabian@posixlycorrect/lib/steam/default.nix index 52cedd3..8ba18b9 100644 --- a/home/platforms/fabian@posixlycorrect/lib/steam/default.nix +++ b/home/platforms/fabian@posixlycorrect/lib/steam/default.nix @@ -3,7 +3,8 @@ lib, config, ... -}: with lib; { +}: +with lib; { home.packages = [ (pkgs.callPackage ./package.nix {}) pkgs.protonup diff --git a/pkgs/config/default.nix b/pkgs/config/default.nix index 3ee50bf..0156348 100644 --- a/pkgs/config/default.nix +++ b/pkgs/config/default.nix @@ -1,5 +1,5 @@ lib: with lib; { - android_sdk.accept_license = true; #TODO: what the fuck is this + android_sdk.accept_license = true; #TODO: what the fuck is this allowUnfreePredicate = pkg: import ./unfree.nix lib (getName pkg); } diff --git a/sys/platforms/posixlycorrect/default.nix b/sys/platforms/posixlycorrect/default.nix index 2955aa9..3a18f9b 100644 --- a/sys/platforms/posixlycorrect/default.nix +++ b/sys/platforms/posixlycorrect/default.nix @@ -10,6 +10,7 @@ imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix + ./yubikey.nix ]; # Use the systemd-boot EFI boot loader. @@ -75,8 +76,6 @@ extraGroups = ["wheel"]; }; - nixpkgs.config.allowUnfree = true; - virtualisation.libvirtd.qemu.package = pkgs.qemu_kvm; virtualisation.libvirtd.qemu.ovmf.enable = true; virtualisation.libvirtd.qemu.ovmf.packages = [pkgs.OVMFFull.fd]; diff --git a/sys/platforms/posixlycorrect/yubikey.nix b/sys/platforms/posixlycorrect/yubikey.nix new file mode 100644 index 0000000..849a2ac --- /dev/null +++ b/sys/platforms/posixlycorrect/yubikey.nix @@ -0,0 +1,34 @@ +{ + config, + pkgs, + lib, + ... +}: { + services = { + pcscd.enable = true; + udev.packages = [pkgs.yubikey-personalization]; + }; + + environment.etc."pkcs11/modules/ykcs11".text = '' + module: ${pkgs.yubico-piv-tool}/lib/libykcs11.so + ''; + + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + security.pam = { + services = { + login.u2fAuth = true; + sudo.u2fAuth = true; + }; + + u2f = { + enable = true; + debug = true; + cue = true; + control = "sufficient"; + }; + }; +}