From 2a30af014eb67730ff4c92f8f43651a0ea2fa1c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20B=C3=B6hme?= Date: Tue, 14 Mar 2023 09:52:28 +0100 Subject: [PATCH] refactor(yubikey)!: add supportLuks option --- .../nixos-desktop/hardware-configuration.nix | 2 -- hosts/nixos-laptop/hardware-configuration.nix | 2 -- modules/config/yubikey.nix | 22 +++++++++++++++++-- modules/profiles/desktop.nix | 9 ++++++-- 4 files changed, 27 insertions(+), 8 deletions(-) diff --git a/hosts/nixos-desktop/hardware-configuration.nix b/hosts/nixos-desktop/hardware-configuration.nix index 888ff0a..fab68a6 100644 --- a/hosts/nixos-desktop/hardware-configuration.nix +++ b/hosts/nixos-desktop/hardware-configuration.nix @@ -11,7 +11,6 @@ boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ ]; - boot.initrd.systemd.enable = true; boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; @@ -22,7 +21,6 @@ }; boot.initrd.luks.devices."enc".device = "/dev/disk/by-uuid/30025a9f-44cf-4074-8ae2-d4925efd67dd"; - boot.initrd.luks.devices."enc".crypttabExtraOpts = [ "fido2-device=auto" ]; fileSystems."/home" = { device = "/dev/disk/by-uuid/668a49b3-d169-461f-861d-0c3e6a1642d1"; diff --git a/hosts/nixos-laptop/hardware-configuration.nix b/hosts/nixos-laptop/hardware-configuration.nix index 9d88a4c..216b8da 100644 --- a/hosts/nixos-laptop/hardware-configuration.nix +++ b/hosts/nixos-laptop/hardware-configuration.nix @@ -11,7 +11,6 @@ boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "rtsx_pci_sdmmc" ]; boot.initrd.kernelModules = [ ]; - boot.initrd.systemd.enable = true; boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; @@ -23,7 +22,6 @@ }; boot.initrd.luks.devices."enc".device = "/dev/disk/by-uuid/078b81ba-238e-471d-9951-b743588532b8"; - boot.initrd.luks.devices."enc".crypttabExtraOpts = [ "fido2-device=auto" ]; fileSystems."/log" = { device = "/dev/disk/by-uuid/4a91d3eb-1633-42d9-8304-c10e49a61154"; diff --git a/modules/config/yubikey.nix b/modules/config/yubikey.nix index 4695434..e1b993a 100644 --- a/modules/config/yubikey.nix +++ b/modules/config/yubikey.nix @@ -9,9 +9,20 @@ let cfg = config.my.yubikey; in { - options.my.yubikey = mkEnableOption "yubikey"; + options.my.yubikey = { + enable = mkEnableOption "yubikey"; + luksSupport = { + enable = mkEnableOption "fido2 luks support"; + devices = mkOption { + type = types.listOf types.str; + default = [ ]; + description = "List of luks devices to enable fido2 support for."; + }; + }; + }; - config = { + + config = mkIf cfg.enable { services.udev.packages = [ pkgs.yubikey-personalization ]; environment.systemPackages = with pkgs; [ # cli @@ -22,5 +33,12 @@ in yubikey-manager-qt yubikey-personalization-gui ]; + + boot = mkIf cfg.luksSupport.enable { + initrd.systemd.enable = true; + initrd.luks.devices = genAttrs cfg.luksSupport.devices (_: { + crypttabExtraOpts = [ "fido2-device=auto" ]; + }); + }; }; } diff --git a/modules/profiles/desktop.nix b/modules/profiles/desktop.nix index 8ac556f..cc73d24 100644 --- a/modules/profiles/desktop.nix +++ b/modules/profiles/desktop.nix @@ -5,8 +5,13 @@ }: with lib; { my = { - # config - yubikey.enable = true; + yubikey = { + enable = true; + luksSupport = { + enable = true; + devices = [ "enc" ]; + }; + }; wallpapers.enable = true; theming = { enable = true;