Switch to systemd stage 1
This commit is contained in:
parent
c09793669b
commit
b4907407fc
SSH key fingerprint:
SHA256:bFAjFH3hR8zRBaJjzQDjc3o4jqoq5EZ87l+KXEjxIz0
4 changed files with 20 additions and 89 deletions
|
|
@ -4,7 +4,6 @@
|
|||
borgServer = import ./borg-server.nix;
|
||||
ddns = import ./ddns.nix;
|
||||
element = import ./element.nix;
|
||||
fido2 = import ./fido2.nix;
|
||||
fileShare = import ./fileShare.nix;
|
||||
gitea = import ./gitea.nix;
|
||||
headphones = import ./headphones.nix;
|
||||
|
|
|
|||
|
|
@ -1,58 +0,0 @@
|
|||
{ config
|
||||
, pkgs
|
||||
, lib
|
||||
, ...
|
||||
}:
|
||||
with lib; let
|
||||
luks = config.dadada.luks;
|
||||
fido2 = config.dadada.fido2;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
dadada.luks = {
|
||||
uuid = mkOption {
|
||||
type = with types; nullOr str;
|
||||
description = "Device UUID";
|
||||
default = null;
|
||||
};
|
||||
};
|
||||
|
||||
dadada.fido2 = {
|
||||
enablePam = mkEnableOption "Enable PAM U2F";
|
||||
credential = mkOption {
|
||||
type = with types; nullOr str;
|
||||
description = "FIDO2 credential string";
|
||||
default = null;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
boot.initrd.luks.devices = mkIf (luks.uuid != null) {
|
||||
root = {
|
||||
device = "/dev/disk/by-uuid/${luks.uuid}";
|
||||
preLVM = true;
|
||||
allowDiscards = true;
|
||||
fido2 = mkIf (fido2.credential != null) {
|
||||
credential = fido2.credential;
|
||||
passwordLess = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
boot.initrd.luks.fido2Support = mkIf (fido2.credential != null) true;
|
||||
|
||||
environment.systemPackages = mkIf (fido2.credential != null) (with pkgs; [
|
||||
linuxPackages.acpi_call
|
||||
fido2luks
|
||||
python27Packages.dbus-python
|
||||
python38Packages.solo-python
|
||||
]);
|
||||
|
||||
security.pam.u2f = mkIf fido2.enablePam {
|
||||
enable = true;
|
||||
control = "sufficient";
|
||||
cue = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -24,21 +24,6 @@ in
|
|||
};
|
||||
|
||||
config = mkIf yubikey.enable {
|
||||
boot.initrd.luks = {
|
||||
fido2Support = true;
|
||||
devices = mkIf (yubikey.luksUuid != null) {
|
||||
root = {
|
||||
device = "/dev/disk/by-uuid/${yubikey.luksUuid}";
|
||||
preLVM = true;
|
||||
allowDiscards = true;
|
||||
fido2 = mkIf (yubikey.fido2Credentials != [ ]) {
|
||||
credentials = yubikey.fido2Credentials;
|
||||
passwordLess = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
security.pam = {
|
||||
# Keys must be placed in $XDG_CONFIG_HOME/Yubico/u2f_keys
|
||||
services = {
|
||||
|
|
@ -56,8 +41,8 @@ in
|
|||
services.udev.packages = [ pkgs.yubikey-personalization ];
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
fido2luks
|
||||
linuxPackages.acpi_call
|
||||
#fido2luks
|
||||
#linuxPackages.acpi_call
|
||||
pam_u2f
|
||||
pamtester
|
||||
yubikey-manager
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue