add yubikey , hypridle and docker service isn't active on boot except on server

2024-12-25 11:42:38 +01:00
parent 01fb3855bc
commit 61e9578c66
5 changed files with 47 additions and 2 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -4,7 +4,10 @@
 { config, lib, inputs, pkgs, flakeName, ... }:

 { 
-  imports = [./hardware-configuration.nix];
+  imports = [
+  	./hardware-configuration.nix
+	./modules/yubikey.nix
+  ];

  nix.settings.experimental-features = ["nix-command" "flakes"];
  nixpkgs.config.allowUnfree = true;
@ -35,6 +38,7 @@
   };

  virtualisation.docker.enable = true;
+  virtualisation.docker.enableOnBoot = lib.mkDefault false;

  environment.systemPackages = with pkgs; [
 	home-manager
--- a/hosts/laptop.nix
+++ b/hosts/laptop.nix
@ -21,6 +21,8 @@
 	tlp
 	looking-glass-client
 	fprintd
+	yubikey-manager
+	yubico-pam
  ];

  hardware.nvidia.prime.offload = {
@ -51,6 +53,8 @@
  };
  services.upower.enable = true;

+  services.udev.packages = [ pkgs.yubikey-personalization ];
+  


 #  boot.plymouth = {
--- a/hosts/server.nix
+++ b/hosts/server.nix
@ -23,6 +23,7 @@
 	nameservers = ["8.8.8.8" "8.8.4.4" "1.1.1.1"];
  };
  virtualisation.docker.liveRestore = false;
+  virtualisation.docker.enableOnBoot = true;

  services.fail2ban.enable = true;
  services.fail2ban.bantime = "2h";
--- a/modules/hyprland.nix
+++ b/modules/hyprland.nix
@ -2,6 +2,28 @@

 {
 #  services.hypridle.enable = true;
+  services.hypridle = {
+    enable = true;
+	settings = {
+      general.lock_cmd = "hyprlock";	
+      general.before_sleep_cmd = "loginctl lock-session";
+      listener  = [
+	  {
+        timeout = 150;
+        on-timeout = "brightnessctl -s set 0";
+        on-resume = "brightnessctl -r";
+      }
+	  {
+        timeout = 150;
+        on-timeout = "loginctl lock-session";
+      }
+	  {
+        timeout = 600;
+        on-timeout = "systemctl suspend";
+      }
+	  ];
+	};
+  };
  wayland.windowManager.hyprland.enable = true;
  wayland.windowManager.hyprland.settings = {
    "$mainMod" = "SUPER";
--- a/modules/yubikey.nix
+++ b/modules/yubikey.nix
@ -0,0 +1,14 @@
+{ config, lib, inputs, pkgs, ... }:
+
+{
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+  };
+
+  security.pam.yubico = {
+    enable = true;
+    id = "30536547";
+    mode = "challenge-response";
+  };
+}