refactor(yubikey)!: add supportLuks option

This commit is contained in:
Moritz Böhme 2023-03-14 09:52:28 +01:00
parent ab6cbc0cdc
commit 2a30af014e
4 changed files with 27 additions and 8 deletions

View file

@ -11,7 +11,6 @@
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.initrd.systemd.enable = true;
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
@ -22,7 +21,6 @@
}; };
boot.initrd.luks.devices."enc".device = "/dev/disk/by-uuid/30025a9f-44cf-4074-8ae2-d4925efd67dd"; boot.initrd.luks.devices."enc".device = "/dev/disk/by-uuid/30025a9f-44cf-4074-8ae2-d4925efd67dd";
boot.initrd.luks.devices."enc".crypttabExtraOpts = [ "fido2-device=auto" ];
fileSystems."/home" = { fileSystems."/home" = {
device = "/dev/disk/by-uuid/668a49b3-d169-461f-861d-0c3e6a1642d1"; device = "/dev/disk/by-uuid/668a49b3-d169-461f-861d-0c3e6a1642d1";

View file

@ -11,7 +11,6 @@
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "rtsx_pci_sdmmc" ]; boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.initrd.systemd.enable = true;
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
@ -23,7 +22,6 @@
}; };
boot.initrd.luks.devices."enc".device = "/dev/disk/by-uuid/078b81ba-238e-471d-9951-b743588532b8"; boot.initrd.luks.devices."enc".device = "/dev/disk/by-uuid/078b81ba-238e-471d-9951-b743588532b8";
boot.initrd.luks.devices."enc".crypttabExtraOpts = [ "fido2-device=auto" ];
fileSystems."/log" = { fileSystems."/log" = {
device = "/dev/disk/by-uuid/4a91d3eb-1633-42d9-8304-c10e49a61154"; device = "/dev/disk/by-uuid/4a91d3eb-1633-42d9-8304-c10e49a61154";

View file

@ -9,9 +9,20 @@ let
cfg = config.my.yubikey; cfg = config.my.yubikey;
in in
{ {
options.my.yubikey = mkEnableOption "yubikey"; options.my.yubikey = {
enable = mkEnableOption "yubikey";
luksSupport = {
enable = mkEnableOption "fido2 luks support";
devices = mkOption {
type = types.listOf types.str;
default = [ ];
description = "List of luks devices to enable fido2 support for.";
};
};
};
config = {
config = mkIf cfg.enable {
services.udev.packages = [ pkgs.yubikey-personalization ]; services.udev.packages = [ pkgs.yubikey-personalization ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# cli # cli
@ -22,5 +33,12 @@ in
yubikey-manager-qt yubikey-manager-qt
yubikey-personalization-gui yubikey-personalization-gui
]; ];
boot = mkIf cfg.luksSupport.enable {
initrd.systemd.enable = true;
initrd.luks.devices = genAttrs cfg.luksSupport.devices (_: {
crypttabExtraOpts = [ "fido2-device=auto" ];
});
};
}; };
} }

View file

@ -5,8 +5,13 @@
}: }:
with lib; { with lib; {
my = { my = {
# config yubikey = {
yubikey.enable = true; enable = true;
luksSupport = {
enable = true;
devices = [ "enc" ];
};
};
wallpapers.enable = true; wallpapers.enable = true;
theming = { theming = {
enable = true; enable = true;