Merge remote-tracking branch 'origin/nixos' into nixos

modules/config/yubikey.nix

@@ -9,9 +9,20 @@ let
   cfg = config.my.yubikey;
 in
 {
-  options.my.yubikey = mkEnableOption "yubikey";
+  options.my.yubikey = {
+    enable = mkEnableOption "yubikey";
+    luksSupport = {
+      enable = mkEnableOption "fido2 luks support";
+      devices = mkOption {
+        type = types.listOf types.str;
+        default = [ ];
+        description = "List of luks devices to enable fido2 support for.";
+      };
+    };
+  };
 
-  config = {
+
+  config = mkIf cfg.enable {
     services.udev.packages = [ pkgs.yubikey-personalization ];
     environment.systemPackages = with pkgs; [
       # cli
@@ -22,5 +33,12 @@ in
       yubikey-manager-qt
       yubikey-personalization-gui
     ];
+
+    boot = mkIf cfg.luksSupport.enable {
+      initrd.systemd.enable = true;
+      initrd.luks.devices = genAttrs cfg.luksSupport.devices (_: {
+        crypttabExtraOpts = [ "fido2-device=auto" ];
+      });
+    };
   };
 }

modules/profiles/desktop.nix

@@ -5,8 +5,13 @@
 }:
 with lib; {
   my = {
-    # config
-    yubikey.enable = true;
+    yubikey = {
+      enable = true;
+      luksSupport = {
+        enable = true;
+        devices = [ "enc" ];
+      };
+    };
     wallpapers.enable = true;
     theming = {
       enable = true;