swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 00:57:22 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: add yubikey ids

Browse source
This commit is contained in:
Leon Schwarzäugl 2025-03-22 23:40:18 +01:00
parent d7a7571b00
commit 01efa60483
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
5 changed files with 40 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

21
SwarselSystems.org
View file

@ -3136,6 +3136,7 @@ This program builds a configuration locally.
rm profiles/home/common/gammastep.nix
rm profiles/home/common/git.nix
rm profiles/home/common/mail.nix
rm profiles/home/common/yubikey.nix
rm profiles/nixos/common/home-manager-extra.nix
nix flake update vbc-nix
git add .
@ -3270,6 +3271,7 @@ This program sets up a new NixOS host locally.
rm profiles/home/common/gammastep.nix
rm profiles/home/common/git.nix
rm profiles/home/common/mail.nix
rm profiles/home/common/yubikey.nix
rm profiles/nixos/common/home-manager-extra.nix
nix flake update vbc-nix
git add .
@ -8920,6 +8922,25 @@ I use sops-nix to handle secrets that I want to have available on my machines at
}
#+end_src
**** Yubikey
#+begin_src nix :tangle profiles/home/common/yubikey.nix
{ lib, nix-secrets, ... }:
let
secretsDirectory = builtins.toString nix-secrets;
yubikey1 = lib.swarselsystems.getSecret "${secretsDirectory}/yubikey/yubikey1";
yubikey2 = lib.swarselsystems.getSecret "${secretsDirectory}/yubikey/yubikey2";
in
{
pam.yubico.authorizedYubiKeys = {
ids = [
"${yubikey1}"
"${yubikey2}"
];
};
}
#+end_src
**** SSH Machines
:PROPERTIES:
:CUSTOM_ID: h:edd6720e-1f90-40bf-b6f9-30a19d4cae08

6
flake.lock generated
View file

@ -823,10 +823,10 @@
"nix-secrets": {
"flake": false,
"locked": {
"lastModified": 1742594924,
"narHash": "sha256-3oLkbjXbOv6Xq3+LJsasyJq4jBS0VkwKsbVdTB8MGJM=",
"lastModified": 1742682980,
"narHash": "sha256-oHqbNiTdpGrOtZtu1UAMjOteEPEDJTolTh/cNqgj2HM=",
"ref": "main",
"rev": "4ecfe7a80064e0595f386a203ba179c1a3c8bca3",
"rev": "b9e7aa2f01b68aa186271a1c0db722049fa14c17",
"shallow": true,
"type": "git",
"url": "ssh://git@github.com/Swarsel/nix-secrets.git"

14
profiles/home/common/yubikey.nix Normal file
View file

@ -0,0 +1,14 @@
{ lib, nix-secrets, ... }:
let
secretsDirectory = builtins.toString nix-secrets;
yubikey1 = lib.swarselsystems.getSecret "${secretsDirectory}/yubikey/yubikey1";
yubikey2 = lib.swarselsystems.getSecret "${secretsDirectory}/yubikey/yubikey2";
in
{
pam.yubico.authorizedYubiKeys = {
ids = [
"${yubikey1}"
"${yubikey2}"
];
};
}

1
scripts/swarsel-install.sh
View file

@ -99,6 +99,7 @@ if [[ $local_keys != *"${pub_arr[1]}"* ]]; then
rm profiles/home/common/gammastep.nix
rm profiles/home/common/git.nix
rm profiles/home/common/mail.nix
rm profiles/home/common/yubikey.nix
rm profiles/nixos/common/home-manager-extra.nix
nix flake update vbc-nix
git add .

1
scripts/swarsel-rebuild.sh
View file

@ -81,6 +81,7 @@ if [[ $local_keys != *"${pub_arr[1]}"* ]]; then
rm profiles/home/common/gammastep.nix
rm profiles/home/common/git.nix
rm profiles/home/common/mail.nix
rm profiles/home/common/yubikey.nix
rm profiles/nixos/common/home-manager-extra.nix
nix flake update vbc-nix
git add .