chore: refine yubikey settings

2025-12-06 17:17:22 +01:00 · 2024-07-11 16:40:50 +02:00 · 2024-07-11 16:40:50 +02:00 · 183c04212f
commit 183c04212f
parent 26f8576d6c
18 changed files with 227 additions and 844 deletions
--- a/SwarselSystems.org
+++ b/SwarselSystems.org
@ -105,7 +105,7 @@ These blocks are used in several places throughout the configurations, but not o
 These blocks are to be used on systems that are not running NixOS. For example, one such system would be a Fedora system running home manager, where the respective NixOS features might not be available.
-*** Theme
+*** Theme (stylix)
 :PROPERTIES:
 :CUSTOM_ID: h:5bc1b0c9-dc59-4c81-b5b5-e60699deda78
 :END:
@ -270,10 +270,12 @@ I also enable the extra socket here for ssh agent forwarding. But I have not ful
    enable = true;
    enableSshSupport = true;
    enableExtraSocket = true;
-    pinentryPackage = pkgs.pinentry-gtk2;
+    pinentryPackage = pkgs.pinentry.gtk2;
    defaultCacheTtl = 600;
    maxCacheTtl = 7200;
    extraConfig = ''
    allow-emacs-pinentry
    allow-loopback-pinentry
    allow-emacs-pinentry
    '';
    };
@ -4782,14 +4784,17 @@ Mostly used to install some compilers and lsp's that I want to have available wh
    yubikey-personalization
    yubikey-personalization-gui
    yubico-pam
-    # yubioath-flutter
+    yubioath-flutter
-    # yubikey-manager
+    yubikey-manager
-    # yubikey-manager-qt
+    yubikey-manager-qt
    yubico-piv-tool
    cfssl
    pcsctools
    pcscliteWithPolkit.out
    # pinentry
    # theme related
-    gnome.adwaita-icon-theme
+    adwaita-icon-theme
    # kde-connect
    xdg-desktop-portal
@ -6360,7 +6365,6 @@ The rest of this configuration is found here:
           tooltip-format= "<big>{:%Y %B}</big>\n<tt><small>{calendar}</small></tt>";
         };
         pulseaudio= {
           format= "{icon} {volume:2}%";
           format-bluetooth= "{icon} {volume}%";
@ -9291,9 +9295,19 @@ Also, Emacs needs a little extra love to accept my Yubikey for git commits etc.
                                         ("~/.dotfiles/" . 0)))
    :custom
    (magit-display-buffer-function #'magit-display-buffer-same-window-except-diff-v1)) ; stay in the same window
 #+end_src
 * Yubikey support
 The following settings are needed to make sure emacs works for magit commits and pushes. It is not a beautiful solution since commiting uses pinentry-emacs and pushing uses pinentry-gtk2, but it works for now at least.
 #+begin_src emacs-lisp
  ;; yubikey support for pushing commits
  ;; commiting is enabled through nixos gpg-agent config
  (use-package pinentry)
  (pinentry-start)
  (setq epg-pinentry-mode 'loopback)
  (setenv "SSH_AUTH_SOCK" (string-chop-newline (shell-command-to-string "gpgconf --list-dirs agent-ssh-socket")))
 #+end_src
--- a/index.html
+++ b/index.html
--- a/profiles/TEMPLATE/home.nix
+++ b/profiles/TEMPLATE/home.nix
@ -7,10 +7,12 @@
    enable = true;
    enableSshSupport = true;
    enableExtraSocket = true;
-    pinentryPackage = pkgs.pinentry-gtk2;
+    pinentryPackage = pkgs.pinentry.gtk2;
    defaultCacheTtl = 600;
    maxCacheTtl = 7200;
    extraConfig = ''
    allow-emacs-pinentry
    allow-loopback-pinentry
    allow-emacs-pinentry
    '';
    };
--- a/profiles/TEMPLATE/nixos.nix
+++ b/profiles/TEMPLATE/nixos.nix
@ -33,6 +33,7 @@
  stylix.image = ../../wallpaper/TEMPLATEwp.png;
  stylix = {
    enable = true;
    base16Scheme = ../../wallpaper/swarsel.yaml;
    # base16Scheme = "${pkgs.base16-schemes}/share/themes/shapeshifter.yaml";
    polarity = "dark";
--- a/profiles/common/home.nix
+++ b/profiles/common/home.nix
@ -9,13 +9,13 @@
    ffmpeg_5-full
    flac
    mediainfo
-    picard
+    picard-tools
    audacity
    sox
    # printing
    cups
-    gnome.simple-scan
+    simple-scan
    # dict
    (aspellWithDicts (dicts: with dicts; [ de en en-computers en-science ]))
@ -41,11 +41,11 @@
    obsidian
    spotify
    discord
-    nextcloud-client
+    stable.nextcloud-client
    spotify-player
    element-desktop-wayland
    nicotine-plus
-    transmission
+    stable.transmission
    mktorrent
    hexchat
    hugo
@ -104,7 +104,7 @@
    unzip
    #nautilus
-    gnome.nautilus
+    nautilus
    xfce.tumbler
    libgsf
@ -130,7 +130,7 @@
    #keychain
    qalculate-gtk
    gcr # needed for gnome-secrets to work
-    gnome.seahorse
+    seahorse
    # sops-related
    sops
@ -897,7 +897,7 @@ programs.emacs = {
    extraEmacsPackages = epkgs: [
      epkgs.mu4e
      epkgs.use-package
-      epkgs.lsp-bridge
+      # epkgs.lsp-bridge
      epkgs.doom-themes
      # build the rest of the packages myself
@ -1047,7 +1047,6 @@ programs.waybar = {
        tooltip-format= "<big>{:%Y %B}</big>\n<tt><small>{calendar}</small></tt>";
      };
      pulseaudio= {
        format= "{icon} {volume:2}%";
        format-bluetooth= "{icon} {volume}%";
@ -1120,237 +1119,7 @@ programs.waybar = {
      };
    };
  };
-
+  style = (builtins.readFile ../../programs/waybar/style.css);
  style = ''
  @define-color foreground #fdf6e3;
  @define-color background #1a1a1a;
  @define-color background-alt #292b2e;
  @define-color foreground-warning #268bd2;
  @define-color background-warning @background;
  @define-color foreground-error red;
  @define-color background-error @background;
  @define-color foreground-critical gold;
  @define-color background-critical blue;
  * {
      border: none;
      border-radius: 0;
      font-family: "FiraCode Nerd Font Propo", "Font Awesome 5 Free";
      font-size: 14px;
      min-height: 0;
      margin: -1px 0px;
  }
  window#waybar {
          background: transparent;
          color: @foreground;
          transition-duration: .5s;
  }
  window#waybar.hidden {
      opacity: 0.2;
  }
  #mpris {
      padding: 0 10px;
      background-color: transparent;
      color: #1DB954;
      font-family: Monospace;
      font-size: 12px;
  }
  #custom-right-arrow-dark,
  #custom-left-arrow-dark {
          color: @background;
          background: @background-alt;
          font-size: 24px;
  }
  #window {
          font-size: 12px;
          padding: 0 20px;
  }
  #mode {
      background: @background-critical;
      color: @foreground-critical;
      padding: 0 3px;
  }
  #custom-configwarn {
      color: black;
      padding: 0 3px;
      animation-name: configblink;
      animation-duration: 0.5s;
      animation-timing-function: linear;
      animation-iteration-count: infinite;
      animation-direction: alternate;
  }
  #custom-outer-right-arrow-dark,
  #custom-outer-left-arrow-dark {
          color: @background;
          font-size: 24px;
  }
  #custom-outer-left-arrow-dark,
  #custom-left-arrow-dark,
  #custom-left-arrow-light {
          margin: 0 -1px;
  }
  #custom-right-arrow-light,
  #custom-left-arrow-light {
          color: @background-alt;
          background: @background;
          font-size: 24px;
  }
  #workspaces,
  #clock.1,
  #clock.2,
  #clock.3,
  #pulseaudio,
  #memory,
  #cpu,
  #temperature,
  #power-profiles-daemon,
  #mpris,
  #tray {
          background: @background;
  }
  #network,
  #clock.2,
  #battery,
  #cpu,
  #custom-pseudobat,
  #disk {
          background: @background-alt;
  }
  #workspaces button {
          padding: 0 2px;
          color: #fdf6e3;
  }
  #workspaces button.focused {
          color: @foreground-warning;
  }
  #workspaces button:hover {
      background: @foreground;
      color: @background;
          border: @foreground;
          padding: 0 2px;
          box-shadow: inherit;
          text-shadow: inherit;
  }
  #workspaces button.urgent {
      color: @background-critical;
      background: @foreground-critical;
  }
  #network {
      color: #cc99c9;
  }
  #temperature,
  #power-profiles-daemon {
      color: #9ec1cf;
  }
  #disk {
      /*color: #b58900;*/
      color: #9ee09e;
  }
  #disk.warning {
      color:            @foreground-error;
      background-color: @background-error;
  }
  #disk.critical,
  #temperature.critical {
      color:            @foreground-critical;
      background-color: @background-critical;
      animation-name: blink;
      animation-duration: 0.5s;
      animation-timing-function: linear;
      animation-iteration-count: infinite;
      animation-direction: alternate;
  }
  #pulseaudio.muted {
      color: @foreground-error;
  }
  #memory {
          /*color: #2aa198;*/
          color: #fdfd97;
  }
  #cpu {
      /*color: #6c71c4;*/
      color: #feb144;
  }
  #pulseaudio {
      /*color: #268bd2;*/
      color: #ff6663;
  }
  #battery,
  #custom-pseudobat {
          color: cyan;
  }
  #battery.discharging {
      color:      #859900;
  }
  @keyframes blink {
      to {
          color:            @foreground-error;
          background-color: @background-error;
      }
  }
  @keyframes configblink {
      to {
          color:            @foreground-error;
          background-color: transparent;
      }
  }
  #battery.critical:not(.charging) {
      color:            @foreground-critical;
      background-color: @background-critical;
      animation-name: blink;
      animation-duration: 0.5s;
      animation-timing-function: linear;
      animation-iteration-count: infinite;
      animation-direction: alternate;
  }
  #clock.1,
  #clock.2,
  #clock.3 {
      font-family: Monospace;
  }
  #clock,
  #pulseaudio,
  #memory,
  #cpu,
  #tray,
  #temperature,
  #power-profiles-daemon,
  #network,
  #mpris,
  #battery,
  #custom-pseudobat,
  #disk {
          padding: 0 3px;
  }
      '';
 };
 programs.firefox = {
@ -1640,22 +1409,6 @@ wayland.windowManager.sway = {
    assigns = {
      "1:一" = [{ app_id = "firefox"; }];
    };
    colors = {
      focused = {
        # background = "#080808";
        # border = "#80a0ff";
        # childBorder = "#80a0ff";
        # indicator = "#080808";
        # text = "#ffd700";
      };
      unfocused = {
        # background = "#080808";
        # border = "#80a0ff";
        # childBorder = "#303030";
        # indicator = "#80a0ff";
        # text = "#c6c6c6";
      };
    };
    floating = {
      border = 1;
      criteria = [
--- a/profiles/common/nixos.nix
+++ b/profiles/common/nixos.nix
@ -50,10 +50,9 @@ nix.optimise = {
  DefaultTimeoutStopSec=15s
 '';
-hardware.opengl = {
+hardware.graphics = {
  enable = true;
-  driSupport = true;
+  enable32Bit = true;
  driSupport32Bit = true;
 };
 sound.enable = true;
@ -94,14 +93,17 @@ environment.systemPackages = with pkgs; [
  yubikey-personalization
  yubikey-personalization-gui
  yubico-pam
-  # yubioath-flutter
+  yubioath-flutter
-  # yubikey-manager
+  yubikey-manager
-  # yubikey-manager-qt
+  yubikey-manager-qt
  yubico-piv-tool
  cfssl
  pcsctools
  pcscliteWithPolkit.out
  # pinentry
  # theme related
-  gnome.adwaita-icon-theme
+  adwaita-icon-theme
  # kde-connect
  xdg-desktop-portal
--- a/profiles/fourside/home.nix
+++ b/profiles/fourside/home.nix
@ -7,10 +7,12 @@
    enable = true;
    enableSshSupport = true;
    enableExtraSocket = true;
-    pinentryPackage = pkgs.pinentry-gtk2;
+    pinentryPackage = pkgs.pinentry.gtk2;
    defaultCacheTtl = 600;
    maxCacheTtl = 7200;
    extraConfig = ''
    allow-emacs-pinentry
    allow-loopback-pinentry
    allow-emacs-pinentry
    '';
    };
@ -93,6 +95,7 @@
        { output = "HDMI-A-1"; workspace = "2:二";}
      ];
      keybindings = let
        modifier = config.wayland.windowManager.sway.config.modifier;
      in {
--- a/profiles/fourside/nixos.nix
+++ b/profiles/fourside/nixos.nix
@ -58,6 +58,7 @@
  stylix.image = ../../wallpaper/lenovowp.png;
  stylix = {
    enable = true;
    base16Scheme = ../../wallpaper/swarsel.yaml;
    # base16Scheme = "${pkgs.base16-schemes}/share/themes/shapeshifter.yaml";
    polarity = "dark";
@ -106,10 +107,9 @@
  hardware = {
-      opengl = {
+      graphics = {
        enable = true;
-        driSupport = true;
+        enable32Bit = true;
        driSupport32Bit = true;
        extraPackages = with pkgs; [
          vulkan-loader
          vulkan-validation-layers
--- a/profiles/onett/home.nix
+++ b/profiles/onett/home.nix
@ -7,10 +7,12 @@
    enable = true;
    enableSshSupport = true;
    enableExtraSocket = true;
-    pinentryPackage = pkgs.pinentry-gtk2;
+    pinentryPackage = pkgs.pinentry.gtk2;
    defaultCacheTtl = 600;
    maxCacheTtl = 7200;
    extraConfig = ''
    allow-emacs-pinentry
    allow-loopback-pinentry
    allow-emacs-pinentry
    '';
    };
--- a/profiles/onett/nixos.nix
+++ b/profiles/onett/nixos.nix
@ -35,6 +35,7 @@
  stylix.image = ../../wallpaper/lenovowp.png;
  stylix = {
    enable = true;
    base16Scheme = ../../wallpaper/swarsel.yaml;
    # base16Scheme = "${pkgs.base16-schemes}/share/themes/shapeshifter.yaml";
    polarity = "dark";
--- a/profiles/sandbox/nixos.nix
+++ b/profiles/sandbox/nixos.nix
@ -237,7 +237,7 @@ networking.hostId = "8a8ad84a";
     #   vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
     # };
-     hardware.opengl = {
+     hardware.graphics = {
       enable = true;
       extraPackages = with pkgs; [
         intel-media-driver # LIBVA_DRIVER_NAME=iHD
--- a/profiles/server1/jellyfin/nixos.nix
+++ b/profiles/server1/jellyfin/nixos.nix
@ -58,7 +58,7 @@
   nixpkgs.config.packageOverrides = pkgs: {
     vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
   };
-   hardware.opengl = {
+   hardware.graphics = {
     enable = true;
     extraPackages = with pkgs; [
       intel-media-driver # LIBVA_DRIVER_NAME=iHD
--- a/profiles/server1/matrix/nixos.nix
+++ b/profiles/server1/matrix/nixos.nix
@ -36,7 +36,6 @@ in {
    ./hardware-configuration.nix
    # we import here a service that is not available yet on normal nixpkgs
    # this module is hence not in the modules list, we add it ourselves
    (unstable + "/nixos/modules/services/matrix/mautrix-signal.nix")
  ];
  networking.hostName = "matrix"; # Define your hostname.
--- a/profiles/surface/home.nix
+++ b/profiles/surface/home.nix
@ -10,6 +10,7 @@
   stylix.image = ../../wallpaper/surfacewp.png;
  stylix = {
    enable = true;
    base16Scheme = ../../wallpaper/swarsel.yaml;
    # base16Scheme = "${pkgs.base16-schemes}/share/themes/shapeshifter.yaml";
    polarity = "dark";
--- a/profiles/threed/home.nix
+++ b/profiles/threed/home.nix
@ -7,10 +7,12 @@
    enable = true;
    enableSshSupport = true;
    enableExtraSocket = true;
-    pinentryPackage = pkgs.pinentry-gtk2;
+    pinentryPackage = pkgs.pinentry.gtk2;
    defaultCacheTtl = 600;
    maxCacheTtl = 7200;
    extraConfig = ''
    allow-emacs-pinentry
    allow-loopback-pinentry
    allow-emacs-pinentry
    '';
    };
--- a/profiles/threed/nixos.nix
+++ b/profiles/threed/nixos.nix
@ -37,6 +37,7 @@
  stylix.image = ../../wallpaper/surfacewp.png;
  stylix = {
    enable = true;
    base16Scheme = ../../wallpaper/swarsel.yaml;
    # base16Scheme = "${pkgs.base16-schemes}/share/themes/shapeshifter.yaml";
    polarity = "dark";
--- a/programs/emacs/init.el
+++ b/programs/emacs/init.el
@ -1158,6 +1158,8 @@ create a new one."
 ;; yubikey support for pushing commits
 ;; commiting is enabled through nixos gpg-agent config
 (use-package pinentry)
 (pinentry-start)
 (setq epg-pinentry-mode 'loopback)
 (setenv "SSH_AUTH_SOCK" (string-chop-newline (shell-command-to-string "gpgconf --list-dirs agent-ssh-socket")))
--- a/programs/firefox/tridactyl/tridactylrc
+++ b/programs/firefox/tridactyl/tridactylrc
@ -22,8 +22,20 @@ bind d composite tabprev; tabclose #
 bind D tabclose
 bind c hint
 bindurl ^http(s)?://www\.google\.com c hint -Jc [class="LC20lb MBeuO DKV0Md"],[class="YmvwI"],[class="YyVfkd"],[class="fl"]
 bindurl ^http(s)?://news\.ycombinator\.com c hint -Jc [class="titleline"],[class="age"]
 bindurl ^http(s)?://lobste\.rs c hint -Jc [class="u-url"],[class="comments_label"]
 bindurl ^http(s)?://www\.google\.com gi composite focusinput -l ; text.end_of_line
 " Search in page
 set findcase smart
 bind / fillcmdline find
 bind ? fillcmdline find -?
 bind n findnext 1
 bind N findnext -1
 " some pages like github break on the tridactyl quick search. have this as a fallback
 unbind <C-f>
 " Subconfig Settings
 seturl www.google.com followpagepatterns.next Next
 seturl www.google.com followpagepatterns.prev Previous