From d9d7c179d8aeaffb10d7943f186252e0eb56caaa Mon Sep 17 00:00:00 2001
From: xnm <artem.shv@proton.me>
Date: Mon, 5 Feb 2024 01:13:57 +0200
Subject: [PATCH] Changed bootloader mount point from `/boot/efi` to `/boot` &
 added `yubikey.nix` config

---
 nixos/bootloader.nix |  2 +-
 nixos/flake.nix      |  2 ++
 nixos/yubikey.nix    | 29 +++++++++++++++++++++++++++++
 3 files changed, 32 insertions(+), 1 deletion(-)
 create mode 100644 nixos/yubikey.nix

diff --git a/nixos/bootloader.nix b/nixos/bootloader.nix
index c865c09..f16adcf 100644
--- a/nixos/bootloader.nix
+++ b/nixos/bootloader.nix
@@ -4,7 +4,7 @@
   # Bootloader.
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
-  boot.loader.efi.efiSysMountPoint = "/boot/efi";
+  boot.loader.efi.efiSysMountPoint = "/boot";
   boot.loader.timeout = 2;
   boot.initrd.enable = true;
   boot.initrd.systemd.enable = true;
diff --git a/nixos/flake.nix b/nixos/flake.nix
index 5ebe1be..b9cbd4c 100644
--- a/nixos/flake.nix
+++ b/nixos/flake.nix
@@ -14,6 +14,7 @@
         ./configuration.nix
         ./hardware-configuration.nix
         # ./fingerprint-scanner.nix
+        ./yubikey.nix
         ./sound.nix
         ./usb.nix
         ./time.nix
@@ -51,6 +52,7 @@
         ./info-fetchers.nix
         ./utils.nix
         ./terminal-utils.nix
+        ./work.nix
       ];
     };
   };
diff --git a/nixos/yubikey.nix b/nixos/yubikey.nix
new file mode 100644
index 0000000..9ce79e2
--- /dev/null
+++ b/nixos/yubikey.nix
@@ -0,0 +1,29 @@
+{ pkgs, ...}:
+
+{
+  services.udev.packages = [ pkgs.yubikey-personalization ];
+
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+  };
+
+  security.pam.services = {
+    login.u2fAuth = true;
+    sudo.u2fAuth = true;
+  };
+
+  # FIXME Replace [your_yubikey_model_id] with the actual model ID of your YubiKey. You can find the model ID using the `lsusb` command, typically available as a part of the `usbutils` package
+  services.udev.extraRules = ''
+      ACTION=="remove",\
+       ENV{ID_BUS}=="usb",\
+       ENV{ID_MODEL_ID}=="your_yubikey_model_id",\
+       ENV{ID_VENDOR_ID}=="1050",\
+       ENV{ID_VENDOR}=="Yubico",\
+       RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
+  '';
+
+  environment.systemPackages = with pkgs; [
+    pam_u2f
+  ];
+}