diff options
| author | Nathan Reiner <nathan@nathanreiner.xyz> | 2024-09-17 20:05:34 +0200 |
|---|---|---|
| committer | Nathan Reiner <nathan@nathanreiner.xyz> | 2024-09-17 20:05:34 +0200 |
| commit | 50dee3ac9feb715d69554eb76b493e1246c0c61e (patch) | |
| tree | 95e825fa906415c6e8a5d1253a2b70ec542469e5 | |
| parent | fe0e613928323f9dc538f1bdea8138456abffc4b (diff) | |
add usbauth module
| -rw-r--r-- | hosts/nixedo/default.nix | 7 | ||||
| -rw-r--r-- | hosts/nixedo/hardware.nix | 44 | ||||
| -rw-r--r-- | modules/usbauth/default.nix | 36 |
3 files changed, 72 insertions, 15 deletions
diff --git a/hosts/nixedo/default.nix b/hosts/nixedo/default.nix index 2b422d2..2d18739 100644 --- a/hosts/nixedo/default.nix +++ b/hosts/nixedo/default.nix @@ -3,6 +3,7 @@ imports = [ ./hardware.nix ../../modules/hyprland/monitor.nix + ../../modules/usbauth/default.nix ]; networking.hostName = "nixedo"; @@ -44,6 +45,12 @@ }; }; + usbauth = { + device = "root"; + uuid = "543f281c-4feb-4a5a-b51b-99114fa4b8a1"; + keyname = "n8-tuxedo"; + }; + networking.networkmanager.fccUnlockScripts = [ { id = "105b:e0ab"; diff --git a/hosts/nixedo/hardware.nix b/hosts/nixedo/hardware.nix index 82d6b9e..9e9df76 100644 --- a/hosts/nixedo/hardware.nix +++ b/hosts/nixedo/hardware.nix @@ -1,30 +1,44 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + modulesPath, + ... +}: +{ + imports = [ (modulesPath + "/profiles/all-hardware.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "nvme" + "usbcore" + "usb_storage" + "sd_mod" + "rtsx_pci_sdmmc" + "btrfs" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "/dev/disk/by-uuid/5701475d-62a8-4db1-afa6-68ed94c62fc5"; - fsType = "btrfs"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/5701475d-62a8-4db1-afa6-68ed94c62fc5"; + fsType = "btrfs"; + }; boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/96f26456-b3da-4e96-b922-8ca24d842d60"; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/9FFE-8996"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/9FFE-8996"; + fsType = "vfat"; + options = [ + "fmask=0022" + "dmask=0022" + ]; + }; swapDevices = [ ]; diff --git a/modules/usbauth/default.nix b/modules/usbauth/default.nix new file mode 100644 index 0000000..aca217e --- /dev/null +++ b/modules/usbauth/default.nix @@ -0,0 +1,36 @@ +{ + config, + lib, + modulesPath, + pkgs, + ... +}: +{ + + imports = [ (modulesPath + "/profiles/all-hardware.nix") ]; + + options.usbauth = lib.mkOption { + description = "USB Auth"; + type = lib.types.submodule { + options = lib.mkOption { + device = lib.types.str; + keyname = lib.types.str; + uuid = lib.types.str; + }; + }; + }; + + config = { + boot.initrd.postDeviceCommands = pkgs.lib.mkBefore '' + mkdir -m 0755 -p /key + lsblk -o NAME,UUID + while ! findfs UUID=${config.usbauth.uuid} 2> /dev/null; do sleep 0.1; done + cryptsetup open $(findfs UUID=${config.usbauth.uuid}) _key + mount -o ro "/dev/mapper/_key" /key + ''; + + boot.initrd.luks.devices."${config.usbauth.device + }".keyFile = "/key/.keys/${config.usbauth.keyname}"; + boot.initrd.luks.devices."${config.usbauth.device}".preLVM = false; + }; +} |