adds prompt to sudo for yubikey to make it easier to spot we are waiting for a key

.bashrc

@@ -3,10 +3,8 @@ HISTFILE=~/.bash_history
 HISTSIZE=1000
 HISTFILESIZE=2000  # Adjusted to match both histfile and size criteria
 
-# Alias Definitions
+# Docker Compose Alias (Mostly for old shell scripts)
 alias docker-compose='docker compose'
-alias gg='git pull'
-alias gl='git log --stat'
 
 # Home Manager Configuration
 alias hm='cd $HOME/dotfiles/config/home-manager/ && home-manager'
@@ -37,6 +35,7 @@ alias ddpul='docker compose down && docker compose pull && docker compose up -d
 # Git aliases
 alias g='git'
 alias gg='git pull'
+alias gl='git log --stat'
 alias gp='git push'
 alias gs='git status -s'
 alias gst='git status'

bin/actions/update.sh

@@ -234,7 +234,6 @@ if [ "$#" -eq 0 ]; then
   homemanager
   cargopkgs
   pipxpkgs
-  dockercmd
   git_repos
   flatpakpkgs
   tailscalecmd
@@ -263,7 +262,6 @@ else
       cargopkgs
       pipxpkgs
       flatpakpkgs
-      dockercmd
       tailscalecmd
       ;;
     --pipx)
@@ -275,9 +273,6 @@ else
     --flatpak)
       flatpakpkgs
       ;;
-    --docker)
-      dockercmd
-      ;;
     --tailscale)
       tailscalecmd
       ;;

config/home-manager/packages/common/packages.nix

@@ -67,7 +67,6 @@
     # Shell and terminal
     starship # Cross-shell prompt
     zellij # Modern terminal multiplexer
-    nushell # Modern shell
     screen # Terminal multiplexer
 
     # File viewers and processors

config/nixos/packages/common/default.nix

@@ -1,4 +1,6 @@
-{ ... }:
+{ pkgs, ... }:
 {
   imports = [ ./virtualization.nix ];
+
+  environment.systemPackages = with pkgs; [ yubikey-manager ];
 }

config/nixos/yubikey.nix

@@ -1,4 +1,56 @@
 { config, pkgs, ... }:
+let
+  # List of authorized YubiKey serial numbers
+  authorizedKeys = [
+    "10627969"
+    "30079068"
+  ];
+
+  sudo-wrapper = pkgs.writeScriptBin "sudo" ''
+    #!${pkgs.bash}/bin/bash
+
+    # Function to show both terminal and desktop notification
+    notify() {
+      echo "$1" >&2
+      ${pkgs.libnotify}/bin/notify-send -u critical "Sudo Authentication" "$1"
+    }
+
+    # Function to check if any of our authorized YubiKeys are present
+    check_yubikey() {
+      # Get list of connected YubiKeys
+      local keys=$(${pkgs.yubikey-manager}/bin/ykman list 2>/dev/null)
+      
+      # Check if any of our authorized keys are in the list
+      for serial in ${toString authorizedKeys}; do
+        if echo "$keys" | grep -q "$serial"; then
+          return 0  # Found an authorized key
+        fi
+      done
+      return 1  # No authorized keys found
+    }
+
+    # Check if we already have sudo permissions
+    if [ "$EUID" -eq 0 ]; then
+      exec /run/wrappers/bin/sudo "$@"
+    fi
+
+    # Check for YubiKey presence
+    if check_yubikey; then
+      # YubiKey is present, show touch prompt
+      if [ -t 1 ]; then  # Only show terminal message if interactive
+        echo -e "\033[1;34mPlease touch your YubiKey to authenticate...\033[0m" >&2
+      fi
+      ${pkgs.libnotify}/bin/notify-send -u normal \
+        -i security-high \
+        "YubiKey Authentication" \
+        "Please touch your YubiKey to authenticate..."
+    fi
+
+    # Execute sudo with all original arguments
+    # This will fall back to password auth if no YubiKey is present
+    exec /run/wrappers/bin/sudo "$@"
+  '';
+in
 {
   services.udev.packages = [ pkgs.yubikey-personalization ];
 
@@ -7,12 +59,13 @@
     enableSSHSupport = true;
   };
 
-  # Install pam_u2f command
   environment.systemPackages = with pkgs; [
     pam_u2f
     libnotify
+    sudo-wrapper
   ];
 
+  # Use normal U2F config without trying to modify PAM
   security.pam.services = {
     sudo.u2fAuth = true;
     lock.u2fAuth = true;
@@ -48,4 +101,9 @@
       session optional pam_gnome_keyring.so auto_start
     '';
   };
+
+  # Make sure the wrapper sudo is used instead of the system one
+  environment.shellAliases = {
+    sudo = "${sudo-wrapper}/bin/sudo";
+  };
 }