diff --git a/.bashrc b/.bashrc index 9520e42..3f33398 100644 --- a/.bashrc +++ b/.bashrc @@ -3,10 +3,8 @@ HISTFILE=~/.bash_history HISTSIZE=1000 HISTFILESIZE=2000 # Adjusted to match both histfile and size criteria -# Alias Definitions +# Docker Compose Alias (Mostly for old shell scripts) alias docker-compose='docker compose' -alias gg='git pull' -alias gl='git log --stat' # Home Manager Configuration alias hm='cd $HOME/dotfiles/config/home-manager/ && home-manager' @@ -37,6 +35,7 @@ alias ddpul='docker compose down && docker compose pull && docker compose up -d # Git aliases alias g='git' alias gg='git pull' +alias gl='git log --stat' alias gp='git push' alias gs='git status -s' alias gst='git status' diff --git a/bin/actions/update.sh b/bin/actions/update.sh index fbb5c0c..e5cad5a 100755 --- a/bin/actions/update.sh +++ b/bin/actions/update.sh @@ -234,7 +234,6 @@ if [ "$#" -eq 0 ]; then homemanager cargopkgs pipxpkgs - dockercmd git_repos flatpakpkgs tailscalecmd @@ -263,7 +262,6 @@ else cargopkgs pipxpkgs flatpakpkgs - dockercmd tailscalecmd ;; --pipx) @@ -275,9 +273,6 @@ else --flatpak) flatpakpkgs ;; - --docker) - dockercmd - ;; --tailscale) tailscalecmd ;; diff --git a/config/home-manager/packages/common/packages.nix b/config/home-manager/packages/common/packages.nix index 40f4899..26a11ab 100644 --- a/config/home-manager/packages/common/packages.nix +++ b/config/home-manager/packages/common/packages.nix @@ -67,7 +67,6 @@ # Shell and terminal starship # Cross-shell prompt zellij # Modern terminal multiplexer - nushell # Modern shell screen # Terminal multiplexer # File viewers and processors diff --git a/config/nixos/packages/common/default.nix b/config/nixos/packages/common/default.nix index be0c2d9..90a5efc 100644 --- a/config/nixos/packages/common/default.nix +++ b/config/nixos/packages/common/default.nix @@ -1,4 +1,6 @@ -{ ... }: +{ pkgs, ... }: { imports = [ ./virtualization.nix ]; + + environment.systemPackages = with pkgs; [ yubikey-manager ]; } diff --git a/config/nixos/yubikey.nix b/config/nixos/yubikey.nix index 3847033..205c5b1 100644 --- a/config/nixos/yubikey.nix +++ b/config/nixos/yubikey.nix @@ -1,4 +1,56 @@ { config, pkgs, ... }: +let + # List of authorized YubiKey serial numbers + authorizedKeys = [ + "10627969" + "30079068" + ]; + + sudo-wrapper = pkgs.writeScriptBin "sudo" '' + #!${pkgs.bash}/bin/bash + + # Function to show both terminal and desktop notification + notify() { + echo "$1" >&2 + ${pkgs.libnotify}/bin/notify-send -u critical "Sudo Authentication" "$1" + } + + # Function to check if any of our authorized YubiKeys are present + check_yubikey() { + # Get list of connected YubiKeys + local keys=$(${pkgs.yubikey-manager}/bin/ykman list 2>/dev/null) + + # Check if any of our authorized keys are in the list + for serial in ${toString authorizedKeys}; do + if echo "$keys" | grep -q "$serial"; then + return 0 # Found an authorized key + fi + done + return 1 # No authorized keys found + } + + # Check if we already have sudo permissions + if [ "$EUID" -eq 0 ]; then + exec /run/wrappers/bin/sudo "$@" + fi + + # Check for YubiKey presence + if check_yubikey; then + # YubiKey is present, show touch prompt + if [ -t 1 ]; then # Only show terminal message if interactive + echo -e "\033[1;34mPlease touch your YubiKey to authenticate...\033[0m" >&2 + fi + ${pkgs.libnotify}/bin/notify-send -u normal \ + -i security-high \ + "YubiKey Authentication" \ + "Please touch your YubiKey to authenticate..." + fi + + # Execute sudo with all original arguments + # This will fall back to password auth if no YubiKey is present + exec /run/wrappers/bin/sudo "$@" + ''; +in { services.udev.packages = [ pkgs.yubikey-personalization ]; @@ -7,12 +59,13 @@ enableSSHSupport = true; }; - # Install pam_u2f command environment.systemPackages = with pkgs; [ pam_u2f libnotify + sudo-wrapper ]; + # Use normal U2F config without trying to modify PAM security.pam.services = { sudo.u2fAuth = true; lock.u2fAuth = true; @@ -48,4 +101,9 @@ session optional pam_gnome_keyring.so auto_start ''; }; + + # Make sure the wrapper sudo is used instead of the system one + environment.shellAliases = { + sudo = "${sudo-wrapper}/bin/sudo"; + }; }