From 0ed92091fd1d46d69c7453973469b7d2d21129da Mon Sep 17 00:00:00 2001
From: jacekpoz <jacekpoz@proton.me>
Date: Sun, 9 Jun 2024 17:28:35 +0200
Subject: [PATCH] an attempt at moving the u2f thing into nix

---
 options/desktop/yubikey.nix  |  14 ++++++++++++++
 secrets/secrets.nix          |   1 +
 secrets/yubikey-u2f-keys.age | Bin 0 -> 1156 bytes
 3 files changed, 15 insertions(+)
 create mode 100644 secrets/yubikey-u2f-keys.age

diff --git a/options/desktop/yubikey.nix b/options/desktop/yubikey.nix
index 942e484..f02a127 100644
--- a/options/desktop/yubikey.nix
+++ b/options/desktop/yubikey.nix
@@ -1,3 +1,9 @@
+# {
+#     config,
+#     ...
+# }: let
+#     # inherit (config.myOptions.other.system) username;
+# in {
 _: {
     security.pam = {
         services = {
@@ -5,4 +11,12 @@ _: {
             sudo.u2fAuth = true;
         };
     };
+
+    # age.secrets.yubikey-u2f-keys.file = ../../secrets/yubikey-u2f-keys.age;
+
+    # environment.etc."Yubico/u2f_keys".source = config.age.secrets.yubikey-u2f-keys.path;
+
+    # home-manager.users.${username} = {
+    #     xdg.configFile."Yubico/u2f_keys".source = /etc/Yubico/u2f_keys;
+    # };
 }
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 4687496..e012a77 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -19,4 +19,5 @@ in {
     "forgejo-runner-token.age".publicKeys = niks ++ chmura ++ del;
     "plausible-secret-keybase.age".publicKeys = niks ++ chmura ++ del;
     "plausible-admin-password.age".publicKeys = niks ++ chmura ++ del;
+    "yubikey-u2f-keys.age".publicKeys = niks ++ chmura ++ del;
 }
diff --git a/secrets/yubikey-u2f-keys.age b/secrets/yubikey-u2f-keys.age
new file mode 100644
index 0000000000000000000000000000000000000000..9543303902a107020229d9c2c9e9de63343ed1dd
GIT binary patch
literal 1156
zcmZY6ZEO<-00v-$45T2=NeC`+77`b*+ity&?m83Tdc9r0Kd<esGTimr-d)$bu6Nh=
zt_cA%q7Y%QkP%>Gh#Mh*3t~ca6A?v}g*Z`)NHr1#6@i!q#r=^ezvurqdGfw5!=;*2
z5-aPys*safaxw=L&4%W6Mn&P9Q%Mj(%vNJ7;>1MG2wL%QQD$ucL1UBdSkxVqd~wa3
zw*puPt(gT2&T3czC=g`M;1*pn1w_hP2`0T3k>P#$j2FY8uqC1vZIXh95+0@qF&u%;
z)f_k)Kry2(AQbJ=dmus$MQswn>Gpt>Xys6^oN##YY(WwHRuh~{QaOV{g(SihFVhyj
zlqfPjQAWuGm*BWCAaIBVYlOE9ner6R=jLjPQ{|YFF(`-PX)TSHizz-Rg90vyK|SsE
z695welT20tEM)=}AV0|&e4%6x!<lj?h$%=;V?0o+fXEmb<pGC4mJ(8dR(X#V&f@S~
zjSl*fX3l6*da1_&5Vw&D6{FEk+GMi!<cXM=V!}yC$%T=KM^U|zAZqZ(oSY>VVG)T+
z@UTT!WDz0U*$7WlaNJZfmm$j3BgQ=`@BfzM)iyuO8F2(C1|%NI;cQ169#(=*zw7ZM
z8tHQqtvndaf}H9PFiK3K4W6(YO_W5F4Eb$YtqsKED5=3*ve(s1pmq$1(n31pkcwrB
zo!hM=l?qu)#$Gq-Ot`@uY1S0cj_To<&%{BQ0A;g#<Aen+K=ybfO{9A=tf5nlq*aF!
zidm=#OH-g(E(D@%CX~;#dCeeY!ee3GM<Y}WEE$@cn~j9PdP@afCS9<EWq2RWdxK%k
zgt02nnS^6@u%nPBvL4tbV20ZEEA<tdE!w}ks$!!+Ozi(~eCX?SpYDBWtl{uf!+N*}
znC<>xvwmT~yW!5vp}pr8Hr7n^e_q@=wWamP>5pp0-rahluj%xijboQa_Al|(x1X*&
z?0Rst{u~I;uIhaYT39pI)biQ+nzOzM-7;$ZW>I?PiyMpk%-6~M;b)2Gs}_phvqE}m
zwBgt1s;{oi@7UD-FgcX$-?)79fqjkzTlN9yJCh9;_Pfr^S6{pL?V3zwqB?Q^-}!QY
zJ5l$~?Wx*hUGp9cY{#1#D=Sm8KfmsO@#M!Vc7DIh)jzR^`C~*pdT46!c-=|#*7D)`
zG`#VRA5tC5YO0;vr@8U!-;1*cR;Tsr?_u}FnS0LhQ>|OYZHQcfuFhM1;|jAwyqNNr
zJik5h_T){^U$y5i|MWY#Zt&p1<gIOfs{7(n&$ab^XYJf~P4MMYEtzip1+DMqCo@_d
zi*lP5sMnWXJw7>b?UlhV4=x$%YfP<NwotUc-|^<)eRad|qh#l<XnAD#*g@dQ14r&&
sTAO+1mp{*pY?xl#G}*Q0_M*FvBTvV}I~yHet$Nvb{8;IcAyzr^A4S`@761SM

literal 0
HcmV?d00001