Commit f88dbcb68172
Changed files (3)
systems
common
hardware
okinawa
systems/common/hardware/yubikey.nix
@@ -43,6 +43,7 @@
"vincent"
":4IiWZI9g6D8W6LeAW13ug4CnS8PreNRcHdcebkUDny3gWGfmpMJg4TgBWaZSIdh+sgg4jQA4MxYwTCmmP/ipWQ==,qOl+ouBRk6MMEJiE7H5LuTAirhBhN0UQrCNlLQoRsVttp6IBKG4yq4zDwm4fmYlfy1MFhvh7oOapMOmodMKJpQ==,es256,+presence" # yubikey5-a
":Sz4J2qMhoE7bE/uzwUzjJxG/bE0s+cw18zXcQjRsLIdJTVbuMad1ivKlYeLZW6vWV0lYiODlRW21HTSaFzu06A==,p7OZ3z5fiAIuJRHVzm56Y8Ti934+4cVHjsG7kaapmz8cWPfXfXfj5c8QiyIz3EQ0hOoxVV5cbkzUTxe7hdQIsA==,es256,+presence" # yubikey5-c1
+ ":ofF2mo6vyUqsgdIYEF7SLrpA9CuJkQrktzvhZMJPssK5oZX34+NwikZil7cUAe+ceiqfMCBKAdDcfISZe0FVEQ==,iJjAhEUExKa2xvAOtBd34YF0bJuYaT7oKxIKQF0WJqoeaQIHhPE8NNkDNykMNDI+hNxYYcJZqX5Q1lZ3K+Ei5Q==,es256,+presence" # yubikey5-c2 (okinawa)
]
);
};
systems/okinawa/boot.nix
@@ -13,15 +13,24 @@
# Latest kernel for best AMD support
kernelPackages = pkgs.linuxPackages_latest;
- # Kernel modules for AMD hardware
- initrd.availableKernelModules = [
- "nvme"
- "xhci_pci"
- "thunderbolt"
- "usb_storage"
- "sd_mod"
- "rtsx_pci_sdmmc"
- ];
+ # LUKS with FIDO2 unlock
+ initrd = {
+ luks.devices."cryptroot" = {
+ crypttabExtraOpts = [ "fido2-device=auto" ];
+ };
+ systemd = {
+ fido2.enable = true;
+ };
+ # Kernel modules for AMD hardware
+ availableKernelModules = [
+ "nvme"
+ "xhci_pci"
+ "thunderbolt"
+ "usb_storage"
+ "sd_mod"
+ "rtsx_pci_sdmmc"
+ ];
+ };
kernelModules = [ "kvm-amd" ];
globals.nix
@@ -492,7 +492,7 @@ _: {
};
okinawa = {
net = {
- ips = [ "192.168.1.19" ];
+ ips = [ "192.168.1.42" ];
vpn = {
pubkey = "SxH2pDYtAlK79s5K3YwplFm4hRn8lxnl4638IPRZnBk="; # From: sudo wg show wg0 public-key
ips = [ "10.100.0.14" ];
@@ -512,8 +512,17 @@ _: {
sync = { };
org = { };
documents = { };
- ai-sync = { };
+ screenshots = { };
+ wallpapers = { };
claude-sync = { };
+ ai-sync = { };
+ paperless-media = {
+ type = "receiveonly";
+ path = "/home/vincent/desktop/paperless-media";
+ };
+ paperless-inbox = {
+ path = "/home/vincent/desktop/paperless-inbox";
+ };
};
};
};