diesdas

system/desktop.nix

@@ -1,23 +1,16 @@
 { config, pkgs, ... }:
 
 {
-  imports =
-    [
-      ./interception-tools.nix
-    ];
-
-  # zramSwap.enable = true;
+  imports = [
+    ./interception-tools.nix
+    ./secrets.nix
+  ];
 
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
 
   networking.networkmanager.enable = true;
 
-  # networking.firewall = {
-  #   allowedTCPPorts = [ 4000 ];
-  # };
-
-
   i18n.extraLocaleSettings = {
     LC_TIME = "en_GB.UTF-8";
     LC_CTYPE = "de_DE.UTF-8";
@@ -41,11 +34,6 @@
 
   nixpkgs.config.allowUnfree = true;
 
-  programs.gnupg.agent = {
-    enable = true;
-    pinentryPackage = pkgs.pinentry-curses;
-  };
-
   environment.sessionVariables = {
     XDG_CONFIG_HOME = "$HOME/.config";
     XDG_CACHE_HOME = "$HOME/.cache";
@@ -69,8 +57,6 @@
     dbus.enable = true;
     flatpak.enable = true;
     fwupd.enable = true;
-    # mullvad-vpn.enable = true;
-    # mullvad-vpn.package = pkgs.mullvad-vpn;
     printing.enable = true;
     udisks2.enable = true;
   };

system/gnome.nix

@@ -25,6 +25,8 @@
 
   services.gnome.gnome-browser-connector.enable = true;
 
+  services.gnome.gnome-keyring.enable = lib.mkForce false;
+
   programs.kdeconnect = {
     enable = true;
     package = lib.mkForce pkgs.gnomeExtensions.gsconnect;

system/secrets.nix

@@ -0,0 +1,11 @@
+{ config, pkgs, ... }:
+
+{
+
+  programs.gnupg.agent = {
+    enable = true;
+    pinentryPackage = pkgs.pinentry-gnome3;
+    enableSSHSupport = true;
+  };
+
+}

system/yubikey.nix

@@ -1,6 +1,13 @@
 { config, pkgs, ... }:
 
 {
+
+  services.pcscd.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    yubikey-personalization
+  ];
+
   services.udev = {
     packages = [ pkgs.yubikey-personalization ];
     # extraRules = ''
@@ -12,8 +19,10 @@
     #    RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
     # '';
   };
+
   security.pam.services = {
     login.u2fAuth = true;
     sudo.u2fAuth = true;
   };
+
 }