bernardo/Nomarchy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(system): professionalize system configurations

Browse Source 
- Consolidate imperative system settings into /etc/nixos/state.json
- Implement nomarchy.system options for DNS, Wifi powersave, Timezone, and hardware features
- Add declarative browser policies for Chromium/Brave based on theme
- Update toggles scripts to mutate system JSON and run sys-update --impure
- Remove obsolete imperative browser theme and redundant system modules
This commit is contained in:
Bernardo Magri
2026-04-04 19:22:47 +01:00
parent 42f515f4a9
commit 08e2b4e248
17 changed files with 225 additions and 164 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
bin/nomarchy-setup-fido2
View File

@@ -2,38 +2,18 @@
# Configure FIDO2 support declaratively for Nomarchy NixOS.
FEATURE_FILE="/etc/nixos/nomarchy-features/fido2.nix"
STATE_FILE="/etc/nixos/state.json"
if [[ "--remove" == $1 ]]; then
if [ -f "$FEATURE_FILE" ]; then
sudo rm "$FEATURE_FILE"
echo "Removed $FEATURE_FILE."
echo "IMPORTANT: Remove './nomarchy-features/fido2.nix' from your imports and run 'sys-update'."
else
echo "FIDO2 support not found."
fi
sudo jq ".features.fido2 = false" "$STATE_FILE" > /tmp/state.json && sudo mv /tmp/state.json "$STATE_FILE"
echo "FIDO2 support disabled. Applying changes..."
sudo sys-update
exit 0
fi
if [ -f "$FEATURE_FILE" ]; then
echo "FIDO2 support is already configured in $FEATURE_FILE"
else
sudo mkdir -p "/etc/nixos/nomarchy-features"
cat <<EOF | sudo tee "$FEATURE_FILE" > /dev/null
{ config, pkgs, ... }:
{
security.pam.u2f = {
enable = true;
control = "sufficient";
cue = true;
# authFile = "/etc/fido2/fido2"; # Default is ~/.config/Yubico/u2f_keys
};
}
EOF
echo "Created $FEATURE_FILE."
echo "IMPORTANT: To finish enabling FIDO2 support, add './nomarchy-features/fido2.nix' to your imports list in /etc/nixos/system.nix or /etc/nixos/flake.nix,"
echo "then run 'sys-update'."
fi
sudo jq ".features.fido2 = true" "$STATE_FILE" > /tmp/state.json && sudo mv /tmp/state.json "$STATE_FILE"
echo "FIDO2 support enabled. Applying changes..."
sudo sys-update
# Enrollment is still an imperative action
if command -v pamu2fcfg &> /dev/null; then
@@ -42,5 +22,5 @@ if command -v pamu2fcfg &> /dev/null; then
pamu2fcfg > ~/.config/Yubico/u2f_keys
echo "FIDO2 key registered."
else
echo "pamu2fcfg not found. Please run 'nomarchy-pkg-add pam-u2f' or 'sys-update' if you just enabled it."
echo "pamu2fcfg not found. It will be available after the next reboot or sys-update."
fi