Added USB-Token

Updated LoyAdjo README
Preparing Rubtrm for Remote Udpates
2025-12-05 10:28:53 +00:00 · 2025-10-26 18:32:07 +01:00 · 2025-10-26 17:25:52 +01:00 · 2025-10-26 17:01:25 +01:00 · 2025-10-26 14:02:12 +01:00
6 changed files with 32 additions and 21 deletions
--- a/systems/README.md
+++ b/systems/README.md
@ -12,11 +12,11 @@
        </tr>
        <tr>
          <td>Cpu</td>
-          <td><a href="https://www.amd.com/en/products/processors/desktops/ryzen/5000-series/amd-ryzen-5-5600x.html">AMD Ryzen 5 5600X</a>, 6 Cores, max 4.60 GHz</td>
+          <td><a href="https://www.amd.com/en/products/processors/desktops/ryzen/5000-series/amd-ryzen-9-5950x.html">AMD Ryzen 9 5950X</a>, 16 Cores, max 4.9 GHz</td>
        </tr>
        <tr>
          <td>Gpu</td>
-          <td><a href="https://www.nvidia.com/en-us/geforce/10-series/">GeForce GTX 1070</a></td>
+          <td><a href="https://www.amd.com/en/support/downloads/drivers.html/graphics/radeon-rx/radeon-rx-7000-series/amd-radeon-rx-7900-xt.html#amd_support_product_spec">AMD Radeon RX 7900XT</a></td>
        </tr>
        <tr>
          <td>Ram</td>
--- a/systems/i686-linux/Rubtrm/default.nix
+++ b/systems/i686-linux/Rubtrm/default.nix
@ -46,12 +46,12 @@
  services.xserver.enable = true;
  services.xserver.videoDrivers = [ "modesetting" "fbdev" "vesa" "intel_drv" "intel-media-sdk" ];
  # Enable Desktop Environment.
-  services.displayManager.sddm.enable = true;
+  #services.displayManager.sddm.enable = true;
  # services.displayManager.sddm.wayland.enable = true;
  # services.xserver.displayManager.lightdm.enable = true;
  # services.desktopManager.plasma6.enable = true;
  # services.xserver.desktopManager.plasma5.enable = true;
-  services.xserver.desktopManager.xfce.enable = true;
+  #services.xserver.desktopManager.xfce.enable = true;
  # services.xserver.desktopManager.lxqt.enable = true;

  # Configure keymap in X11
@ -82,6 +82,9 @@
      tree
      kb-one.numen
    ];
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJF2PJ98u6VahyEVIhhrDQm1fynSihqPNZA3sCiH1Rey kb@LoyAdjo"
+    ];
  };

  # List packages installed in system profile. To search, run:
@ -94,20 +97,16 @@
    fastfetch
  ];

-  # Some programs need SUID wrappers, can be configured further or are
-  # started in user sessions.
-  # programs.mtr.enable = true;
-  # programs.gnupg.agent = {
-  #   enable = true;
-  #   enableSSHSupport = true;
-  # };
+  # SSH and Mosh
+  services.openssh = {
+    enable = true;
+    settings.PasswordAuthentication = false;
+    settings.KbdInteractiveAuthentication = false;
+    ports = [ 2524 ];
+    openFirewall = true;
+  };
+  programs.mosh.enable = true;

-  # Enable the OpenSSH daemon.
-  # services.openssh.enable = true;
-
-  # Open ports in the firewall.
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  # networking.firewall.allowedUDPPorts = [ ... ];

  # Needed for dotool to act on numen voice commands
  services.udev.extraRules = ''
--- a/systems/i686-linux/Rubtrm/hardware.nix
+++ b/systems/i686-linux/Rubtrm/hardware.nix
@ -37,8 +37,8 @@

  nixpkgs.hostPlatform = lib.mkDefault "i686-linux";
  # networking.enableIntel3945ABGFirmware = true;
-  hardware.graphics.extraPackages = [ pkgs.intel-vaapi-driver pkgs.kb-one.intel-media-sdk ];
-  hardware.graphics.extraPackages32 = [ pkgs.intel-vaapi-driver pkgs.kb-one.intel-media-sdk ];
+  hardware.graphics.extraPackages = [ pkgs.intel-vaapi-driver ];
+  hardware.graphics.extraPackages32 = [ pkgs.intel-vaapi-driver ];
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
  hardware.enableAllFirmware = true;
 }
--- a/systems/x86_64-linux/LoyAdjo/default.nix
+++ b/systems/x86_64-linux/LoyAdjo/default.nix
@ -70,10 +70,16 @@
    ];
    dotoolXkbLayout = "de";
  };
+
+  # Security
+  security.rtkit.enable = true; # For Sound
+  security.pam.services = {
+    login.u2fAuth = true;
+    sudo.u2fAuth = true;
+  };
  
  # Output
  services.pulseaudio.enable = false;
-  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
--- a/systems/x86_64-linux/LoyAdjo/hardware.nix
+++ b/systems/x86_64-linux/LoyAdjo/hardware.nix
@ -32,6 +32,7 @@
    };

  boot.initrd.luks.devices."luks-11c71284-504f-4b84-a944-265ad793b139".device = "/dev/disk/by-uuid/11c71284-504f-4b84-a944-265ad793b139";
+  boot.initrd.luks.devices."luks-11c71284-504f-4b84-a944-265ad793b139".crypttabExtraOpts = ["fido2-device=auto"];

  fileSystems."/boot" =
    { device = "/dev/disk/by-uuid/3C1C-72D5";
--- a/systems/x86_64-linux/Ohybke/default.nix
+++ b/systems/x86_64-linux/Ohybke/default.nix
@ -73,13 +73,18 @@
  services.displayManager.sddm.enable = true;
  services.desktopManager.plasma6.enable = true;

+  # Security
+  security.rtkit.enable = true; # For Sound
+  security.pam.services = {
+    login.u2fAuth = true;
+    sudo.u2fAuth = true;
+  };

  # Printing
  services.printing.enable = true;

  # Sound
  services.pulseaudio.enable = false;
-  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
Author	SHA1	Message	Date
kB01	bab444711d	Added USB-Token Some checks failed / Check Nix Flake (push) Has been cancelled Details	2025-10-26 18:32:07 +01:00
kB01	90b4377736	Updated LoyAdjo README	2025-10-26 17:25:52 +01:00
kB01	0111d8d700	Preparing Rubtrm for Remote Udpates	2025-10-26 17:01:25 +01:00
kB01	6ca7bec6ad	Enabled u2f Sudo and Login	2025-10-26 14:02:12 +01:00