From ec9bd243038b0edf1ceefcda04fec075ad0b2445 Mon Sep 17 00:00:00 2001
From: Erwin Boskma <erwin@datarift.nl>
Date: Mon, 11 Sep 2023 20:13:44 +0200
Subject: [PATCH] loki: Several changes:

- Use linuxPackages_latest
- Remove TPM2 configuration due to breaking stuff
- Remap some buttons on ELECOM trackball
- Enable U2F for PAM
- Configure some disk stuff for encrypted USB drive
---
 machines/loki/configuration.nix | 35 +++++++++++++++++++++++----------
 users/erwin/home.nix            | 17 ++++++++++++++++
 2 files changed, 42 insertions(+), 10 deletions(-)

diff --git a/machines/loki/configuration.nix b/machines/loki/configuration.nix
index 52de1b1..5a32908 100644
--- a/machines/loki/configuration.nix
+++ b/machines/loki/configuration.nix
@@ -95,7 +95,7 @@
     initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
     initrd.kernelModules = [ ];
 
-    kernelPackages = pkgs.linuxPackages_6_4;
+    kernelPackages = pkgs.linuxPackages_latest;
     kernelModules = [ "kvm-amd" "apple-mfi-fastcharge" "zenpower" "nf_nat_ftp" ];
     kernelParams = [ "amd_pstate.shared_mem=1" ];
     extraModulePackages = [ ] ++
@@ -110,16 +110,19 @@
     };
   };
 
-  security = {
-    tpm2 = {
-      enable = true; # Broken, see https://github.com/NixOS/nixpkgs/issues/244107
-      pkcs11.enable = true;
-      abrmd.enable = true;
-      tctiEnvironment.enable = true;
-    };
-  };
+  services.udev = {
+    extraHwdb = ''
+      evdev:name:ELECOM TrackBall Mouse HUGE TrackBall:*
+        ID_INPUT_KEY=1
+        KEYBOARD_KEY_90008=red
+        KEYBOARD_KEY_90007=copy
+        KEYBOARD_KEY_90006=paste
+    '';
 
-  users.users.erwin.extraGroups = [ "tss" ];
+    extraRules = ''
+      ACTION=="add", ATTRS{idVendor}=="0951", ATTRS{idProduct}=="1666", NAME=keys
+    '';
+  };
 
   time.timeZone = "Europe/Amsterdam";
 
@@ -193,6 +196,12 @@
     };
   };
 
+  security.pam.u2f = {
+    enable = true;
+    # interactive = true;
+    cue = true;
+  };
+
   systemd.network = {
     enable = true;
 
@@ -302,6 +311,12 @@
   services.openssh.enable = true;
   # programs.ssh.startAgent = true;
 
+  programs.gnome-disks.enable = true;
+
+  services.udisks2 = {
+    enable = true;
+  };
+
   services.envfs.enable = true;
   services.cpupower-gui.enable = true;
   services.tailscale.enable = true;
diff --git a/users/erwin/home.nix b/users/erwin/home.nix
index 3900c84..5a635a6 100644
--- a/users/erwin/home.nix
+++ b/users/erwin/home.nix
@@ -251,6 +251,23 @@ in
           };
         };
 
+        services.udiskie = {
+          enable = true;
+          tray = "auto";
+          notify = true;
+          settings = {
+            program_options = {
+              menu = "nested";
+            };
+            device_config = [
+              {
+                device_file = "/dev/loop*";
+                ignore = true;
+              }
+            ];
+          };
+        };
+
         imports = [
           ../../modules/options
         ] ++ (map (mod: (../../home-manager/modules + "/${mod}")) (builtins.attrNames (builtins.readDir ../../home-manager/modules)));