switch to Plasma / update flakes

fos-flash

@@ -42,8 +42,8 @@ echo "12345678" >${fos_tmp_dir}/admin-pin-default
 diceware -l reinhold -n 4 | xargs -0 -I{} printf '%s' "{}" > "${fos_tmp_dir}/${localpart}-user-pin"
 diceware -l reinhold -n 6 | xargs -0 -I{} printf '%s' "{}" > "${fos_tmp_dir}/${localpart}-admin-pin"
 
-sq encrypt --force --with-password-file "${fos_tmp_dir}/primary-secret" --output "${fos_working_dir}/archive/employee-keys/${localpart}@famedly.com/user-pin.asc" "${fos_tmp_dir}/${localpart}-user-pin"
-sq encrypt --force --with-password-file "${fos_tmp_dir}/primary-secret" --output "${fos_working_dir}/archive/employee-keys/${localpart}@famedly.com/admin-pin.asc" "${fos_tmp_dir}/${localpart}-admin-pin"
+sq encrypt --without-signature --with-password-file "${fos_tmp_dir}/primary-secret" --output "${fos_working_dir}/archive/employee-keys/${localpart}@famedly.com/user-pin.asc" "${fos_tmp_dir}/${localpart}-user-pin"
+sq encrypt --without-signature --with-password-file "${fos_tmp_dir}/primary-secret" --output "${fos_working_dir}/archive/employee-keys/${localpart}@famedly.com/admin-pin.asc" "${fos_tmp_dir}/${localpart}-admin-pin"
 
 while read -rp "Insert the next yubikey, remove any previous ones. 'y' to flash the connected yubikey, 'n' for terminating. (Y/N): " confirm && [[ $confirm == [yY] || $confirm == [yY][eE][sS] ]]; do
     yes_or_no "Reset the inserted Yubikey before flashing?" && ykman openpgp reset -f

fos-generate

@@ -34,7 +34,10 @@ oca -d ${fos_tmp_dir}/famedly.oca user add \
 
 mkdir "${fos_working_dir}/archive/employee-keys/${localpart}@famedly.com/"
 cp "${fos_key_file}" "${fos_working_dir}/archive/employee-keys/${localpart}@famedly.com/secret.asc"
-sq toolbox extract-cert --output "${fos_working_dir}/archive/employee-keys/${localpart}@famedly.com/public.asc" "${fos_key_file}"
+
+sq key import "$fos_key_file"
+key_fingerprint=$(sq inspect /tmp/fos/s.kim.asc | grep "Fingerprint" | xargs | cut -d " " -f2)
+sq cert export --output "${fos_working_dir}/archive/employee-keys/${localpart}@famedly.com/public.asc" --cert-email "${localpart}@famedly.com" --trust-root "$key_fingerprint"
 
 cd "${fos_working_dir}/archive"
 

iso.nix

@@ -21,7 +21,7 @@ let
   '';
   shortcut = pkgs.makeDesktopItem {
     name = "yubikey-guide";
-    icon = "${pkgs.yubikey-manager-qt}/share/icons/hicolor/128x128/apps/ykman.png";
+    icon = "${pkgs.yubioath-flutter}/share/pixmaps/com.yubico.yubioath.png";
     desktopName = "drduh's YubiKey Guide";
     genericName = "Guide to using YubiKey for GnuPG and SSH";
     comment = "Open the guide in a reader program";
@@ -32,6 +32,7 @@ let
     name = "yubikey-guide";
     paths = [ viewYubikeyGuide shortcut ];
   };
+  session = "dbus-run-session -- startplasma-wayland";
 in
 {
   isoImage = {
@@ -54,20 +55,20 @@ in
     # Automatically log in at the virtual consoles.
     getty.autologinUser = "nixos";
     # Comment out to run in a console for a smaller iso and less RAM.
-    xserver = {
+    desktopManager.plasma6.enable = true;
+    greetd = {
       enable = true;
-      desktopManager.xfce = {
-        enable = true;
-        enableScreensaver = false;
-      };
-      displayManager = {
-        lightdm.enable = true;
+      settings = {
+        initial_session = {
+          command = "${session}";
+          user = "nixos";
+        };
+        default_session = {
+          command = "${pkgs.greetd.greetd}/bin/agreety --cmd ${session}";
+          user = "greeter";
+        };
       };
     };
-    displayManager.autoLogin = {
-      enable = true;
-      user = "nixos";
-    };
   };
 
   programs = {
@@ -99,10 +100,9 @@ in
     root.initialHashedPassword = "";
   };
 
+  time.timeZone = "Europe/Berlin";
+
   security = {
-    pam.services.lightdm.text = ''
-      auth sufficient pam_succeed_if.so user ingroup wheel
-    '';
     sudo = {
       enable = true;
       wheelNeedsPassword = false;
@@ -118,9 +118,7 @@ in
 
     # Yubico's official tools
     yubikey-manager
-    yubikey-manager-qt
     yubikey-personalization
-    yubikey-personalization-gui
     yubico-piv-tool
     yubioath-flutter
 
@@ -129,19 +127,23 @@ in
     yubikeyGuide
 
     cfssl
+    flake.packages.${system}.openpgp-ca # openpgp-ca with famedly patches
     git
     htop
     jq
-    okular
-    flake.packages.${system}.openpgp-ca # openpgp-ca with famedly patches
+    kdePackages.falkon
+    kdePackages.okular
+    nano
+    neovim
     openpgp-card-tools
     pcsctools
     pwgen
     rusty-diceware
     sequoia-sq
     ssss
     tmux
-    neovim
+    wayland-utils
+    wl-clipboard
 
     # Famedly OpenPGP Scripts
     flake.packages.${system}.fos-export
@@ -153,6 +155,14 @@ in
     flake.packages.${system}.fos-working-directory
   ];
 
+  environment.plasma6.excludePackages = with pkgs.kdePackages; [
+    elisa
+    kdepim-runtime
+    krdp
+    oxygen
+    plasma-browser-integration
+  ];
+
   nixpkgs.config.allowBroken = true;
 
   # Disable networking so the system is air-gapped
@@ -203,7 +213,11 @@ in
     virtualisation = {
       memorySize = 4096;
       cores = 4;
-      graphics = true;
+      qemu.options = [
+        "-vga none"
+        "-device virtio-gpu"
+        "-usbdevice tablet"
+      ];
     };
   };