From c319570c309714c0530c17633dce7ff6783593c8 Mon Sep 17 00:00:00 2001
From: derfenix <derfenix@gmail.com>
Date: Sun, 9 Nov 2025 12:28:22 +0300
Subject: [PATCH] Add yubilock quirk and enable kubo service

---
 hosts/fenixpc/default.nix |  3 +++
 quirks/yubilock.nix       | 11 +++++++++++
 roles/default.nix         |  5 +++++
 3 files changed, 19 insertions(+)
 create mode 100644 quirks/yubilock.nix

diff --git a/hosts/fenixpc/default.nix b/hosts/fenixpc/default.nix
index db17800..23cdd67 100644
--- a/hosts/fenixpc/default.nix
+++ b/hosts/fenixpc/default.nix
@@ -15,6 +15,7 @@ in
     quirks [
       "development"
       "steam"
+      "yubilock"
     ]
   );
 
@@ -47,6 +48,7 @@ in
     };
     lact.enable = true;
   };
+
   systemd.services.calibre-web.serviceConfig.environment = lib.mkForce "";
   systemd.services.calibre-web.environment.CACHE_DIR = "/var/cache/calibre-web";
 
@@ -74,6 +76,7 @@ in
         "audio"
         "users"
         "gamemode"
+        config.services.kubo.group
       ];
     });
     groups = {
diff --git a/quirks/yubilock.nix b/quirks/yubilock.nix
new file mode 100644
index 0000000..a16ef8a
--- /dev/null
+++ b/quirks/yubilock.nix
@@ -0,0 +1,11 @@
+{ pkgs, ... }:
+{
+  services.udev.extraRules = ''
+    ACTION=="remove",\
+    ENV{ID_BUS}=="usb",\
+    ENV{ID_MODEL_ID}=="0407",\
+    ENV{ID_VENDOR_ID}=="1050",\
+    ENV{ID_VENDOR}=="Yubico",\
+    RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
+  '';
+}
diff --git a/roles/default.nix b/roles/default.nix
index faf91aa..19829fd 100644
--- a/roles/default.nix
+++ b/roles/default.nix
@@ -39,6 +39,11 @@
   };
 
   services = {
+    kubo = {
+      enable = lib.mkDefault true;
+      enableGC = lib.mkDefault true;
+    };
+
     openssh = {
       enable = lib.mkDefault true;
       settings = {