Security key support

2026-04-30 12:59:55 -07:00 · 2026-04-30 12:59:55 -07:00 · 63f906cecd
commit 63f906cecd
parent 62c054bae4
10 changed files with 121 additions and 19 deletions
--- a/.claw.json
+++ b/.claw.json
@ -0,0 +1,5 @@
 {
  "permissions": {
    "defaultMode": "dontAsk"
  }
 }
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,4 @@
 # Claw Code local artifacts
 .claw/settings.local.json
 .claw/sessions/
 .clawhip/
--- a/CLAUDE.md
+++ b/CLAUDE.md
@ -0,0 +1,12 @@
 # CLAUDE.md
 This file provides shared guidance to both Claude Code and Claw Code when working with this repository.
 ## Detected stack
 - No specific language markers were detected yet; document the primary language and verification commands once the project structure settles.
 - Frameworks: none detected from the supported starter markers.
 ## Working agreement
 - Prefer small, reviewable changes and keep generated bootstrap files aligned with actual repo workflows.
 - Keep shared defaults in `.claw.json`; reserve `.claw/settings.local.json` for machine-local overrides.
 - Do not overwrite existing `CLAUDE.md` content automatically; update it intentionally when repo workflows change.
--- a/hosts/desktop/configuration.nix
+++ b/hosts/desktop/configuration.nix
@ -42,6 +42,8 @@
    programs.zsh.enable = true;
    programs.nix-ld.enable = true;
    programs.thunar.enable = true;
    programs.dconf.enable = true;
@ -82,11 +84,12 @@
    services.openssh = {
        enable = true;
        listenAddresses = [{ addr = "192.168.1.67"; port = 2200; }];
    };
    services.gvfs.enable = true;
    services.input-remapper.enable = true;
    system.stateVersion = "25.11";
 }
--- a/hosts/desktop/home.nix
+++ b/hosts/desktop/home.nix
@ -117,6 +117,23 @@
  home.sessionVariables = {
    EDITOR = "nvim";
    # claw-code: route to local Ollama instead of Anthropic/OpenAI
    OPENAI_BASE_URL = "http://127.0.0.1:11434/v1";
    OPENAI_API_KEY = "ollama";
  };
  systemd.user.services.ydotoold = {
    Unit = {
      Description = "ydotool daemon";
      After = [ "default.target" ];
    };
    Service = {
      ExecStart = "${pkgs.ydotool}/bin/ydotoold";
      Restart = "always";
    };
    Install = {
      WantedBy = [ "default.target" ];
    };
  };
 }
--- a/modules/home-manager/homepackages.nix
+++ b/modules/home-manager/homepackages.nix
@ -1,4 +1,29 @@
-{ inputs, pkgs, ... }:
+{ inputs, pkgs, lib, ... }:
 let
    claw-code = pkgs.rustPlatform.buildRustPackage {
        pname = "claw-code";
        version = "unstable-2026";
        src = pkgs.fetchFromGitHub {
            owner = "ultraworkers";
            repo = "claw-code";
            rev = "main";
            hash = "sha256-y63Kx7B1q2gWUO/4/k8hUgHzuKTi+HF+cGbr1em0grs=";
        };
        sourceRoot = "source/rust";
        cargoHash = "sha256-bZKghBTbKrhm2Jiyg2su1c9Jlx2HVrMQjOTK6cgEc00=";
        doCheck = false;
        meta = {
            description = "Open-source Rust implementation of the claw CLI agent harness";
            homepage = "https://github.com/ultraworkers/claw-code";
        };
    };
 in
 {
    home.packages = with pkgs; [
        ### Desktop Stuff
@ -23,6 +48,9 @@
        ### Note Taking
        obsidian
        ### Input Remapping
        ydotool
        ### Random Libraries and Dependencies
        gtk3
        glib
@ -37,8 +65,19 @@
        jdk
        gnumake
        inputs.claude-code.packages.${pkgs.system}.claude-code
        claw-code
        opencode
        postman
        ### My Stuff
        inputs.hyprmwh.packages.${pkgs.system}.default
        ### Browsers
        epiphany
        chromium
        ### Editors
        zed-editor
        jetbrains.idea
    ];
 }
--- a/modules/home-manager/hyprland-desktop.nix
+++ b/modules/home-manager/hyprland-desktop.nix
@ -40,6 +40,8 @@
                    "gtkbar"
                    "dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP"
                    "solaar -w hide"
                    "ydotoold"
                    "${pkgs.kdePackages.polkit-kde-agent-1}/libexec/polkit-kde-authentication-agent-1"
                ];
                # --- Variables ---
@ -212,6 +214,9 @@
                    # Custom scripts
                    "${mainMod}, b, exec, bash -c 'pgrep gtkbar &>/dev/null && killall gtkbar || gtkbar &'"
                    "${mainMod}, minus, exec, ~/.config/hypr/togglemonitor.sh ${monitor3}"
                    # Mouse: back thumb button -> middle click (mchose mouse)
                    ", mouse:275, exec, ydotool click 0xC2"
                ];
                bindle = [
--- a/modules/nixos/ollama.nix
+++ b/modules/nixos/ollama.nix
@ -15,8 +15,13 @@
    nixpkgs.config.allowUnfree = true;
    nixpkgs.config.permittedInsecurePackages = [
        "openclaw-2026.3.12"
    ];
    environment.systemPackages = with pkgs; [
        ollama
        rocmPackages.rocminfo
        openclaw
    ];
 }
--- a/modules/nixos/system-packages.nix
+++ b/modules/nixos/system-packages.nix
@ -5,7 +5,6 @@
    programs.firefox.enable = true;
    programs.hyprland.enable = true;
    # List packages installed in system profile.
    environment.systemPackages = with pkgs; [
        #    neovim
@ -20,5 +19,13 @@
        unzip
        python3
        nodejs
        input-remapper
        kdePackages.polkit-kde-agent-1
        yubikey-manager
        yubioath-flutter
    ];
    services.udev.packages = [ pkgs.yubikey-personalization ];
    services.pcscd.enable = true;
    programs.ssh.startAgent = true;
 }
--- a/modules/nixos/user-jack.nix
+++ b/modules/nixos/user-jack.nix
@ -11,6 +11,7 @@
            "docker"
            "video"
            "render"
            "input"
        ]; # Enable ‘sudo’ for the user.
        group = "jack";
        packages = with pkgs; [
@ -21,4 +22,8 @@
    };
    users.groups.jack = {};
    services.udev.extraRules = ''
        KERNEL=="uinput", GROUP="input", MODE="0660", OPTIONS+="static_node=uinput"
    '';
 }