2019-10-24 02:20:38 +02:00
|
|
|
# NixOS livesystem to generate yubikeys in an air-gapped manner
|
|
|
|
|
# screenshot: https://dl.thalheim.io/wmxIqucOEo2xuLk0Ut45fQ/yubikey-live-system.png
|
2024-08-14 11:24:08 +02:00
|
|
|
# $ nix-shell -p nixos-generate --run "nixos-generate -f iso -c yubikey-image.nix"
|
|
|
|
|
{ pkgs, ... }:
|
|
|
|
|
let
|
|
|
|
|
guide = pkgs.stdenv.mkDerivation {
|
|
|
|
|
name = "yubikey-guide-2019-01-21.html";
|
|
|
|
|
src = pkgs.fetchFromGitHub {
|
|
|
|
|
owner = "drduh";
|
|
|
|
|
repo = "YubiKey-Guide";
|
|
|
|
|
rev = "035d98ebbed54a0218ccbf23905054d32f97508e";
|
|
|
|
|
sha256 = "0rzy06a5xgfjpaklxdgrxml24d0vhk78lb577l3z4x7a2p32dbyq";
|
|
|
|
|
};
|
|
|
|
|
buildInputs = [ pkgs.pandoc ];
|
2024-08-29 03:26:04 +02:00
|
|
|
installPhase = "pandoc --highlight-style pygments -s --toc README.md -o $out";
|
2024-08-14 11:24:08 +02:00
|
|
|
};
|
|
|
|
|
in
|
|
|
|
|
{
|
2019-10-24 02:20:38 +02:00
|
|
|
environment.interactiveShellInit = ''
|
|
|
|
|
export GNUPGHOME=/run/user/$(id -u)/gnupghome
|
|
|
|
|
if [ ! -d $GNUPGHOME ]; then
|
|
|
|
|
mkdir $GNUPGHOME
|
|
|
|
|
fi
|
2019-12-20 05:54:26 +01:00
|
|
|
cp ${
|
|
|
|
|
pkgs.fetchurl {
|
2024-08-14 11:24:08 +02:00
|
|
|
url = "https://raw.githubusercontent.com/drduh/config/662c16404eef04f506a6a208f1253fee2f4895d9/gpg.conf";
|
2019-12-20 05:54:26 +01:00
|
|
|
sha256 = "118fmrsn28fz629y7wwwcx7r1wfn59h3mqz1snyhf8b5yh0sb8la";
|
|
|
|
|
}
|
|
|
|
|
} "$GNUPGHOME/gpg.conf"
|
2019-10-24 02:20:38 +02:00
|
|
|
echo "\$GNUPGHOME has been set up for you. Generated keys will be in $GNUPGHOME."
|
|
|
|
|
'';
|
|
|
|
|
|
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
|
yubikey-personalization
|
2024-08-14 11:24:08 +02:00
|
|
|
yubikey-personalization-gui
|
|
|
|
|
yubikey-manager
|
|
|
|
|
yubikey-manager-qt
|
2019-10-24 02:20:38 +02:00
|
|
|
cryptsetup
|
|
|
|
|
pwgen
|
|
|
|
|
midori
|
|
|
|
|
paperkey
|
|
|
|
|
gnupg
|
|
|
|
|
ctmg
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
services.udev.packages = with pkgs; [ yubikey-personalization ];
|
|
|
|
|
services.pcscd.enable = true;
|
|
|
|
|
users.extraUsers.root.initialHashedPassword = "";
|
|
|
|
|
|
|
|
|
|
# make sure we are air-gapped
|
|
|
|
|
networking.wireless.enable = false;
|
|
|
|
|
networking.dhcpcd.enable = false;
|
|
|
|
|
|
2024-08-14 11:24:08 +02:00
|
|
|
services.getty.helpLine = "The 'root' account has an empty password.";
|
2019-10-24 02:20:38 +02:00
|
|
|
|
2024-08-14 11:24:08 +02:00
|
|
|
services.displayManager = {
|
|
|
|
|
defaultSession = "xfce";
|
|
|
|
|
autoLogin = {
|
|
|
|
|
enable = true;
|
|
|
|
|
user = "root";
|
|
|
|
|
};
|
|
|
|
|
};
|
2019-10-24 02:20:38 +02:00
|
|
|
services.xserver = {
|
|
|
|
|
enable = true;
|
2024-08-14 11:24:08 +02:00
|
|
|
desktopManager = {
|
|
|
|
|
xterm.enable = false;
|
|
|
|
|
xfce.enable = true;
|
|
|
|
|
};
|
|
|
|
|
displayManager = {
|
|
|
|
|
sessionCommands = ''
|
|
|
|
|
${pkgs.midori}/bin/midori ${guide} &
|
|
|
|
|
'';
|
|
|
|
|
};
|
2019-10-24 02:20:38 +02:00
|
|
|
};
|
|
|
|
|
}
|
