palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fiddle with yubikey and ssh

Browse source
This commit is contained in:
Ingolf Wagner 2024-05-27 18:50:31 +02:00
parent e840ff3b3d
commit 7f8659d8af
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
2 changed files with 16 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
nixos/components/yubikey.nix
View file

@ -38,24 +38,23 @@ with lib;
## managed by home-manager now
environment.shellInit = ''
export GPG_TTY="$(tty)"
gpg-connect-agent /bye
export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
'';
programs = {
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
};
#environment.shellInit = ''
# export GPG_TTY="$(tty)"
# gpg-connect-agent /bye
# export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
#'';
#programs = {
# ssh.startAgent = false;
# gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
#};
## managed by home-manager now
security.pam.u2f.enable = true;
security.pam.u2f.authFile = toString config.sops.secrets.yubikey_u2fAuthFile.path;
sops.secrets.yubikey_u2fAuthFile = { };
#security.pam.u2f.enable = true;
#security.pam.u2f.authFile = toString config.sops.secrets.yubikey_u2fAuthFile.path;
#sops.secrets.yubikey_u2fAuthFile = { };
};
}

2
nixos/homes/palo/gpg.nix
View file

@ -26,6 +26,6 @@
# sshKeys = [];
defaultCacheTtl = 30;
defaultCacheTtlSsh = 30;
pinentryPackage = pkgs.pinentry-gtk2;
};
}