Merge branch 'feature/clan.lol'
This commit is contained in:
commit
e840ff3b3d
3 changed files with 416 additions and 168 deletions
222
flake.lock
222
flake.lock
|
@ -133,7 +133,57 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"clan-core": {
|
||||
"inputs": {
|
||||
"disko": "disko",
|
||||
"flake-parts": [
|
||||
"flake-parts"
|
||||
],
|
||||
"git-hooks": "git-hooks",
|
||||
"nixos-generators": "nixos-generators",
|
||||
"nixos-images": "nixos-images",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"sops-nix": "sops-nix",
|
||||
"treefmt-nix": "treefmt-nix"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1716757238,
|
||||
"narHash": "sha256-8voKL5nTtf7TX8pZvE9VMzSAzsQ+xFrDrEqvYpw2/yY=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "6e9f1515d3f3a5ffb5a89a2a28d6014ea0022948",
|
||||
"revCount": 2850,
|
||||
"type": "git",
|
||||
"url": "https://git.clan.lol/clan/clan-core"
|
||||
},
|
||||
"original": {
|
||||
"type": "git",
|
||||
"url": "https://git.clan.lol/clan/clan-core"
|
||||
}
|
||||
},
|
||||
"disko": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"clan-core",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1716394172,
|
||||
"narHash": "sha256-B+pNhV8GFeCj9/MoH+qtGqKbgv6fU4hGaw2+NoYYtB0=",
|
||||
"owner": "nix-community",
|
||||
"repo": "disko",
|
||||
"rev": "23c63fb09334c3e8958b57e2ddc3870b75b9111d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "disko",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"disko_2": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
|
@ -153,7 +203,7 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"disko_2": {
|
||||
"disko_3": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixos-anywhere",
|
||||
|
@ -251,6 +301,26 @@
|
|||
}
|
||||
},
|
||||
"flake-parts": {
|
||||
"inputs": {
|
||||
"nixpkgs-lib": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1715865404,
|
||||
"narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-parts_2": {
|
||||
"inputs": {
|
||||
"nixpkgs-lib": [
|
||||
"nixos-anywhere",
|
||||
|
@ -413,6 +483,22 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"git-hooks": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1716413087,
|
||||
"narHash": "sha256-nSTIB7JeJGBGsvtqlyfhUByh/isyK1nfOq2YMxUOFJQ=",
|
||||
"owner": "fricklerhandwerk",
|
||||
"repo": "git-hooks",
|
||||
"rev": "99a78fcf7dc03ba7b1d5c00af109c1e28ced3490",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "fricklerhandwerk",
|
||||
"repo": "git-hooks",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"gnome-shell": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
|
@ -565,14 +651,45 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixlib": {
|
||||
"locked": {
|
||||
"lastModified": 1712450863,
|
||||
"narHash": "sha256-K6IkdtMtq9xktmYPj0uaYc8NsIqHuaAoRBaMgu9Fvrw=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs.lib",
|
||||
"rev": "3c62b6a12571c9a7f65ab037173ee153d539905f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs.lib",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-2311": {
|
||||
"locked": {
|
||||
"lastModified": 1715818734,
|
||||
"narHash": "sha256-WvAJWCwPj/6quKcsgsvQYyZRxV8ho/yUzj0HZQ34DVU=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "95742536dc6debb5a8b8b78b27001c38f369f1e7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "release-23.11",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-anywhere": {
|
||||
"inputs": {
|
||||
"disko": "disko_2",
|
||||
"flake-parts": "flake-parts",
|
||||
"nixos-images": "nixos-images",
|
||||
"disko": "disko_3",
|
||||
"flake-parts": "flake-parts_2",
|
||||
"nixos-images": "nixos-images_2",
|
||||
"nixos-stable": "nixos-stable",
|
||||
"nixpkgs": "nixpkgs_5",
|
||||
"treefmt-nix": "treefmt-nix"
|
||||
"treefmt-nix": "treefmt-nix_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1715150548,
|
||||
|
@ -588,6 +705,28 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-generators": {
|
||||
"inputs": {
|
||||
"nixlib": "nixlib",
|
||||
"nixpkgs": [
|
||||
"clan-core",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1716123454,
|
||||
"narHash": "sha256-U2o4UPM/UsEyIX2p11+YEQgR9HY3PmjZ2mRl/x5e4xo=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixos-generators",
|
||||
"rev": "a63e0c83dd83fe28cc571b97129e13373436bd82",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "nixos-generators",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1716173274,
|
||||
|
@ -604,6 +743,28 @@
|
|||
}
|
||||
},
|
||||
"nixos-images": {
|
||||
"inputs": {
|
||||
"nixos-2311": "nixos-2311",
|
||||
"nixos-unstable": [
|
||||
"clan-core",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1716132123,
|
||||
"narHash": "sha256-rATSWbPaKQfZGaemu0tHL2xfCzVIVwpuTjk+KSBC+k4=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixos-images",
|
||||
"rev": "8c9cab8c44434c12dafc465fbf61a710c5bceb08",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "nixos-images",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-images_2": {
|
||||
"inputs": {
|
||||
"nixos-2311": [
|
||||
"nixos-anywhere",
|
||||
|
@ -1027,8 +1188,10 @@
|
|||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"disko": "disko",
|
||||
"clan-core": "clan-core",
|
||||
"disko": "disko_2",
|
||||
"dns": "dns",
|
||||
"flake-parts": "flake-parts",
|
||||
"grocy-scanner": "grocy-scanner",
|
||||
"home-manager": "home-manager",
|
||||
"home-manager-utils": "home-manager-utils",
|
||||
|
@ -1051,7 +1214,7 @@
|
|||
"retiolum": "retiolum",
|
||||
"secrets": "secrets",
|
||||
"smoke": "smoke",
|
||||
"sops-nix": "sops-nix",
|
||||
"sops-nix": "sops-nix_2",
|
||||
"srvos": "srvos",
|
||||
"srvos_nixpkgs": [
|
||||
"srvos",
|
||||
|
@ -1119,6 +1282,30 @@
|
|||
}
|
||||
},
|
||||
"sops-nix": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"clan-core",
|
||||
"nixpkgs"
|
||||
],
|
||||
"nixpkgs-stable": [
|
||||
"clan-core"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1716087663,
|
||||
"narHash": "sha256-zuSAGlx8Qk0OILGCC2GUyZ58/SJ5R3GZdeUNQ6IS0fQ=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "0bf1808e70ce80046b0cff821c019df2b19aabf5",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"sops-nix_2": {
|
||||
"inputs": {
|
||||
"nixpkgs": "nixpkgs_9",
|
||||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
|
@ -1239,6 +1426,27 @@
|
|||
}
|
||||
},
|
||||
"treefmt-nix": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"clan-core",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1715940852,
|
||||
"narHash": "sha256-wJqHMg/K6X3JGAE9YLM0LsuKrKb4XiBeVaoeMNlReZg=",
|
||||
"owner": "numtide",
|
||||
"repo": "treefmt-nix",
|
||||
"rev": "2fba33a182602b9d49f0b2440513e5ee091d838b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "treefmt-nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"treefmt-nix_2": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixos-anywhere",
|
||||
|
|
193
flake.nix
193
flake.nix
|
@ -5,6 +5,16 @@
|
|||
url = "git+ssh://forgejo@git.ingolf-wagner.de/palo/nixos-secrets.git?ref=main";
|
||||
flake = false;
|
||||
};
|
||||
|
||||
flake-parts.url = "github:hercules-ci/flake-parts";
|
||||
flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
|
||||
|
||||
clan-core = {
|
||||
url = "git+https://git.clan.lol/clan/clan-core";
|
||||
inputs.nixpkgs.follows = "nixpkgs"; # Needed if your configuration uses nixpkgs unstable.
|
||||
inputs.flake-parts.follows = "flake-parts";
|
||||
};
|
||||
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||
nixpkgs-legacy_2105.url = "github:nixos/nixpkgs/nixos-21.05";
|
||||
nixpkgs-legacy_2205.url = "github:nixos/nixpkgs/nixos-22.05";
|
||||
|
@ -88,10 +98,12 @@
|
|||
};
|
||||
|
||||
outputs =
|
||||
{ self
|
||||
inputs@{ self
|
||||
, clan-core
|
||||
, disko
|
||||
, dns
|
||||
#, doom-emacs-nix
|
||||
, flake-parts
|
||||
, grocy-scanner
|
||||
, home-manager
|
||||
, home-manager-utils
|
||||
|
@ -113,22 +125,23 @@
|
|||
, private_assets
|
||||
, retiolum
|
||||
, secrets
|
||||
, srvos
|
||||
, srvos_nixpkgs
|
||||
, smoke
|
||||
, sops-nix
|
||||
, srvos
|
||||
, srvos_nixpkgs
|
||||
, stylix
|
||||
, taskshell
|
||||
}:
|
||||
let
|
||||
system = "x86_64-linux";
|
||||
|
||||
pkgs = nixpkgs.legacyPackages.${system};
|
||||
let
|
||||
#system = "x86_64-linux";
|
||||
|
||||
#pkgs = nixpkgs.legacyPackages.${system};
|
||||
inherit (nixpkgs) lib;
|
||||
|
||||
meta = { nixpackages ? nixpkgs }: rec {
|
||||
meta = rec {
|
||||
system = "x86_64-linux";
|
||||
pkgs = import nixpackages {
|
||||
pkgs = import nixpkgs {
|
||||
inherit system;
|
||||
config.allowUnfree = true;
|
||||
config.permittedInsecurePackages = [
|
||||
|
@ -163,42 +176,24 @@
|
|||
inherit private_assets;
|
||||
assets = ./nixos/assets;
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
# todo : why redefine it?
|
||||
# Mic92 means, is not needed anymore
|
||||
nixosSystem = args:
|
||||
(lib.makeOverridable lib.nixosSystem)
|
||||
(lib.recursiveUpdate args {
|
||||
modules =
|
||||
args.modules
|
||||
++ [
|
||||
{
|
||||
config.nixpkgs.pkgs = lib.mkDefault args.pkgs;
|
||||
config.nixpkgs.localSystem = lib.mkDefault args.pkgs.stdenv.hostPlatform;
|
||||
}
|
||||
];
|
||||
});
|
||||
|
||||
nixosConfigurationSetup =
|
||||
clanSetup =
|
||||
{ name
|
||||
, host ? "${name}.private"
|
||||
, host
|
||||
, modules
|
||||
, nixpackages ? nixpkgs
|
||||
}:
|
||||
nixosSystem {
|
||||
inherit (meta { nixpackages = nixpackages; }) system specialArgs pkgs;
|
||||
modules = modules ++ defaultModules ++ [
|
||||
{
|
||||
_module.args.nixinate = {
|
||||
host = host;
|
||||
sshUser = "root";
|
||||
buildOn = "remote"; # valid args are "local" or "remote"
|
||||
substituteOnTarget = false; # if buildOn is "local" then it will substitute on the target, "-s"
|
||||
#hermetic = false; # ??? don't know what this is
|
||||
nixOptions = [ "--max-jobs 1" ];
|
||||
};
|
||||
}
|
||||
#, nixpackages ? meta.nixpkgs
|
||||
}: {
|
||||
|
||||
clan.networking.targetHost = lib.mkDefault "root@${host}";
|
||||
clanCore.machineIcon = null; # Optional, a path to an image file
|
||||
|
||||
#nixpkgs.pkgs = nixpackages;
|
||||
nixpkgs.pkgs = meta.pkgs;
|
||||
nixpkgs.hostPlatform = meta.system;
|
||||
|
||||
imports = modules ++ defaultModules ++ [
|
||||
{
|
||||
imports = [
|
||||
./nixos/machines/${name}/configuration.nix
|
||||
|
@ -228,25 +223,26 @@
|
|||
# '';
|
||||
# };
|
||||
# })
|
||||
({ pkgs, ... }:
|
||||
{
|
||||
nix.settings.substituters = [ "https://cache.nixos.org/" ];
|
||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
||||
# no channesl needed this way
|
||||
nix.nixPath = [ "nixpkgs=${pkgs.path}" ];
|
||||
}
|
||||
{
|
||||
})
|
||||
({ pkgs, ... }: {
|
||||
boot.tmp.useTmpfs = lib.mkDefault true;
|
||||
environment.systemPackages = [ nixpkgs-fmt.defaultPackage.${system} ];
|
||||
environment.systemPackages = [ nixpkgs-fmt.defaultPackage.${pkgs.system} ];
|
||||
imports = [
|
||||
permown.nixosModules.permown
|
||||
disko.nixosModules.disko
|
||||
#disko.nixosModules.disko
|
||||
kmonad.nixosModules.default
|
||||
grocy-scanner.nixosModule
|
||||
];
|
||||
}
|
||||
})
|
||||
];
|
||||
|
||||
homeManagerModules = { config, ... }: {
|
||||
homeManagerModules = { pkgs, config, ... }: {
|
||||
imports = [
|
||||
home-manager.nixosModules.home-manager
|
||||
stylix.nixosModules.stylix
|
||||
|
@ -290,29 +286,33 @@
|
|||
};
|
||||
|
||||
sopsModule = name: { lib, ... }: {
|
||||
imports = [ sops-nix.nixosModules.sops ];
|
||||
#imports = [ sops-nix.nixosModules.sops ];
|
||||
sops.defaultSopsFile = lib.mkForce "${secrets}/secrets/${name}.yaml";
|
||||
};
|
||||
|
||||
in
|
||||
{
|
||||
devShells.${system}.default =
|
||||
pkgs.mkShell {
|
||||
buildInputs = [
|
||||
nixpkgs-fmt.defaultPackage.${system}
|
||||
nixos-anywhere.packages.${system}.nixos-anywhere
|
||||
|
||||
flake-parts.lib.mkFlake { inherit inputs; } ({ self, pkgs, ... }: {
|
||||
# We define our own systems below. you can still use this to add system specific outputs to your flake.
|
||||
# See: https://flake.parts/getting-started
|
||||
systems = [ ];
|
||||
|
||||
# import clan-core modules
|
||||
imports = [
|
||||
clan-core.flakeModules.default
|
||||
];
|
||||
};
|
||||
|
||||
apps = nixinate.nixinate.x86_64-linux self;
|
||||
# Define your clan
|
||||
clan = {
|
||||
# Clan wide settings. (Required)
|
||||
clanName = "gummybears"; # Ensure to choose a unique name.
|
||||
specialArgs = meta.specialArgs;
|
||||
|
||||
nixosConfigurations =
|
||||
{
|
||||
sternchen = nixosConfigurationSetup {
|
||||
machines = {
|
||||
sternchen = clanSetup {
|
||||
name = "sternchen";
|
||||
#host = "sternchen.secret";
|
||||
#host = "192.168.178.25";
|
||||
host = "sternchen";
|
||||
#host = "sternchen.secure";
|
||||
host = "192.168.178.25";
|
||||
modules = [
|
||||
nixos-hardware.nixosModules.lenovo-thinkpad-x220
|
||||
homeManagerModules
|
||||
|
@ -335,9 +335,10 @@
|
|||
})
|
||||
];
|
||||
};
|
||||
cream = nixosConfigurationSetup
|
||||
{
|
||||
|
||||
cream = clanSetup {
|
||||
name = "cream";
|
||||
host = "cream.private";
|
||||
modules = [
|
||||
nixos-hardware.nixosModules.framework-12th-gen-intel
|
||||
retiolum.nixosModules.retiolum
|
||||
|
@ -350,9 +351,10 @@
|
|||
}
|
||||
];
|
||||
};
|
||||
cherry = nixosConfigurationSetup
|
||||
{
|
||||
|
||||
cherry = clanSetup {
|
||||
name = "cherry";
|
||||
host = "cherry.private";
|
||||
modules = [
|
||||
nixos-hardware.nixosModules.framework-13th-gen-intel
|
||||
homeManagerModules
|
||||
|
@ -363,9 +365,10 @@
|
|||
}
|
||||
];
|
||||
};
|
||||
chungus = nixosConfigurationSetup
|
||||
{
|
||||
|
||||
chungus = clanSetup {
|
||||
name = "chungus";
|
||||
host = "chungus.private";
|
||||
modules = [
|
||||
homeManagerModules
|
||||
retiolum.nixosModules.retiolum
|
||||
|
@ -376,28 +379,30 @@
|
|||
}
|
||||
];
|
||||
};
|
||||
orbi = nixosConfigurationSetup
|
||||
{
|
||||
|
||||
orbi = clanSetup {
|
||||
name = "orbi";
|
||||
host = "95.216.66.212";
|
||||
host = "orbi.private";
|
||||
# host = "95.216.66.212";
|
||||
modules = [
|
||||
homeManagerModules
|
||||
srvos.nixosModules.hardware-hetzner-online-intel
|
||||
srvos.nixosModules.server
|
||||
srvos.nixosModules.mixins-terminfo
|
||||
#{ home-manager.sharedModules = [{ programs.doom-emacs.enable = false; }]; }
|
||||
{ home-manager.sharedModules = [{ programs.doom-emacs.enable = false; }]; }
|
||||
{
|
||||
home-manager.users.mainUser = import ./nixos/homes/palo;
|
||||
home-manager.users.root = import ./nixos/homes/root;
|
||||
}
|
||||
];
|
||||
};
|
||||
robi = nixosConfigurationSetup
|
||||
{
|
||||
|
||||
robi = clanSetup {
|
||||
name = "robi";
|
||||
host = "robi.private";
|
||||
modules = [
|
||||
homeManagerModules
|
||||
#{ home-manager.sharedModules = [{ programs.doom-emacs.enable = false; }]; }
|
||||
{ home-manager.sharedModules = [{ programs.doom-emacs.enable = false; }]; }
|
||||
{
|
||||
home-manager.users.mainUser = import ./nixos/homes/palo;
|
||||
home-manager.users.root = import ./nixos/homes/root;
|
||||
|
@ -405,6 +410,46 @@
|
|||
];
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
});
|
||||
|
||||
}
|
||||
|
||||
|
||||
# devShells.${system}.default =
|
||||
# pkgs.mkShell {
|
||||
# buildInputs = [
|
||||
# nixpkgs-fmt.defaultPackage.${system}
|
||||
# nixos-anywhere.packages.${system}.nixos-anywhere
|
||||
# ];
|
||||
# };
|
||||
|
||||
#apps = nixinate.nixinate.x86_64-linux self;
|
||||
|
||||
# packages = with nixpkgs.lib; {
|
||||
# ${system} =
|
||||
# let
|
||||
# vms = mapAttrs'
|
||||
# (host: sys: {
|
||||
# name = "vm-${host}";
|
||||
# value = sys.config.system.build.vm;
|
||||
# })
|
||||
# self.nixosConfigurations;
|
||||
# sds = mapAttrs'
|
||||
# (host: sys: {
|
||||
# name = "sd-${host}";
|
||||
# value = sys.config.system.build.sdImage;
|
||||
# })
|
||||
# (filterAttrs
|
||||
# (n: hasAttrByPath [ "config" "system" "build" "sdImage" ])
|
||||
# self.nixosConfigurations);
|
||||
# in
|
||||
# vms // sds;
|
||||
# };
|
||||
|
||||
# nixosConfigurations =
|
||||
# };
|
||||
|
||||
|
||||
|
|
|
@ -14,14 +14,7 @@ with lib;
|
|||
config = mkIf config.components.yubikey.enable {
|
||||
|
||||
services.pcscd.enable = true;
|
||||
services.udev.packages = [
|
||||
|
||||
pkgs.yubikey-personalization
|
||||
|
||||
# additional services, but I just want gpg
|
||||
# pkgs.libu2f-host
|
||||
|
||||
];
|
||||
services.udev.packages = [ pkgs.yubikey-personalization ];
|
||||
|
||||
environment.systemPackages = [
|
||||
|
||||
|
@ -43,24 +36,26 @@ with lib;
|
|||
|
||||
];
|
||||
|
||||
## managed by home-manager now
|
||||
#environment.shellInit = ''
|
||||
# export GPG_TTY="$(tty)"
|
||||
# gpg-connect-agent /bye
|
||||
# export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
|
||||
#'';
|
||||
#programs = {
|
||||
# ssh.startAgent = false;
|
||||
# gnupg.agent = {
|
||||
# enable = true;
|
||||
# enableSSHSupport = true;
|
||||
# };
|
||||
#};
|
||||
|
||||
## managed by home-manager now
|
||||
#security.pam.u2f.enable = true;
|
||||
#security.pam.u2f.authFile = toString config.sops.secrets.yubikey_u2fAuthFile.path;
|
||||
#sops.secrets.yubikey_u2fAuthFile = { };
|
||||
environment.shellInit = ''
|
||||
export GPG_TTY="$(tty)"
|
||||
gpg-connect-agent /bye
|
||||
export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
|
||||
'';
|
||||
|
||||
programs = {
|
||||
ssh.startAgent = false;
|
||||
gnupg.agent = {
|
||||
enable = true;
|
||||
enableSSHSupport = true;
|
||||
};
|
||||
};
|
||||
|
||||
## managed by home-manager now
|
||||
security.pam.u2f.enable = true;
|
||||
security.pam.u2f.authFile = toString config.sops.secrets.yubikey_u2fAuthFile.path;
|
||||
sops.secrets.yubikey_u2fAuthFile = { };
|
||||
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue