Update bootstrap modules/packages.nix modules/secrets.nix modules/services.nix modules/workspace/misc.nix modules/workspace/ssh.nix result-bin

bootstrap

@@ -40,7 +40,7 @@ read
 umount -l /nix/.rw-store || echo "RW-store is not mounted."
 mount --rbind /mnt/nix /nix
 
-nix-build /tmp/nixpkgs/nixos -A system --substituters "https://cache.balsoft.ru https://cache.nixos.org" --no-require-sigs
+nix build -f /tmp/nixpkgs/nixos system --substituters "https://cache.balsoft.ru https://cache.nixos.org" --no-require-sigs
 nixos-install --system ./result
 cd /mnt/home/balsoft
 chmod 777 -R .

modules/packages.nix

@@ -155,16 +155,6 @@ in { pkgs, config, lib, ... }: {
     config.firefox.enablePlasmaBrowserIntegration = true;
   } // config.nixpkgs.config;
 
-  systemd.services.setup_root = {
-    serviceConfig.User = "root";
-    script = ''
-      mkdir -p /root/.ssh
-      cat << EOF > /root/.ssh/id_rsa
-      ${config.secrets.id_rsa}
-      EOF
-      chmod 100 /root/.ssh/id_rsa
-    '';
-  };
   environment.etc.nixpkgs.source = imports.nixpkgs;
   nix = rec {
     nixPath = lib.mkForce [

modules/secrets.nix

@@ -62,10 +62,6 @@ in rec {
       type = nullOr str;
       description = "Rclone config";
     };
-    id_rsa = mkOption {
-      type = nullOr str;
-      description = "SSH RSA private key";
-    };
     ssl = rec {
       cert = mkOption {
         type = nullOr str;

modules/services.nix

@@ -1,7 +1,6 @@
 { config, lib, pkgs, ... }: {
 
   services.acpid.enable = true;
-  programs.ssh.startAgent = true;
 
   services.apcupsd = { enable = config.device == "AMD-Workstation"; };
 

modules/workspace/misc.nix

@@ -23,16 +23,6 @@
       after = [ ];
       data = "rm -f /home/balsoft/.config/mimeapps.list";
     };
-    programs.gpg.enable = true;
-    services.gpg-agent = {
-      enable = true;
-      extraConfig = ''
-        pinentry-program ${pkgs.pinentry}/bin/pinentry
-        allow-emacs-pinentry
-        allow-loopback-pinentry
-      '';
-      enableSshSupport = true;
-    };
     services.udiskie.enable = true;
     programs.git = {
       enable = true;

modules/workspace/ssh.nix

@@ -4,24 +4,37 @@
     passwordAuthentication = false;
     permitRootLogin = "no";
     forwardX11 = true;
-    ports = [ 22 13722 ];
+    ports = [ 22 ];
   };
 
   users.users.balsoft.openssh.authorizedKeys.keys =
   ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDd2OdcSHUsgezuV+cpFqk9+Svtup6PxIolv1zokVZdqvS8qxLsA/rwYmQgTnuq4/zK/GIxcUCH4OxYlW6Or4M4G7qrDKcLAUrRPWkectqEooWRflZXkfHduMJhzeOAsBdMfYZQ9024GwKr/4yriw2BGa8GbbAnQxiSeTipzvXHoXuRME+/2GsMFAfHFvxzXRG7dNOiLtLaXEjUPUTcw/fffKy55kHtWxMkEvvcdyR53/24fmO3kLVpEuoI+Mp1XFtX3DvRM9ulgfwZUn8/CLhwSLwWX4Xf9iuzVi5vJOJtMOktQj/MwGk4tY/NPe+sIk+nAUKSdVf0y9k9JrJT98S/ comment"];
 
-  home-manager.users.balsoft.programs.ssh =
+  services.udev.packages = [ pkgs.yubikey-personalization ];
-  if (!isNull config.secrets.id_rsa) then {
+
+
+  environment.shellInit = ''
+    export GPG_TTY="$(tty)"
+    gpg-connect-agent /bye
+    export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
+  '';
+
+  programs = {
+    ssh.startAgent = false;
+    gnupg.agent = {
+      enable = true;
+      enableSSHSupport = true;
+    };
+  };
+  
+  home-manager.users.balsoft.home.file.".gnupg/scdaemon.conf".text = "reader-port Yubico Yubi";
+  
+  home-manager.users.balsoft.programs.ssh = {
     enable = true;
     matchBlocks = {
       "*" = {
-        identityFile = toString (pkgs.writeTextFile {
-          name = "id_rsa";
-          text = config.secrets.id_rsa;
-        });
         compression = false;
       };
     };
-  } else
+  };
-    { };
 }

result-bin

@@ -0,0 +1 @@
+/nix/store/fwban0fhsglbyn83inds5si719b2qjdd-libxml2-2.9.10-bin