balsoft/nixos-config
1
0
Fork 0
Code Issues Releases Wiki Activity

Update bootstrap modules/packages.nix modules/secrets.nix modules/services.nix modules/workspace/misc.nix modules/workspace/ssh.nix result-bin

Browse Source
This commit is contained in:
Alexander Bantyev 2020-02-28 11:44:12 +03:00
parent 93ee418a11
commit 89c2cc0725
Signed by: balsoft
GPG Key ID: E081FF12ADCB4AD5
7 changed files with 24 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bootstrap
View File

@ -40,7 +40,7 @@ read
umount -l /nix/.rw-store || echo "RW-store is not mounted."
mount --rbind /mnt/nix /nix
nix-build /tmp/nixpkgs/nixos -A system --substituters "https://cache.balsoft.ru https://cache.nixos.org" --no-require-sigs
nix build -f /tmp/nixpkgs/nixos system --substituters "https://cache.balsoft.ru https://cache.nixos.org" --no-require-sigs
nixos-install --system ./result
cd /mnt/home/balsoft
chmod 777 -R .

10
modules/packages.nix
View File

@ -155,16 +155,6 @@ in { pkgs, config, lib, ... }: {
config.firefox.enablePlasmaBrowserIntegration = true;
} // config.nixpkgs.config;
systemd.services.setup_root = {
serviceConfig.User = "root";
script = ''
mkdir -p /root/.ssh
cat << EOF > /root/.ssh/id_rsa
${config.secrets.id_rsa}
EOF
chmod 100 /root/.ssh/id_rsa
'';
};
environment.etc.nixpkgs.source = imports.nixpkgs;
nix = rec {
nixPath = lib.mkForce [

4
modules/secrets.nix
View File

@ -62,10 +62,6 @@ in rec {
type = nullOr str;
description = "Rclone config";
};
id_rsa = mkOption {
type = nullOr str;
description = "SSH RSA private key";
};
ssl = rec {
cert = mkOption {
type = nullOr str;

1
modules/services.nix
View File

@ -1,7 +1,6 @@
{ config, lib, pkgs, ... }: {
services.acpid.enable = true;
programs.ssh.startAgent = true;
services.apcupsd = { enable = config.device == "AMD-Workstation"; };

10
modules/workspace/misc.nix
View File

@ -23,16 +23,6 @@
after = [ ];
data = "rm -f /home/balsoft/.config/mimeapps.list";
};
programs.gpg.enable = true;
services.gpg-agent = {
enable = true;
extraConfig = ''
pinentry-program ${pkgs.pinentry}/bin/pinentry
allow-emacs-pinentry
allow-loopback-pinentry
'';
enableSshSupport = true;
};
services.udiskie.enable = true;
programs.git = {
enable = true;

31
modules/workspace/ssh.nix
View File

@ -4,24 +4,37 @@
passwordAuthentication = false;
permitRootLogin = "no";
forwardX11 = true;
ports = [ 22 13722 ];
ports = [ 22 ];
};
users.users.balsoft.openssh.authorizedKeys.keys =
["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDd2OdcSHUsgezuV+cpFqk9+Svtup6PxIolv1zokVZdqvS8qxLsA/rwYmQgTnuq4/zK/GIxcUCH4OxYlW6Or4M4G7qrDKcLAUrRPWkectqEooWRflZXkfHduMJhzeOAsBdMfYZQ9024GwKr/4yriw2BGa8GbbAnQxiSeTipzvXHoXuRME+/2GsMFAfHFvxzXRG7dNOiLtLaXEjUPUTcw/fffKy55kHtWxMkEvvcdyR53/24fmO3kLVpEuoI+Mp1XFtX3DvRM9ulgfwZUn8/CLhwSLwWX4Xf9iuzVi5vJOJtMOktQj/MwGk4tY/NPe+sIk+nAUKSdVf0y9k9JrJT98S/ comment"];
home-manager.users.balsoft.programs.ssh =
if (!isNull config.secrets.id_rsa) then {
services.udev.packages = [ pkgs.yubikey-personalization ];
environment.shellInit = ''
export GPG_TTY="$(tty)"
gpg-connect-agent /bye
export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
'';
programs = {
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
};
home-manager.users.balsoft.home.file.".gnupg/scdaemon.conf".text = "reader-port Yubico Yubi";
home-manager.users.balsoft.programs.ssh = {
enable = true;
matchBlocks = {
"*" = {
identityFile = toString (pkgs.writeTextFile {
name = "id_rsa";
text = config.secrets.id_rsa;
});
compression = false;
};
};
} else
{ };
};
}

1
result-bin Symbolic link
View File

@ -0,0 +1 @@
/nix/store/fwban0fhsglbyn83inds5si719b2qjdd-libxml2-2.9.10-bin