summaryrefslogtreecommitdiff
path: root/machines
diff options
context:
space:
mode:
Diffstat (limited to 'machines')
-rw-r--r--machines/oxygen.nix69
1 files changed, 48 insertions, 21 deletions
diff --git a/machines/oxygen.nix b/machines/oxygen.nix
index 83c4cf1..4aa933e 100644
--- a/machines/oxygen.nix
+++ b/machines/oxygen.nix
@@ -1,11 +1,30 @@
{ config, lib, pkgs, ... }:
-# airgapped machine, for setting up gpg keys
+# airgapped machine, for setting up keys
# github.com/dhess/nixos-yubikey
+# github.com/Mic92/dotfiles/blob/master/nixos/images/yubikey-image.nix
let
nixpkgs = builtins.fetchTarball (import ../nixpkgs.nix);
+ guide = pkgs.stdenv.mkDerivation {
+ name = "yubikey-guide.2021.1.31.html";
+ src = pkgs.fetchFromGitHub {
+ owner = "drduh";
+ repo = "YubiKey-Guide";
+ rev = "fe6434577bce964aefd33d5e085d6ac0008e17ce";
+ sha256 = lib.fakeSha256;
+ };
+ buildInputs = [ pkgs.pandoc ];
+ installPhase = "pandoc --highlight-style pygments -s --toc README.md -o $out";
+ };
+ gpg-conf = pkgs.fetchurl {
+ url = "https://raw.githubusercontent.com/drduh/config/75ec3f35c6977722d4dba17732d526f704f256ff/gpg.conf";
+ sha256 = "sha256-LK29P4+ZAvy9ObNGDNBGP/8+MIUY3/Uo4eJtXhwMoE0=";
+ };
+ gpg-agent-conf = pkgs.writeText "gpg-agent.conf" ''
+ pinentry-program ${pkgs.pinentry-curses}/bin/pinentry-curses
+ '';
in {
isoImage.isoBaseName = "oxygen";
isoImage.edition = "o2";
@@ -51,6 +70,7 @@ in {
ent # entropy
gnupg
(haskell.lib.justStaticExecutables haskellPackages.hopenpgp-tools)
+ midori
mkpasswd
paperkey # store pgp keys on paper
parted
@@ -64,20 +84,19 @@ in {
yubikey-manager
yubikey-personalization
];
- services.udev.packages = [
- pkgs.yubikey-personalization
- ];
+ services.udev.packages = [ pkgs.yubikey-personalization ];
- environment.interactiveShellInit = let
- gpg-agent-conf = pkgs.writeText "gpg-agent.conf" ''
- pinentry-program ${pkgs.pinentry-curses}/bin/pinentry-curses
- '';
- in ''
- unset HISTFILE
- export GNUPGHOME=/run/user/$(id -u)/gnupg
+ environment.shellInit = ''
+ export GPG_TTY="$(tty)"
+ gpg-connect-agent /bye
+ '';
+
+ environment.interactiveShellInit = ''
+ export GNUPGHOME=/run/user/$(id -u)/gnupghome
[ -d $GNUPGHOME ] || install -m 0700 -d $GNUPGHOME
- cp ${gpg-agent-conf} $GNUPGHOME/gpg-agent.conf
- echo "\$GNUPGHOME is $GNUPGHOME"
+ cp ${gpg-conf} "$GNUPGHOME/gpg.conf"
+ cp ${gpg-agent-conf} "$GNUPGHOME/gpg-agent.conf"
+ echo "\$GNUPGHOME has been setup for you. Generated keys will be in $GNUPGHOME"
'';
nixpkgs.config.allowUnfree = false;
@@ -92,14 +111,22 @@ in {
services.pcscd.enable = true;
services.printing.enable = true;
- #services.xserver.enable = true;
- #services.xserver.autorun = true;
- #services.xserver.layout = "us";
- #services.xserver.libinput.enable = true;
- #services.xserver.xkbOptions = "caps:ctrl_modifier";
- #services.xserver.displayManager.lightdm.enable = true;
- #services.xserver.windowManager.xmonad.enable = true;
- #services.xserver.desktopManager.xterm.enable = true;
+ services.xserver.enable = true;
+ services.xserver.autorun = true;
+ services.xserver.layout = "us";
+ services.xserver.libinput.enable = true;
+ services.xserver.xkbOptions = "caps:ctrl_modifier";
+
+ services.xserver.displayManager.sddm.enable = true;
+ services.xserver.displayManager.autoLogin.enable = true;
+ services.xserver.displayManager.defaultSession = "xfce";
+ services.xserver.displayManager.sessionCommands = ''
+ ${pkgs.midori}/bin/midori ${guide} &
+ ${pkgs.xfce.terminal}/bin/xfce4-terminal &
+ '';
+
+ services.xserver.desktopManager.xterm.enable = false;
+ services.xserver.desktopManager.xfce.enable = true;
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;