diff options
Diffstat (limited to 'machines')
-rw-r--r-- | machines/oxygen.nix | 69 |
1 files changed, 48 insertions, 21 deletions
diff --git a/machines/oxygen.nix b/machines/oxygen.nix index 83c4cf1..4aa933e 100644 --- a/machines/oxygen.nix +++ b/machines/oxygen.nix @@ -1,11 +1,30 @@ { config, lib, pkgs, ... }: -# airgapped machine, for setting up gpg keys +# airgapped machine, for setting up keys # github.com/dhess/nixos-yubikey +# github.com/Mic92/dotfiles/blob/master/nixos/images/yubikey-image.nix let nixpkgs = builtins.fetchTarball (import ../nixpkgs.nix); + guide = pkgs.stdenv.mkDerivation { + name = "yubikey-guide.2021.1.31.html"; + src = pkgs.fetchFromGitHub { + owner = "drduh"; + repo = "YubiKey-Guide"; + rev = "fe6434577bce964aefd33d5e085d6ac0008e17ce"; + sha256 = lib.fakeSha256; + }; + buildInputs = [ pkgs.pandoc ]; + installPhase = "pandoc --highlight-style pygments -s --toc README.md -o $out"; + }; + gpg-conf = pkgs.fetchurl { + url = "https://raw.githubusercontent.com/drduh/config/75ec3f35c6977722d4dba17732d526f704f256ff/gpg.conf"; + sha256 = "sha256-LK29P4+ZAvy9ObNGDNBGP/8+MIUY3/Uo4eJtXhwMoE0="; + }; + gpg-agent-conf = pkgs.writeText "gpg-agent.conf" '' + pinentry-program ${pkgs.pinentry-curses}/bin/pinentry-curses + ''; in { isoImage.isoBaseName = "oxygen"; isoImage.edition = "o2"; @@ -51,6 +70,7 @@ in { ent # entropy gnupg (haskell.lib.justStaticExecutables haskellPackages.hopenpgp-tools) + midori mkpasswd paperkey # store pgp keys on paper parted @@ -64,20 +84,19 @@ in { yubikey-manager yubikey-personalization ]; - services.udev.packages = [ - pkgs.yubikey-personalization - ]; + services.udev.packages = [ pkgs.yubikey-personalization ]; - environment.interactiveShellInit = let - gpg-agent-conf = pkgs.writeText "gpg-agent.conf" '' - pinentry-program ${pkgs.pinentry-curses}/bin/pinentry-curses - ''; - in '' - unset HISTFILE - export GNUPGHOME=/run/user/$(id -u)/gnupg + environment.shellInit = '' + export GPG_TTY="$(tty)" + gpg-connect-agent /bye + ''; + + environment.interactiveShellInit = '' + export GNUPGHOME=/run/user/$(id -u)/gnupghome [ -d $GNUPGHOME ] || install -m 0700 -d $GNUPGHOME - cp ${gpg-agent-conf} $GNUPGHOME/gpg-agent.conf - echo "\$GNUPGHOME is $GNUPGHOME" + cp ${gpg-conf} "$GNUPGHOME/gpg.conf" + cp ${gpg-agent-conf} "$GNUPGHOME/gpg-agent.conf" + echo "\$GNUPGHOME has been setup for you. Generated keys will be in $GNUPGHOME" ''; nixpkgs.config.allowUnfree = false; @@ -92,14 +111,22 @@ in { services.pcscd.enable = true; services.printing.enable = true; - #services.xserver.enable = true; - #services.xserver.autorun = true; - #services.xserver.layout = "us"; - #services.xserver.libinput.enable = true; - #services.xserver.xkbOptions = "caps:ctrl_modifier"; - #services.xserver.displayManager.lightdm.enable = true; - #services.xserver.windowManager.xmonad.enable = true; - #services.xserver.desktopManager.xterm.enable = true; + services.xserver.enable = true; + services.xserver.autorun = true; + services.xserver.layout = "us"; + services.xserver.libinput.enable = true; + services.xserver.xkbOptions = "caps:ctrl_modifier"; + + services.xserver.displayManager.sddm.enable = true; + services.xserver.displayManager.autoLogin.enable = true; + services.xserver.displayManager.defaultSession = "xfce"; + services.xserver.displayManager.sessionCommands = '' + ${pkgs.midori}/bin/midori ${guide} & + ${pkgs.xfce.terminal}/bin/xfce4-terminal & + ''; + + services.xserver.desktopManager.xterm.enable = false; + services.xserver.desktopManager.xfce.enable = true; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; |