[NixOS] Enable ssh/gpg yubikey support

This commit is contained in:
Ivan Malison 2021-05-04 18:21:50 -06:00
parent 3105bf41b8
commit 56d998c30c
No known key found for this signature in database
GPG Key ID: 62530EFBE99DC2F8

View File

@ -33,15 +33,21 @@ in
# Allow all the things # Allow all the things
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
nixpkgs.config.android_sdk.accept_license = true; nixpkgs.config.android_sdk.accept_license = true;
nixpkgs.config.permittedInsecurePackages = [ nixpkgs.config.permittedInsecurePackages = [
"openssl-1.0.2u" "openssl-1.0.2u"
]; ];
# Disabling these waits disables the stuck on boot up issue
systemd.services.systemd-udev-settle.enable = false;
systemd.services.NetworkManager-wait-online.enable = false;
networking.firewall.enable = false;
# Security and networking # Security
security.sudo.wheelNeedsPassword = false; security.sudo.wheelNeedsPassword = false;
programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
services.pcscd.enable = true;
# Networking
environment.etc."ipsec.secrets".text = '' environment.etc."ipsec.secrets".text = ''
include ipsec.d/ipsec.nm-l2tp.secrets include ipsec.d/ipsec.nm-l2tp.secrets
''; '';
@ -54,10 +60,6 @@ in
rc-manager=resolvconf rc-manager=resolvconf
''; '';
}; };
# Disabling these waits disables the stuck on boot up issue
systemd.services.systemd-udev-settle.enable = false;
systemd.services.NetworkManager-wait-online.enable = false;
networking.firewall.enable = false;
# Audio # Audio
sound.enable = true; sound.enable = true;
@ -91,9 +93,11 @@ in
source-code-pro source-code-pro
source-sans-pro source-sans-pro
source-serif-pro source-serif-pro
twemoji-color-font # twemoji-color-font
]; ];
fontconfig = { fontconfig = {
allowBitmaps = true;
useEmbeddedBitmaps = true;
defaultFonts = { defaultFonts = {
monospace = [ "Source Code Pro" ]; monospace = [ "Source Code Pro" ];
sansSerif = [ "Roboto" ]; sansSerif = [ "Roboto" ];
@ -285,12 +289,14 @@ in
silver-searcher silver-searcher
stow stow
subversion subversion
swig
tmux tmux
tzupdate tzupdate
unzip unzip
usbutils usbutils
valgrind valgrind
wget wget
yubikey-manager
# Nix # Nix
nix-prefetch-git nix-prefetch-git
@ -309,7 +315,6 @@ in
programs.zsh.enable = true; programs.zsh.enable = true;
programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
programs.adb.enable = true; programs.adb.enable = true;
services.openssh.enable = true; services.openssh.enable = true;