From bb5184a0b35cc1c191bb02b0446e9d5bb91b6c43 Mon Sep 17 00:00:00 2001 From: Rodney Lorrimar Date: Wed, 22 Jan 2020 10:27:55 +1000 Subject: [PATCH] Add instructions for NixOS I just tested these steps on a spare laptop. --- README.md | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/README.md b/README.md index f38c7f4..fe80133 100644 --- a/README.md +++ b/README.md @@ -13,6 +13,7 @@ If you have a comment or suggestion, please open an [Issue](https://github.com/d * [Debian/Ubuntu](#debianubuntu) * [Arch](#arch) * [RHEL7](#rhel7) + * [NixOS](#nixos) * [OpenBSD](#openbsd) * [macOS](#macos) * [Windows](#windows) @@ -200,6 +201,56 @@ $ sudo pacman -Syu gnupg pcsclite ccid hopenpgp-tools yubikey-personalization $ sudo yum install -y gnupg2 pinentry-curses pcsc-lite pcsc-lite-libs gnupg2-smime ``` +## NixOS + +Generate a NixOS LiveCD image with the given config: + +```nix +# yubikey-installer.nix +{ nixpkgs ? , system ? "x86_64-linux" } : + +let + config = { pkgs, ... }: + with pkgs; { + imports = [ ]; + + boot.kernelPackages = linuxPackages_latest; + + services.pcscd.enable = true; + services.udev.packages = [ yubikey-personalization ]; + + environment.systemPackages = [ gnupg pinentry-curses pinentry-qt paperkey wget ]; + + programs = { + ssh.startAgent = false; + gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + }; + }; + + evalNixos = configuration: import { + inherit system configuration; + }; + +in { + iso = (evalNixos config).config.system.build.isoImage; +} +``` + +Build the installer and copy it to a USB drive. + +```console +$ nix build -f yubikey-installer.nix --out-link installer + +$ sudo cp -v installer/iso/*.iso /dev/sdb; sync +'installer/iso/nixos-20.03.git.c438ce1-x86_64-linux.iso' -> '/dev/sdb' +``` + +On NixOS, ensure that you have `pinentry-program /run/current-system/sw/bin/pinentry-curses` in your `$GNUPGHOME/gpg-agent.conf` before running any `gpg` commands. + + ## OpenBSD ```console