1
0
mirror of https://github.com/drduh/YubiKey-Guide.git synced 2025-01-03 11:30:55 +00:00

Merge pull request #160 from rvl/nixos

Add instructions for NixOS
This commit is contained in:
drduh 2020-01-22 06:39:14 +00:00 committed by GitHub
commit 2fc50760db
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -13,6 +13,7 @@ If you have a comment or suggestion, please open an [Issue](https://github.com/d
* [Debian/Ubuntu](#debianubuntu) * [Debian/Ubuntu](#debianubuntu)
* [Arch](#arch) * [Arch](#arch)
* [RHEL7](#rhel7) * [RHEL7](#rhel7)
* [NixOS](#nixos)
* [OpenBSD](#openbsd) * [OpenBSD](#openbsd)
* [macOS](#macos) * [macOS](#macos)
* [Windows](#windows) * [Windows](#windows)
@ -200,6 +201,56 @@ $ sudo pacman -Syu gnupg pcsclite ccid hopenpgp-tools yubikey-personalization
$ sudo yum install -y gnupg2 pinentry-curses pcsc-lite pcsc-lite-libs gnupg2-smime $ sudo yum install -y gnupg2 pinentry-curses pcsc-lite pcsc-lite-libs gnupg2-smime
``` ```
## NixOS
Generate a NixOS LiveCD image with the given config:
```nix
# yubikey-installer.nix
{ nixpkgs ? <nixpkgs>, system ? "x86_64-linux" } :
let
config = { pkgs, ... }:
with pkgs; {
imports = [ <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-kde.nix> ];
boot.kernelPackages = linuxPackages_latest;
services.pcscd.enable = true;
services.udev.packages = [ yubikey-personalization ];
environment.systemPackages = [ gnupg pinentry-curses pinentry-qt paperkey wget ];
programs = {
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
};
};
evalNixos = configuration: import <nixpkgs/nixos> {
inherit system configuration;
};
in {
iso = (evalNixos config).config.system.build.isoImage;
}
```
Build the installer and copy it to a USB drive.
```console
$ nix build -f yubikey-installer.nix --out-link installer
$ sudo cp -v installer/iso/*.iso /dev/sdb; sync
'installer/iso/nixos-20.03.git.c438ce1-x86_64-linux.iso' -> '/dev/sdb'
```
On NixOS, ensure that you have `pinentry-program /run/current-system/sw/bin/pinentry-curses` in your `$GNUPGHOME/gpg-agent.conf` before running any `gpg` commands.
## OpenBSD ## OpenBSD
```console ```console