mirror of
https://github.com/drduh/YubiKey-Guide.git
synced 2025-01-05 04:20:55 +00:00
Add instructions for NixOS
I just tested these steps on a spare laptop.
This commit is contained in:
parent
a17ba2d51e
commit
bb5184a0b3
51
README.md
51
README.md
@ -13,6 +13,7 @@ If you have a comment or suggestion, please open an [Issue](https://github.com/d
|
||||
* [Debian/Ubuntu](#debianubuntu)
|
||||
* [Arch](#arch)
|
||||
* [RHEL7](#rhel7)
|
||||
* [NixOS](#nixos)
|
||||
* [OpenBSD](#openbsd)
|
||||
* [macOS](#macos)
|
||||
* [Windows](#windows)
|
||||
@ -200,6 +201,56 @@ $ sudo pacman -Syu gnupg pcsclite ccid hopenpgp-tools yubikey-personalization
|
||||
$ sudo yum install -y gnupg2 pinentry-curses pcsc-lite pcsc-lite-libs gnupg2-smime
|
||||
```
|
||||
|
||||
## NixOS
|
||||
|
||||
Generate a NixOS LiveCD image with the given config:
|
||||
|
||||
```nix
|
||||
# yubikey-installer.nix
|
||||
{ nixpkgs ? <nixpkgs>, system ? "x86_64-linux" } :
|
||||
|
||||
let
|
||||
config = { pkgs, ... }:
|
||||
with pkgs; {
|
||||
imports = [ <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-kde.nix> ];
|
||||
|
||||
boot.kernelPackages = linuxPackages_latest;
|
||||
|
||||
services.pcscd.enable = true;
|
||||
services.udev.packages = [ yubikey-personalization ];
|
||||
|
||||
environment.systemPackages = [ gnupg pinentry-curses pinentry-qt paperkey wget ];
|
||||
|
||||
programs = {
|
||||
ssh.startAgent = false;
|
||||
gnupg.agent = {
|
||||
enable = true;
|
||||
enableSSHSupport = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
evalNixos = configuration: import <nixpkgs/nixos> {
|
||||
inherit system configuration;
|
||||
};
|
||||
|
||||
in {
|
||||
iso = (evalNixos config).config.system.build.isoImage;
|
||||
}
|
||||
```
|
||||
|
||||
Build the installer and copy it to a USB drive.
|
||||
|
||||
```console
|
||||
$ nix build -f yubikey-installer.nix --out-link installer
|
||||
|
||||
$ sudo cp -v installer/iso/*.iso /dev/sdb; sync
|
||||
'installer/iso/nixos-20.03.git.c438ce1-x86_64-linux.iso' -> '/dev/sdb'
|
||||
```
|
||||
|
||||
On NixOS, ensure that you have `pinentry-program /run/current-system/sw/bin/pinentry-curses` in your `$GNUPGHOME/gpg-agent.conf` before running any `gpg` commands.
|
||||
|
||||
|
||||
## OpenBSD
|
||||
|
||||
```console
|
||||
|
Loading…
Reference in New Issue
Block a user