From 40ba1950f1b5c8d62687adf05381e691628c0620 Mon Sep 17 00:00:00 2001 From: Mike Vink Date: Sat, 12 Oct 2024 23:02:20 +0200 Subject: make gpg image --- drduh/installer | 1 - drduh/signed.txt | 20 --- drduh/yubikey-installer.nix | 171 ------------------------ flake.lock | 66 ++++++++- flake.nix | 15 +++ iso.nix | 20 --- machines/gpg.nix | 287 ++++++++++++++++++++++++++++++++++++++++ machines/lemptop.nix | 12 +- mut/lf/icons | 2 +- profiles/core/neovim.nix | 22 +-- profiles/graphical/suckless.nix | 10 +- profiles/station/packages.nix | 1 - run.sh | 10 -- 13 files changed, 388 insertions(+), 249 deletions(-) delete mode 120000 drduh/installer delete mode 100644 drduh/signed.txt delete mode 100644 drduh/yubikey-installer.nix delete mode 100644 iso.nix create mode 100644 machines/gpg.nix delete mode 100755 run.sh diff --git a/drduh/installer b/drduh/installer deleted file mode 120000 index 5743a7f..0000000 --- a/drduh/installer +++ /dev/null @@ -1 +0,0 @@ -/nix/store/bc1gji3lg1yqs4c8yazdfdgwj2aqb676-nixos-yubikey-22.11beta-297654.gfedcba-x86_64-linux.iso \ No newline at end of file diff --git a/drduh/signed.txt b/drduh/signed.txt deleted file mode 100644 index e5ee920..0000000 --- a/drduh/signed.txt +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA512 - -test message string ------BEGIN PGP SIGNATURE----- - -iQIzBAEBCgAdFiEEZEPiBfFrOLTcspamK6IYQ5k48SgFAmSjBIQACgkQK6IYQ5k4 -8ShT6Q/6AlvJQ4+7bNUTanYsm1i1coAwedVYhtys2IJEZ39U1mBp7s23NqntB8fB -huZasAfK0uOyfD263/RxVLKit2iKQRd5SzdbNIlUCHW2M+a8ueJwe+rYanIz8zLD -cr5ykWgB6RTgVRLZTK0R1Nk3j2ojlW3N9VmtiUnEAq7aSbzk0071edRvKSw4g6vJ -E8BrbE8SuhreYVtceiyLUp8w1XKosSVafbD2hhNe+MPCgjVJwVs82f2PzEs8OOSP -omQw/fLO51gnBx1Si0b37M5Ye+6Q9CAA9AY61+U3MumBQTKVpwL/XEvRgioXmBPY -tvqkD4PON7SjxLKI33daVgitBDeoweZ93NwBHGQ9neWLjSVbkl4fzrjw3MU3dDc5 -w/RjqAiaTdFb/MJ/kgUdj6xAi81JRh/rcHFfwF16gqRiaqgJG1CQrCYGtq13O+Ik -EtsCbQcgzhBQonrFgFNc881YABnXKpFnFR+Xuq1zRryxdyOyqFrQ8qV1WPIck00E -6hd/qFUdnVDulf9jzRmDer5yo916g/8KXMsWP45XXvoEL/5weI5kalCJbQl6k/xu -89RNwu4uJzWFKER1JAQvTC6vzI7D4f6OKc+uCyy5lNq0iuEx9xzDxdaHPaGAgYgv -5tB6TPfiixnHayj2P5svcmZxTGxk7X5cJ8cUtcIBz9dLg2FasrU= -=Xa80 ------END PGP SIGNATURE----- diff --git a/drduh/yubikey-installer.nix b/drduh/yubikey-installer.nix deleted file mode 100644 index 7c8a428..0000000 --- a/drduh/yubikey-installer.nix +++ /dev/null @@ -1,171 +0,0 @@ -# yubikey-installer.nix -let - configuration = { config, lib, pkgs, ... }: - with pkgs; - let - src = fetchGit "https://github.com/drduh/YubiKey-Guide"; - - guide = "${src}/README.md"; - - contrib = "${src}/contrib"; - - drduhConfig = fetchGit "https://github.com/drduh/config"; - - gpg-conf = "${drduhConfig}/gpg.conf"; - - xserverCfg = config.services.xserver; - - pinentryFlavour = if xserverCfg.desktopManager.lxqt.enable || xserverCfg.desktopManager.plasma5.enable then - "qt" - else if xserverCfg.desktopManager.xfce.enable then - "gtk2" - else if xserverCfg.enable || config.programs.sway.enable then - "gnome3" - else - "curses"; - - # Instead of hard-coding the pinentry program, chose the appropriate one - # based on the environment of the image the user has chosen to build. - gpg-agent-conf = runCommand "gpg-agent.conf" {} '' - sed '/pinentry-program/d' ${drduhConfig}/gpg-agent.conf > $out - echo "pinentry-program ${pinentry.${pinentryFlavour}}/bin/pinentry" >> $out - ''; - - view-yubikey-guide = writeShellScriptBin "view-yubikey-guide" '' - viewer="$(type -P xdg-open || true)" - if [ -z "$viewer" ]; then - viewer="${glow}/bin/glow -p" - fi - exec $viewer "${guide}" - ''; - - shortcut = makeDesktopItem { - name = "yubikey-guide"; - icon = "${yubikey-manager-qt}/share/ykman-gui/icons/ykman.png"; - desktopName = "drduh's YubiKey Guide"; - genericName = "Guide to using YubiKey for GPG and SSH"; - comment = "Open the guide in a reader program"; - categories = [ "Documentation" ]; - exec = "${view-yubikey-guide}/bin/view-yubikey-guide"; - }; - - yubikey-guide = symlinkJoin { - name = "yubikey-guide"; - paths = [ view-yubikey-guide shortcut ]; - }; - - in { - nixpkgs.config = { allowBroken = true; }; - - isoImage.isoBaseName = lib.mkForce "nixos-yubikey"; - # Uncomment this to disable compression and speed up image creation time - #isoImage.squashfsCompression = "gzip -Xcompression-level 1"; - - boot.kernelPackages = linuxPackages_latest; - # Always copytoram so that, if the image is booted from, e.g., a - # USB stick, nothing is mistakenly written to persistent storage. - boot.kernelParams = [ "copytoram" ]; - # Secure defaults - boot.cleanTmpDir = true; - boot.kernel.sysctl = { "kernel.unprivileged_bpf_disabled" = 1; }; - - services.pcscd.enable = true; - services.udev.packages = [ yubikey-personalization ]; - - programs = { - ssh.startAgent = false; - gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - }; - - environment.systemPackages = [ - # Tools for backing up keys - paperkey - pgpdump - parted - cryptsetup - - # Yubico's official tools - yubikey-manager - yubikey-manager-qt - yubikey-personalization - yubikey-personalization-gui - yubico-piv-tool - yubioath-desktop - - # Testing - ent - (haskell.lib.justStaticExecutables haskellPackages.hopenpgp-tools) - - # Password generation tools - diceware - pwgen - - # Miscellaneous tools that might be useful beyond the scope of the guide - cfssl - pcsctools - - # This guide itself (run `view-yubikey-guide` on the terminal to open it - # in a non-graphical environment). - yubikey-guide - ]; - - # Disable networking so the system is air-gapped - # Comment all of these lines out if you'll need internet access - boot.initrd.network.enable = false; - networking.dhcpcd.enable = false; - networking.dhcpcd.allowInterfaces = []; - networking.interfaces = {}; - networking.firewall.enable = true; - networking.useDHCP = false; - networking.useNetworkd = false; - networking.wireless.enable = false; - networking.networkmanager.enable = lib.mkForce false; - - # Unset history so it's never stored - # Set GNUPGHOME to an ephemeral location and configure GPG with the - # guide's recommended settings. - environment.interactiveShellInit = '' - unset HISTFILE - export GNUPGHOME="/run/user/$(id -u)/gnupg" - if [ ! -d "$GNUPGHOME" ]; then - echo "Creating \$GNUPGHOME…" - install --verbose -m=0700 --directory="$GNUPGHOME" - fi - [ ! -f "$GNUPGHOME/gpg.conf" ] && cp --verbose ${gpg-conf} "$GNUPGHOME/gpg.conf" - [ ! -f "$GNUPGHOME/gpg-agent.conf" ] && cp --verbose ${gpg-agent-conf} "$GNUPGHOME/gpg-agent.conf" - echo "\$GNUPGHOME is \"$GNUPGHOME\"" - ''; - - # Copy the contents of contrib to the home directory, add a shortcut to - # the guide on the desktop, and link to the whole repo in the documents - # folder. - system.activationScripts.yubikeyGuide = let - homeDir = "/home/nixos/"; - desktopDir = homeDir + "Desktop/"; - documentsDir = homeDir + "Documents/"; - in '' - mkdir -p ${desktopDir} ${documentsDir} - chown nixos ${homeDir} ${desktopDir} ${documentsDir} - - cp -R ${contrib}/* ${homeDir} - ln -sf ${yubikey-guide}/share/applications/yubikey-guide.desktop ${desktopDir} - ln -sfT ${src} ${documentsDir}/YubiKey-Guide - ''; - }; - - nixos = import { - inherit configuration; - supportedSystems = [ "x86_64-linux" ]; - }; - - # Choose the one you like: - #nixos-yubikey = nixos.iso_minimal; # No graphical environment - #nixos-yubikey = nixos.iso_gnome; - nixos-yubikey = nixos.iso_plasma5; - -in { - inherit nixos-yubikey; -} diff --git a/flake.lock b/flake.lock index 5d73e46..7e2f64b 100644 --- a/flake.lock +++ b/flake.lock @@ -57,6 +57,41 @@ "type": "github" } }, + "drduh-yubikey-guide": { + "inputs": { + "drduhConfig": "drduhConfig", + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1724007622, + "narHash": "sha256-f9jHcgMdoPF4Pu2IdxnUoSG62XJpqyRXf+gCIg4dYkk=", + "owner": "drduh", + "repo": "YubiKey-Guide", + "rev": "e218607c1f7c7573860f7e4d7bfd8ba1f8266736", + "type": "github" + }, + "original": { + "owner": "drduh", + "repo": "YubiKey-Guide", + "type": "github" + } + }, + "drduhConfig": { + "flake": false, + "locked": { + "lastModified": 1719781410, + "narHash": "sha256-cmtAG7UQX7mVNoHHpVIqasfkjnO7VtBMcz8MJ7frO0k=", + "owner": "drduh", + "repo": "config", + "rev": "4eca229664d056737f1a097cdbdb10e5f247b0bc", + "type": "github" + }, + "original": { + "owner": "drduh", + "repo": "config", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -276,7 +311,7 @@ "git-hooks": "git-hooks", "hercules-ci-effects": "hercules-ci-effects", "neovim-src": "neovim-src", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1720861673, @@ -358,6 +393,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1721226092, + "narHash": "sha256-UBvzVpo5sXSi2S/Av+t+Q+C2mhMIw/LBEZR+d6NMjws=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c716603a63aca44f39bef1986c13402167450e0a", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1720750130, "narHash": "sha256-y2wc7CdK0vVSIbx7MdVoZzuMcUoLvZXm+pQf2RIr1OU=", @@ -373,7 +424,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1720768451, "narHash": "sha256-EYekUHJE2gxeo2pM/zM9Wlqw1Uw2XTJXOSAO79ksc4Y=", @@ -389,7 +440,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1709703039, "narHash": "sha256-6hqgQ8OK6gsMu1VtcGKBxKQInRLHtzulDo9Z5jxHEFY=", @@ -404,7 +455,7 @@ "type": "indirect" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1713284584, "narHash": "sha256-rRuPBJD9+yjz7tY3xC/BvFUwloutynR9piiVE6fhGqo=", @@ -424,10 +475,11 @@ "inputs": { "deploy-rs": "deploy-rs", "dns": "dns", + "drduh-yubikey-guide": "drduh-yubikey-guide", "home-manager": "home-manager", "neovim-nightly-overlay": "neovim-nightly-overlay", "nix-darwin": "nix-darwin", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "simple-nixos-mailserver": "simple-nixos-mailserver", "sops-nix": "sops-nix" } @@ -436,7 +488,7 @@ "inputs": { "blobs": "blobs", "flake-compat": "flake-compat_4", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "utils": "utils_2" }, "locked": { @@ -455,7 +507,7 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "nixpkgs-stable": "nixpkgs-stable" }, "locked": { diff --git a/flake.nix b/flake.nix index 525dfcd..4a9d776 100644 --- a/flake.nix +++ b/flake.nix @@ -15,6 +15,7 @@ }; simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; neovim-nightly-overlay.url = "github:nix-community/neovim-nightly-overlay"; + drduh-yubikey-guide.url = "github:drduh/YubiKey-Guide"; nix-darwin = { url = "path:/Users/ivi/nix-darwin"; inputs.nixpkgs.follows = "nixpkgs"; @@ -117,6 +118,20 @@ }; }; + gpg = { + system = "aarch64-linux"; + modules = + [ + (import ./machines/gpg.nix inputs.drduh-yubikey-guide) + ./profiles/core/configuration.nix + ./profiles/core/hm.nix + ./profiles/core/meta.nix + ./profiles/core/neovim.nix + ] + ++ modulesIn ./profiles/graphical; + opts = { }; + }; + vm-aarch64 = { system = "aarch64-linux"; modules = diff --git a/iso.nix b/iso.nix deleted file mode 100644 index 6555dc6..0000000 --- a/iso.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ lib, modulesPath, ... }: with lib; { - imports = [ - "${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix" - ./profiles/core/configuration.nix - ./profiles/core/hm.nix - ./profiles/core/git.nix - ./profiles/core/neovim.nix - ]; - options = { - secrets = mkSinkUndeclaredOptions {}; - }; - config = { - nix.settings = { - experimental-features = [ "nix-command" "flakes" "ca-derivations" ]; - warn-dirty = false; - }; - services.getty.autologinUser = mkForce ivi.username; - hm.xdg.configFile."nvim".source = ./mut/neovim; - }; -} diff --git a/machines/gpg.nix b/machines/gpg.nix new file mode 100644 index 0000000..5bde3fc --- /dev/null +++ b/machines/gpg.nix @@ -0,0 +1,287 @@ +self: { lib, modulesPath, ... }: with lib; { + imports = [ + "${modulesPath}/profiles/all-hardware.nix" + "${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix" + ( + { + lib, + pkgs, + config, + ... + }: let + gpgAgentConf = pkgs.runCommand "gpg-agent.conf" {} '' + cat <<'CONFIG' > $out + # https://github.com/drduh/config/blob/master/gpg-agent.conf + # https://www.gnupg.org/documentation/manuals/gnupg/Agent-Options.html + pinentry-program /usr/bin/pinentry-curses + enable-ssh-support + ttyname $GPG_TTY + default-cache-ttl 60 + max-cache-ttl 120 + CONFIG + ''; + gpgConf = pkgs.runCommand "gpg.conf" {} '' + cat <<'CONFIG' > $out + # https://github.com/drduh/config/blob/master/gpg.conf + # https://www.gnupg.org/documentation/manuals/gnupg/GPG-Options.html + # 'gpg --version' to get capabilities + # Use AES256, 192, or 128 as cipher + personal-cipher-preferences AES256 AES192 AES + # Use SHA512, 384, or 256 as digest + personal-digest-preferences SHA512 SHA384 SHA256 + # Use ZLIB, BZIP2, ZIP, or no compression + personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed + # Default preferences for new keys + default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed + # SHA512 as digest to sign keys + cert-digest-algo SHA512 + # SHA512 as digest for symmetric ops + s2k-digest-algo SHA512 + # AES256 as cipher for symmetric ops + s2k-cipher-algo AES256 + # UTF-8 support for compatibility + charset utf-8 + # No comments in messages + no-comments + # No version in output + no-emit-version + # Disable banner + no-greeting + # Long key id format + keyid-format 0xlong + # Display UID validity + list-options show-uid-validity + verify-options show-uid-validity + # Display all keys and their fingerprints + with-fingerprint + # Display key origins and updates + #with-key-origin + # Cross-certify subkeys are present and valid + require-cross-certification + # Disable caching of passphrase for symmetrical ops + no-symkey-cache + # Output ASCII instead of binary + armor + # Enable smartcard + use-agent + # Disable recipient key ID in messages (breaks Mailvelope) + throw-keyids + # Default key ID to use (helpful with throw-keyids) + #default-key 0xFF00000000000001 + #trusted-key 0xFF00000000000001 + # Group recipient keys (preferred ID last) + #group keygroup = 0xFF00000000000003 0xFF00000000000002 0xFF00000000000001 + # Keyserver URL + #keyserver hkps://keys.openpgp.org + #keyserver hkps://keys.mailvelope.com + #keyserver hkps://keyserver.ubuntu.com:443 + #keyserver hkps://pgpkeys.eu + #keyserver hkps://pgp.circl.lu + #keyserver hkp://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion + # Keyserver proxy + #keyserver-options http-proxy=http://127.0.0.1:8118 + #keyserver-options http-proxy=socks5-hostname://127.0.0.1:9050 + # Enable key retrieval using WKD and DANE + #auto-key-locate wkd,dane,local + #auto-key-retrieve + # Trust delegation mechanism + #trust-model tofu+pgp + # Show expired subkeys + #list-options show-unusable-subkeys + # Verbose output + #verbose + CONFIG + ''; + + dicewareAddress = "localhost"; + dicewarePort = 8080; + viewYubikeyGuide = pkgs.writeShellScriptBin "view-yubikey-guide" '' + viewer="${pkgs.glow}/bin/glow -p" + exec $viewer "${self}/README.md" + ''; + yubikeyGuide = pkgs.symlinkJoin { + name = "yubikey-guide"; + paths = [viewYubikeyGuide]; + }; + dicewareScript = pkgs.writeShellScriptBin "diceware-webapp" '' + viewer="$(type -P xdg-open || true)" + if [ -z "$viewer" ]; then + viewer="chromium" + fi + exec $viewer "http://"${lib.escapeShellArg dicewareAddress}":${toString dicewarePort}/index.html" + ''; + dicewarePage = pkgs.stdenv.mkDerivation { + name = "diceware-page"; + src = pkgs.fetchFromGitHub { + owner = "grempe"; + repo = "diceware"; + rev = "9ef886a2a9699f73ae414e35755fd2edd69983c8"; + sha256 = "44rpK8svPoKx/e/5aj0DpEfDbKuNjroKT4XUBpiOw2g="; + }; + patches = [ + # Include changes published on https://secure.research.vt.edu/diceware/ + (self + /diceware-vt.patch) + ]; + buildPhase = '' + cp -a . $out + ''; + }; + in { + isoImage = { + isoName = mkForce "yubikeyLive.iso"; + # As of writing, zstd-based iso is 1542M, takes ~2mins to + # compress. If you prefer a smaller image and are happy to + # wait, delete the line below, it will default to a + # slower-but-smaller xz (1375M in 8mins as of writing). + squashfsCompression = "zstd"; + + appendToMenuLabel = " YubiKey Live ${self.lastModifiedDate}"; + makeEfiBootable = true; # EFI booting + makeUsbBootable = true; # USB booting + }; + + swapDevices = []; + + boot = { + tmp.cleanOnBoot = true; + kernel.sysctl = {"kernel.unprivileged_bpf_disabled" = 1;}; + }; + + services = { + pcscd.enable = true; + udev.packages = [pkgs.yubikey-personalization]; + # Automatically log in at the virtual consoles. + getty.autologinUser = mkForce my.username; + displayManager = { + autoLogin = { + enable = true; + user = my.username; + }; + }; + # Host the `https://secure.research.vt.edu/diceware/` website offline + nginx = { + enable = true; + virtualHosts."diceware.local" = { + listen = [ + { addr = dicewareAddress; port = dicewarePort; } + ]; + root = "${dicewarePage}"; + }; + }; + }; + + programs = { + ssh.startAgent = false; + gnupg = { + dirmngr.enable = true; + agent = { + enable = true; + enableSSHSupport = true; + }; + }; + }; + + security = { + pam.services.lightdm.text = '' + auth sufficient pam_succeed_if.so user ingroup wheel + ''; + sudo = { + enable = true; + wheelNeedsPassword = false; + }; + }; + + environment.systemPackages = with pkgs; [ + # Tools for backing up keys + paperkey + pgpdump + parted + cryptsetup + + # Yubico's official tools + yubikey-manager + yubikey-manager-qt + yubikey-personalization + yubikey-personalization-gui + yubico-piv-tool + yubioath-flutter + + # Testing + ent + + # Password generation tools + diceware + pwgen + rng-tools + + # Might be useful beyond the scope of the guide + cfssl + pcsctools + tmux + htop + + # This guide itself (run `view-yubikey-guide` on the terminal + # to open it in a non-graphical environment). + yubikeyGuide + dicewareScript + + # PDF and Markdown viewer + zathura + glow + ]; + + # Disable networking so the system is air-gapped + # Comment all of these lines out if you'll need internet access + boot.initrd.network.enable = false; + networking = { + resolvconf.enable = false; + dhcpcd.enable = false; + dhcpcd.allowInterfaces = []; + interfaces = {}; + firewall.enable = true; + useDHCP = false; + useNetworkd = false; + wireless.enable = false; + networkmanager.enable = lib.mkForce false; + }; + + # Unset history so it's never stored Set GNUPGHOME to an + # ephemeral location and configure GPG with the guide + + environment.interactiveShellInit = '' + unset HISTFILE + export GNUPGHOME="/run/user/$(id -u)/gnupg" + if [ ! -d "$GNUPGHOME" ]; then + echo "Creating \$GNUPGHOME…" + install --verbose -m=0700 --directory="$GNUPGHOME" + fi + [ ! -f "$GNUPGHOME/gpg.conf" ] && cp --verbose "${gpgConf}" "$GNUPGHOME/gpg.conf" + [ ! -f "$GNUPGHOME/gpg-agent.conf" ] && cp --verbose ${gpgAgentConf} "$GNUPGHOME/gpg-agent.conf" + echo "\$GNUPGHOME is \"$GNUPGHOME\"" + ''; + + hm.xsession.initExtra = '' + ${pkgs.xorg.xset}/bin/xset r rate 230 30 + [ -z "$(lsusb | grep microdox)" ] && ${pkgs.xorg.setxkbmap}/bin/setxkbmap -option "ctrl:swapcaps" + dwm + ''; + + # Copy the contents of contrib to the home directory, add a + # shortcut to the guide on the desktop, and link to the whole + # repo in the documents folder. + system.activationScripts.yubikeyGuide = let + homeDir = "/home/${my.username}/"; + desktopDir = homeDir + "Desktop/"; + documentsDir = homeDir + "Documents/"; + in '' + mkdir -p ${desktopDir} ${documentsDir} + chown ${my.username} ${homeDir} ${desktopDir} ${documentsDir} + + cp -R ${self}/contrib/* ${homeDir} + ln -sfT ${self} ${documentsDir}/YubiKey-Guide + ''; + system.stateVersion = "24.05"; + } + ) + ]; +} diff --git a/machines/lemptop.nix b/machines/lemptop.nix index 7b79436..7f820ec 100644 --- a/machines/lemptop.nix +++ b/machines/lemptop.nix @@ -6,10 +6,10 @@ with lib; ]; # networking.nameservers = ["192.168.2.13"]; hm.xsession.initExtra = '' - ${pkgs.xorg.xset}/bin/xset r rate 230 30 - [ -z "$(lsusb | grep microdox)" ] && ${pkgs.xorg.setxkbmap}/bin/setxkbmap -option "ctrl:swapcaps" - wal -R - dwm + ${pkgs.xorg.xset}/bin/xset r rate 230 30 + [ -z "$(lsusb | grep microdox)" ] && ${pkgs.xorg.setxkbmap}/bin/setxkbmap -option "ctrl:swapcaps" + wal -R + dwm ''; sops.age.keyFile = "${config.hm.xdg.configHome}/sops/age/keys.txt"; @@ -51,8 +51,8 @@ with lib; services.pcscd.enable = true; security.pam.services = { - login.u2fAuth = true; - sudo.u2fAuth = true; + login.u2fAuth = true; + sudo.u2fAuth = true; }; services.udev.packages = [ pkgs.yubikey-personalization ]; services.udev.extraRules = '' diff --git a/mut/lf/icons b/mut/lf/icons index 5cc9ec7..f73fc8a 120000 --- a/mut/lf/icons +++ b/mut/lf/icons @@ -1 +1 @@ -/nix/store/yqz5fj6agapq9h3dd7dy39qgpzh8njz9-home-manager-files/.config/lf/icons \ No newline at end of file +/nix/store/kqcbl59130957h7vad2yhmcwf8pnxjbs-home-manager-files/.config/lf/icons \ No newline at end of file diff --git a/profiles/core/neovim.nix b/profiles/core/neovim.nix index d59d81f..a9be1c4 100644 --- a/profiles/core/neovim.nix +++ b/profiles/core/neovim.nix @@ -30,17 +30,17 @@ viAlias = true; vimAlias = true; extraPackages = with pkgs; [ - bashInteractive - pyright - gopls - fennel - fnlfmt - alejandra - statix - fzf - nil - shellcheck - vale + # bashInteractive + # pyright + # gopls + # fennel + # fnlfmt + # alejandra + # statix + # fzf + # nil + # shellcheck + # vale ]; plugins = with pkgs.vimPlugins; [ # highlighting diff --git a/profiles/graphical/suckless.nix b/profiles/graphical/suckless.nix index fa12d06..8398f91 100644 --- a/profiles/graphical/suckless.nix +++ b/profiles/graphical/suckless.nix @@ -75,7 +75,6 @@ pywal inotify-tools - (nerdfonts.override {fonts = ["FiraCode" "JetBrainsMono"];}) dmenu # librewolf ungoogled-chromium @@ -84,6 +83,15 @@ maim asciinema asciinema-agg + fontconfig + ]; + }; + fonts = { + fontconfig = { + enable = true; + }; + packages = with pkgs; [ + (nerdfonts.override {fonts = ["FiraCode" "JetBrainsMono"];}) ]; }; } diff --git a/profiles/station/packages.nix b/profiles/station/packages.nix index ec70d43..26ed4a8 100644 --- a/profiles/station/packages.nix +++ b/profiles/station/packages.nix @@ -6,7 +6,6 @@ }: with lib; { hm = { home.packages = with pkgs; [ - (nerdfonts.override {fonts = ["FiraCode" "JetBrainsMono"];}) python311Packages.editorconfig calcurse bashInteractive diff --git a/run.sh b/run.sh deleted file mode 100755 index 7c5216d..0000000 --- a/run.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh -virt-install \ - --connect qemu:///system \ - --name test-vm \ - --memory 4096 \ - --disk size=40 \ - --boot uefi \ - --graphics spice \ - --cdrom ./result/iso/nixos-24.05.20231204.2c7f3c0-x86_64-linux.iso - -- cgit v1.2.3