Kabbone/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

restructure common sshagent

Browse Source 
cleanups of commented out things
move non desktop to server config
This commit is contained in:
Kabbone 2024-07-14 12:06:47 +02:00
parent 0a775adbdc
commit d5f3aa3885
Signed by: Kabbone
SSH Key Fingerprint: SHA256:A5zPB5I6u5V78V51c362BBdCwhDhfDUVbt7NfKdjWBY
8 changed files with 30 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
hosts/configuration_desktop.nix
View File

@ -132,23 +132,13 @@
};
openssh = { # SSH: secure shell (remote connection to shell of server)
enable = true; # local: $ ssh <user>@<ip>
# public:
# - port forward 22 TCP to server
# - in case you want to use the domain name insted of the ip:
# - for me, via cloudflare, create an A record with name "ssh" to the correct ip without proxy
# - connect via ssh <user>@<ip or ssh.domain>
# generating a key:
# - $ ssh-keygen | ssh-copy-id <ip/domain> | ssh-add
# - if ssh-add does not work: $ eval `ssh-agent -s`
# allowSFTP = true; # SFTP: secure file transfer protocol (send file to server)
# connect: $ sftp <user>@<ip/domain>
# commands:
# - lpwd & pwd = print (local) parent working directory
# - put/get <filename> = send or receive file
settings = {
PasswordAuthentication = false;
PermitRootLogin = "no";
};
# extraConfig = ''
# HostKeyAlgorithms +ssh-rsa
# ''; # Temporary extra config so ssh will work in guacamole
settings.PasswordAuthentication = false;
};
pcscd.enable = true;
yubikey-agent.enable = true;
@ -163,6 +153,17 @@
fwupd.enable = true;
};
programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
dconf.enable = true;
ssh = {
startAgent = true;
agentTimeout = "1h";
askPassword = "${pkgs.lxqt.lxqt-openssh-askpass}/bin/lxqt-openssh-askpass";
};
};
#xdg.portal = { # Required for flatpak
# enable = true;
# extraPortals = [ pkgs.xdg-desktop-portal-gtk ];

20
hosts/configuration_server.nix
View File

@ -13,8 +13,6 @@
{ config, lib, pkgs, inputs, user, location, agenix, ... }:
{
imports = # Import window or display manager.
[
#../modules/editors/nvim # ! Comment this out on first install !
@ -49,19 +47,22 @@
keyMap = "us"; # or us/azerty/etc
};
security.rtkit.enable = true;
security.pki.certificateFiles = [
security = {
rtkit.enable = true;
pki.certificateFiles = [
./rootCA.pem
];
];
};
fonts.packages = with pkgs; [ # Fonts
carlito # NixOS
vegur # NixOS
source-code-pro
cascadia-code
font-awesome # Icons
hack-font
corefonts # MS
intel-one-mono
cascadia-code
(nerdfonts.override { # Nerdfont Icons override
fonts = [
"FiraCode"
@ -74,6 +75,7 @@
TERMINAL = "alacritty";
EDITOR = "nvim";
VISUAL = "nvim";
BROWSER = "firefox";
};
systemPackages = with pkgs; [ # Default packages install system-wide
vim
@ -90,13 +92,15 @@
agenix.packages.x86_64-linux.default
ffmpeg
smartmontools
powerline
cryptsetup
python311Packages.powerline
powerline-fonts
powerline-symbols
tree
direnv
linuxPackages_latest.cpupower
btop
htop
direnv
];
};

4
hosts/default.nix
View File

@ -154,7 +154,7 @@ in
modules = [
agenix.nixosModules.default
./nasbackup
./configuration_desktop.nix
./configuration_server.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd
@ -176,7 +176,7 @@ in
modules = [
agenix.nixosModules.default
./jupiter
./configuration_desktop.nix
./configuration_server.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd

16
hosts/desktop/default.nix
View File

@ -61,17 +61,6 @@
# ];
# };
programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
dconf.enable = true;
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-curses;
};
};
services = {
#auto-cpufreq.enable = true;
blueman.enable = true;
@ -95,9 +84,4 @@
};
#temporary bluetooth fix
# systemd.tmpfiles.rules = [
# "d /var/lib/bluetooth 700 root root - -"
# ];
# systemd.targets."bluetooth".after = ["systemd-tmpfiles-setup.service"];
}

8
hosts/laptop/default.nix
View File

@ -58,15 +58,7 @@
};
programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
dconf.enable = true;
light.enable = true;
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-curses;
};
};
services = {

8
hosts/steamdeck/default.nix
View File

@ -59,15 +59,7 @@
# };
programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
dconf.enable = true;
light.enable = true;
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
#pinentryPackage = pkgs.pinentry-curses;
};
};
services = {

4
modules/shell/zsh.nix
View File

@ -27,10 +27,6 @@
'';
initExtra = '' # Zsh theme
export GPG_TTY=$(tty)
gpg-connect-agent updatestartuptty /bye >/dev/null
unset SSH_AGENT_PID
export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
# Spaceship
source ${pkgs.spaceship-prompt}/share/zsh/site-functions/prompt_spaceship_setup
autoload -U promptinit; promptinit

2
modules/wm/sway/home.nix
View File

@ -118,7 +118,7 @@
{ command = "floating enable"; criteria = { app_id = "com.nitrokey."; }; }
{ command = "floating enable"; criteria = { app_id = "org.keepassxc.KeePassXC."; }; }
{ command = "floating enable"; criteria = { app_id = "virt-manager"; }; }
{ command = "floating enable"; criteria = { class = "lxqt-openssh-askpass"; }; }
{ command = "floating enable"; criteria = { title = "^OpenSSH Authentication"; }; }
{ command = "floating enable"; criteria = { class = "pop-up"; }; }
];