Kabbone/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

restructure common sshagent

Browse Source 
cleanups of commented out things
move non desktop to server config
This commit is contained in:
Kabbone 2024-07-14 12:06:47 +02:00
parent 0a775adbdc
commit d5f3aa3885
Signed by: Kabbone
SSH Key Fingerprint: SHA256:A5zPB5I6u5V78V51c362BBdCwhDhfDUVbt7NfKdjWBY
8 changed files with 30 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
hosts/configuration_desktop.nix
View File

@ -132,23 +132,13 @@
}; };
openssh = { # SSH: secure shell (remote connection to shell of server) openssh = { # SSH: secure shell (remote connection to shell of server)
enable = true; # local: $ ssh <user>@<ip> enable = true; # local: $ ssh <user>@<ip>
# public: settings = {
# - port forward 22 TCP to server PasswordAuthentication = false;
# - in case you want to use the domain name insted of the ip: PermitRootLogin = "no";
# - for me, via cloudflare, create an A record with name "ssh" to the correct ip without proxy };
# - connect via ssh <user>@<ip or ssh.domain>
# generating a key:
# - $ ssh-keygen | ssh-copy-id <ip/domain> | ssh-add
# - if ssh-add does not work: $ eval `ssh-agent -s`
# allowSFTP = true; # SFTP: secure file transfer protocol (send file to server)
# connect: $ sftp <user>@<ip/domain>
# commands:
# - lpwd & pwd = print (local) parent working directory
# - put/get <filename> = send or receive file
# extraConfig = '' # extraConfig = ''
# HostKeyAlgorithms +ssh-rsa # HostKeyAlgorithms +ssh-rsa
# ''; # Temporary extra config so ssh will work in guacamole # ''; # Temporary extra config so ssh will work in guacamole
settings.PasswordAuthentication = false;
}; };
pcscd.enable = true; pcscd.enable = true;
yubikey-agent.enable = true; yubikey-agent.enable = true;
@ -163,6 +153,17 @@
fwupd.enable = true; fwupd.enable = true;
}; };
programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
dconf.enable = true;
ssh = {
startAgent = true;
agentTimeout = "1h";
askPassword = "${pkgs.lxqt.lxqt-openssh-askpass}/bin/lxqt-openssh-askpass";
};
};
#xdg.portal = { # Required for flatpak #xdg.portal = { # Required for flatpak
# enable = true; # enable = true;
# extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; # extraPortals = [ pkgs.xdg-desktop-portal-gtk ];

18
hosts/configuration_server.nix
View File

@ -13,8 +13,6 @@
{ config, lib, pkgs, inputs, user, location, agenix, ... }: { config, lib, pkgs, inputs, user, location, agenix, ... }:
{ {
imports = # Import window or display manager. imports = # Import window or display manager.
[ [
#../modules/editors/nvim # ! Comment this out on first install ! #../modules/editors/nvim # ! Comment this out on first install !
@ -49,19 +47,22 @@
keyMap = "us"; # or us/azerty/etc keyMap = "us"; # or us/azerty/etc
}; };
security.rtkit.enable = true; security = {
security.pki.certificateFiles = [ rtkit.enable = true;
pki.certificateFiles = [
./rootCA.pem ./rootCA.pem
]; ];
};
fonts.packages = with pkgs; [ # Fonts fonts.packages = with pkgs; [ # Fonts
carlito # NixOS carlito # NixOS
vegur # NixOS vegur # NixOS
source-code-pro source-code-pro
cascadia-code
font-awesome # Icons font-awesome # Icons
hack-font hack-font
corefonts # MS corefonts # MS
intel-one-mono
cascadia-code
(nerdfonts.override { # Nerdfont Icons override (nerdfonts.override { # Nerdfont Icons override
fonts = [ fonts = [
"FiraCode" "FiraCode"
@ -74,6 +75,7 @@
TERMINAL = "alacritty"; TERMINAL = "alacritty";
EDITOR = "nvim"; EDITOR = "nvim";
VISUAL = "nvim"; VISUAL = "nvim";
BROWSER = "firefox";
}; };
systemPackages = with pkgs; [ # Default packages install system-wide systemPackages = with pkgs; [ # Default packages install system-wide
vim vim
@ -90,13 +92,15 @@
agenix.packages.x86_64-linux.default agenix.packages.x86_64-linux.default
ffmpeg ffmpeg
smartmontools smartmontools
powerline cryptsetup
python311Packages.powerline
powerline-fonts powerline-fonts
powerline-symbols powerline-symbols
tree tree
direnv
linuxPackages_latest.cpupower
btop btop
htop htop
direnv
]; ];
}; };

4
hosts/default.nix
View File

@ -154,7 +154,7 @@ in
modules = [ modules = [
agenix.nixosModules.default agenix.nixosModules.default
./nasbackup ./nasbackup
./configuration_desktop.nix ./configuration_server.nix
../modules/hardware/hydraCache.nix ../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-intel nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
@ -176,7 +176,7 @@ in
modules = [ modules = [
agenix.nixosModules.default agenix.nixosModules.default
./jupiter ./jupiter
./configuration_desktop.nix ./configuration_server.nix
../modules/hardware/hydraCache.nix ../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-intel nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd

16
hosts/desktop/default.nix
View File

@ -61,17 +61,6 @@
# ]; # ];
# }; # };
programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
dconf.enable = true;
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-curses;
};
};
services = { services = {
#auto-cpufreq.enable = true; #auto-cpufreq.enable = true;
blueman.enable = true; blueman.enable = true;
@ -95,9 +84,4 @@
}; };
#temporary bluetooth fix
# systemd.tmpfiles.rules = [
# "d /var/lib/bluetooth 700 root root - -"
# ];
# systemd.targets."bluetooth".after = ["systemd-tmpfiles-setup.service"];
} }

8
hosts/laptop/default.nix
View File

@ -58,15 +58,7 @@
}; };
programs = { # No xbacklight, this is the alterantive programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
dconf.enable = true;
light.enable = true; light.enable = true;
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-curses;
};
}; };
services = { services = {

8
hosts/steamdeck/default.nix
View File

@ -59,15 +59,7 @@
# }; # };
programs = { # No xbacklight, this is the alterantive programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
dconf.enable = true;
light.enable = true; light.enable = true;
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
#pinentryPackage = pkgs.pinentry-curses;
};
}; };
services = { services = {

4
modules/shell/zsh.nix
View File

@ -27,10 +27,6 @@
''; '';
initExtra = '' # Zsh theme initExtra = '' # Zsh theme
export GPG_TTY=$(tty)
gpg-connect-agent updatestartuptty /bye >/dev/null
unset SSH_AGENT_PID
export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
# Spaceship # Spaceship
source ${pkgs.spaceship-prompt}/share/zsh/site-functions/prompt_spaceship_setup source ${pkgs.spaceship-prompt}/share/zsh/site-functions/prompt_spaceship_setup
autoload -U promptinit; promptinit autoload -U promptinit; promptinit

2
modules/wm/sway/home.nix
View File

@ -118,7 +118,7 @@
{ command = "floating enable"; criteria = { app_id = "com.nitrokey."; }; } { command = "floating enable"; criteria = { app_id = "com.nitrokey."; }; }
{ command = "floating enable"; criteria = { app_id = "org.keepassxc.KeePassXC."; }; } { command = "floating enable"; criteria = { app_id = "org.keepassxc.KeePassXC."; }; }
{ command = "floating enable"; criteria = { app_id = "virt-manager"; }; } { command = "floating enable"; criteria = { app_id = "virt-manager"; }; }
{ command = "floating enable"; criteria = { class = "lxqt-openssh-askpass"; }; } { command = "floating enable"; criteria = { title = "^OpenSSH Authentication"; }; }
{ command = "floating enable"; criteria = { class = "pop-up"; }; } { command = "floating enable"; criteria = { class = "pop-up"; }; }
]; ];