nix
/
nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
nixos-config/config/profiles/common.nix

96 lines
2.0 KiB
Nix
Raw Blame History

{ config, lib, pkgs, ... }:
with lib;
let
# Available to all users on the system. Keep it minimal.
global-packages = with pkgs; [ openssh_gssapi vim wget ];
in {
environment = {
etc.current-nixos-config.source = ../../.;
systemPackages = global-packages;
shellInit = ''
${pkgs.gnupg}/bin/gpg-connect-agent /bye
export SSH_AUTH_SOCK=$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket)
'';
};
nixpkgs.config.allowUnfree = true;
security.acme.acceptTerms = true;
system.autoUpgrade.enable = true;
services = {
openssh = {
enable = true;
startWhenNeeded = true;
useDns = true;
permitRootLogin = "prohibit-password";
extraConfig = ''
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
'';
# FIXME: add all the hosts we know about
knownHosts = {
# publicKey, hostNames
};
};
xserver = {
layout = "us";
xkbVariant = "dvp";
xkbOptions = "ctrl:nocaps";
};
# pcscd.enable = true;
# udev.packages = with pkgs; [ yubikey-personalization ];
};
console.useXkbConfig = true;
i18n.defaultLocale = "en_US.UTF-8";
programs = {
mosh.enable = true;
bash.enableCompletion = true;
fish.enable = true;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
# pinentryFlavor = if cfg.enable-gui then "gnome3" else "curses";
};
ssh = {
# Use GPG agent instead
startAgent = false;
package = pkgs.openssh_gssapi;
extraConfig = ''
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
'';
};
};
security.pam = {
enableSSHAgentAuth = true;
services = {
sshd = {
makeHomeDir = true;
sshAgentAuth = true;
# This isn't supposed to ask for a code unless ~/.google_authenticator exists...but it does
# googleAuthenticator.enable = true;
};
};
};
services.dbus.socketActivated = true;
}
Reference in New Issue View Git Blame Copy Permalink