 ffedee6ed5
			
		
	
	
		ffedee6ed5
		
	
	
	
	
		
			
			This has some advantages: * You get ssh-agent regardless of how you logged in. Previously it was only started for X11 sessions. * All sessions of a user share the same agent. So if you added a key on tty1, it will also be available on tty2. * Systemd will restart ssh-agent if it dies. * $SSH_AUTH_SOCK now points to the /run/user/<uid> directory, which is more secure than /tmp. For bonus points, we should patch ssh-agent to support socket-based activation...
		
			
				
	
	
		
			47 lines
		
	
	
		
			1.2 KiB
		
	
	
	
		
			Nix
		
	
	
	
	
	
			
		
		
	
	
			47 lines
		
	
	
		
			1.2 KiB
		
	
	
	
		
			Nix
		
	
	
	
	
	
| { config, lib, pkgs, ... }:
 | |
| 
 | |
| with lib;
 | |
| 
 | |
| {
 | |
|   options = {
 | |
|     gnu = mkOption {
 | |
|       type = types.bool;
 | |
|       default = false;
 | |
|       description =
 | |
|         '' When enabled, GNU software is chosen by default whenever a there is
 | |
|            a choice between GNU and non-GNU software (e.g., GNU lsh
 | |
|            vs. OpenSSH).
 | |
|         '';
 | |
|     };
 | |
|   };
 | |
| 
 | |
|   config = mkIf config.gnu {
 | |
| 
 | |
|     environment.systemPackages = with pkgs;
 | |
|       # TODO: Adjust `requiredPackages' from `system-path.nix'.
 | |
|       # TODO: Add Inetutils once it has the new `ifconfig'.
 | |
|       [ parted
 | |
|         #fdisk  # XXX: GNU fdisk currently fails to build and it's redundant
 | |
|                 # with the `parted' command.
 | |
|         nano zile
 | |
|         texinfo # for the stand-alone Info reader
 | |
|       ]
 | |
|       ++ stdenv.lib.optional (!stdenv.isArm) grub2;
 | |
| 
 | |
| 
 | |
|     # GNU GRUB, where available.
 | |
|     boot.loader.grub.enable = !pkgs.stdenv.isArm;
 | |
|     boot.loader.grub.version = 2;
 | |
| 
 | |
|     # GNU lsh.
 | |
|     services.openssh.enable = false;
 | |
|     services.lshd.enable = true;
 | |
|     programs.ssh.startAgent = false;
 | |
|     services.xserver.startGnuPGAgent = true;
 | |
| 
 | |
|     # TODO: GNU dico.
 | |
|     # TODO: GNU Inetutils' inetd.
 | |
|     # TODO: GNU Pies.
 | |
|   };
 | |
| }
 |