ffedee6ed5
This has some advantages: * You get ssh-agent regardless of how you logged in. Previously it was only started for X11 sessions. * All sessions of a user share the same agent. So if you added a key on tty1, it will also be available on tty2. * Systemd will restart ssh-agent if it dies. * $SSH_AUTH_SOCK now points to the /run/user/<uid> directory, which is more secure than /tmp. For bonus points, we should patch ssh-agent to support socket-based activation...
47 lines
1.2 KiB
Nix
47 lines
1.2 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
|
|
{
|
|
options = {
|
|
gnu = mkOption {
|
|
type = types.bool;
|
|
default = false;
|
|
description =
|
|
'' When enabled, GNU software is chosen by default whenever a there is
|
|
a choice between GNU and non-GNU software (e.g., GNU lsh
|
|
vs. OpenSSH).
|
|
'';
|
|
};
|
|
};
|
|
|
|
config = mkIf config.gnu {
|
|
|
|
environment.systemPackages = with pkgs;
|
|
# TODO: Adjust `requiredPackages' from `system-path.nix'.
|
|
# TODO: Add Inetutils once it has the new `ifconfig'.
|
|
[ parted
|
|
#fdisk # XXX: GNU fdisk currently fails to build and it's redundant
|
|
# with the `parted' command.
|
|
nano zile
|
|
texinfo # for the stand-alone Info reader
|
|
]
|
|
++ stdenv.lib.optional (!stdenv.isArm) grub2;
|
|
|
|
|
|
# GNU GRUB, where available.
|
|
boot.loader.grub.enable = !pkgs.stdenv.isArm;
|
|
boot.loader.grub.version = 2;
|
|
|
|
# GNU lsh.
|
|
services.openssh.enable = false;
|
|
services.lshd.enable = true;
|
|
programs.ssh.startAgent = false;
|
|
services.xserver.startGnuPGAgent = true;
|
|
|
|
# TODO: GNU dico.
|
|
# TODO: GNU Inetutils' inetd.
|
|
# TODO: GNU Pies.
|
|
};
|
|
}
|