mio-ops/images/usb-yubikey.nix

37 lines
1.2 KiB
Nix
Raw Permalink Normal View History

2020-03-09 14:13:32 +00:00
# Configuration for USB image for air gapped Yubikey machine
#
# Usage: nix-build -A iso images/usb-yubikey.nix
2022-03-07 14:26:15 +00:00
{
nixpkgs ? <nixpkgs>,
system ? "x86_64-linux",
}: let
config = {pkgs, ...}:
2021-11-16 04:57:23 +00:00
with pkgs; {
imports = [
<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
];
2022-03-07 14:26:15 +00:00
boot.supportedFilesystems = ["zfs"];
boot.kernelParams = ["console=ttyS0,115200n8"];
2021-11-16 04:57:23 +00:00
programs = {
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
2020-03-09 14:13:32 +00:00
};
2021-11-16 04:57:23 +00:00
services.pcscd.enable = true;
2022-03-07 14:26:15 +00:00
services.udev.packages = [yubikey-personalization];
2021-11-16 04:57:23 +00:00
environment.systemPackages = [
curl # Tool for transferring files with URL syntax
gnupg # GNU Privacy Guard
paperkey # Store OpenPGP or GnuPG on paper
pinentry # GnuPGs interface to passphrase input
wget # Retrieve files using HTTP, HTTPS, and FTP
];
nixpkgs.config.allowUnfree = true;
#services.openssh.enable = false;
2020-03-09 14:13:32 +00:00
};
2021-11-16 04:57:23 +00:00
evalNixos = configuration:
2022-03-07 14:26:15 +00:00
import <nixpkgs/nixos> {inherit system configuration;};
in {iso = (evalNixos config).config.system.build.isoImage;}