Added yubikey USB image

2020-03-10 00:13:32 +10:00 · 2020-03-10 00:13:32 +10:00 · 5a2e195027
parent af2a315310
commit 5a2e195027
1 changed files with 37 additions and 0 deletions
--- a/images/usb-yubikey.nix
+++ b/images/usb-yubikey.nix
@ -0,0 +1,37 @@
+# Configuration for USB image for air gapped Yubikey machine
+#
+# Usage: nix-build -A iso images/usb-yubikey.nix
+
+{ nixpkgs? <nixpkgs>, system ? "x86_64-linux" }:
+
+let
+  config = { pkgs, ... }: {
+    imports = [<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>];
+    boot.supportedFilesystems = [ "zfs" ];
+    boot.kernelParams = [ "console=ttyS0,115200n8" ];
+    programs = {
+      ssh.startAgent = false;
+      gnupg.agent = {
+        enable = true;
+        enableSSHSupport = true;
+      };
+    };
+    services.pcscd.enable = true;
+    services.udev.packages = [ pkgs.yubikey-personalization ];
+    environment.systemPackages = with pkgs; [
+      curl               # Tool for transferring files with URL syntax
+      gnupg              # GNU Privacy Guard
+      paperkey           # Store OpenPGP or GnuPG on paper
+      pinentry_ncurses   # GnuPG’s interface to passphrase input
+      wget               # Retrieve files using HTTP, HTTPS, and FTP
+    ];
+    nixpkgs.config.allowUnfree = true;
+    services.openssh.enable = false;
+  };
+  evalNixos = configuration: import <nixpkgs/nixos> {
+    inherit system configuration;
+  };
+
+in {
+  iso = (evalNixos config).config.system.build.isoImage;
+  }