Added yubikey USB image

This commit is contained in:
Craige McWhirter 2020-03-10 00:13:32 +10:00
parent af2a315310
commit 5a2e195027
Signed by: sercanto
GPG key ID: 7DBA9F5689EFB6AA

37
images/usb-yubikey.nix Normal file
View file

@ -0,0 +1,37 @@
# Configuration for USB image for air gapped Yubikey machine
#
# Usage: nix-build -A iso images/usb-yubikey.nix
{ nixpkgs? <nixpkgs>, system ? "x86_64-linux" }:
let
config = { pkgs, ... }: {
imports = [<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>];
boot.supportedFilesystems = [ "zfs" ];
boot.kernelParams = [ "console=ttyS0,115200n8" ];
programs = {
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
};
services.pcscd.enable = true;
services.udev.packages = [ pkgs.yubikey-personalization ];
environment.systemPackages = with pkgs; [
curl # Tool for transferring files with URL syntax
gnupg # GNU Privacy Guard
paperkey # Store OpenPGP or GnuPG on paper
pinentry_ncurses # GnuPGs interface to passphrase input
wget # Retrieve files using HTTP, HTTPS, and FTP
];
nixpkgs.config.allowUnfree = true;
services.openssh.enable = false;
};
evalNixos = configuration: import <nixpkgs/nixos> {
inherit system configuration;
};
in {
iso = (evalNixos config).config.system.build.isoImage;
}