mio-ops/images/usb-yubikey.nix
2021-11-16 17:53:38 +10:00

38 lines
1.2 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Configuration for USB image for air gapped Yubikey machine
#
# Usage: nix-build -A iso images/usb-yubikey.nix
{ nixpkgs ? <nixpkgs>, system ? "x86_64-linux" }:
let
config = { pkgs, ... }:
with pkgs; {
imports = [
<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
];
boot.supportedFilesystems = [ "zfs" ];
boot.kernelParams = [ "console=ttyS0,115200n8" ];
programs = {
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
};
services.pcscd.enable = true;
services.udev.packages = [ yubikey-personalization ];
environment.systemPackages = [
curl # Tool for transferring files with URL syntax
gnupg # GNU Privacy Guard
paperkey # Store OpenPGP or GnuPG on paper
pinentry # GnuPGs interface to passphrase input
wget # Retrieve files using HTTP, HTTPS, and FTP
];
nixpkgs.config.allowUnfree = true;
#services.openssh.enable = false;
};
evalNixos = configuration:
import <nixpkgs/nixos> { inherit system configuration; };
in { iso = (evalNixos config).config.system.build.isoImage; }