aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authordrduh <github@duh.to>2020-01-22 06:39:14 +0000
committerGitHub <noreply@github.com>2020-01-22 06:39:14 +0000
commit2fc50760db007cad94883ceb4fe434e714195021 (patch)
tree35cff8e3ac8956d6263275f81c735792f4e5673c
parentMerge pull request #159 from rvl/multiple-yubikeys (diff)
parentAdd instructions for NixOS (diff)
downloadYubiKey-Guide-2fc50760db007cad94883ceb4fe434e714195021.tar.gz
Merge pull request #160 from rvl/nixos
Add instructions for NixOS
Diffstat (limited to '')
-rw-r--r--README.md51
1 files changed, 51 insertions, 0 deletions
diff --git a/README.md b/README.md
index 40f7e64..8ddede5 100644
--- a/README.md
+++ b/README.md
@@ -13,6 +13,7 @@ If you have a comment or suggestion, please open an [Issue](https://github.com/d
* [Debian/Ubuntu](#debianubuntu)
* [Arch](#arch)
* [RHEL7](#rhel7)
+ * [NixOS](#nixos)
* [OpenBSD](#openbsd)
* [macOS](#macos)
* [Windows](#windows)
@@ -200,6 +201,56 @@ $ sudo pacman -Syu gnupg pcsclite ccid hopenpgp-tools yubikey-personalization
$ sudo yum install -y gnupg2 pinentry-curses pcsc-lite pcsc-lite-libs gnupg2-smime
```
+## NixOS
+
+Generate a NixOS LiveCD image with the given config:
+
+```nix
+# yubikey-installer.nix
+{ nixpkgs ? <nixpkgs>, system ? "x86_64-linux" } :
+
+let
+ config = { pkgs, ... }:
+ with pkgs; {
+ imports = [ <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-kde.nix> ];
+
+ boot.kernelPackages = linuxPackages_latest;
+
+ services.pcscd.enable = true;
+ services.udev.packages = [ yubikey-personalization ];
+
+ environment.systemPackages = [ gnupg pinentry-curses pinentry-qt paperkey wget ];
+
+ programs = {
+ ssh.startAgent = false;
+ gnupg.agent = {
+ enable = true;
+ enableSSHSupport = true;
+ };
+ };
+ };
+
+ evalNixos = configuration: import <nixpkgs/nixos> {
+ inherit system configuration;
+ };
+
+in {
+ iso = (evalNixos config).config.system.build.isoImage;
+}
+```
+
+Build the installer and copy it to a USB drive.
+
+```console
+$ nix build -f yubikey-installer.nix --out-link installer
+
+$ sudo cp -v installer/iso/*.iso /dev/sdb; sync
+'installer/iso/nixos-20.03.git.c438ce1-x86_64-linux.iso' -> '/dev/sdb'
+```
+
+On NixOS, ensure that you have `pinentry-program /run/current-system/sw/bin/pinentry-curses` in your `$GNUPGHOME/gpg-agent.conf` before running any `gpg` commands.
+
+
## OpenBSD
```console