aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authorRodney Lorrimar <dev@rodney.id.au>2020-01-22 10:27:55 +1000
committerRodney Lorrimar <dev@rodney.id.au>2020-01-22 10:27:55 +1000
commitbb5184a0b35cc1c191bb02b0446e9d5bb91b6c43 (patch)
treec39c8594c6eddfd3be3c4758c85e7a68f27746c3
parentMerge pull request #157 from ilpianista/patch-1 (diff)
downloadYubiKey-Guide-bb5184a0b35cc1c191bb02b0446e9d5bb91b6c43.tar.gz
Add instructions for NixOS
I just tested these steps on a spare laptop.
Diffstat (limited to '')
-rw-r--r--README.md51
1 files changed, 51 insertions, 0 deletions
diff --git a/README.md b/README.md
index f38c7f4..fe80133 100644
--- a/README.md
+++ b/README.md
@@ -13,6 +13,7 @@ If you have a comment or suggestion, please open an [Issue](https://github.com/d
* [Debian/Ubuntu](#debianubuntu)
* [Arch](#arch)
* [RHEL7](#rhel7)
+ * [NixOS](#nixos)
* [OpenBSD](#openbsd)
* [macOS](#macos)
* [Windows](#windows)
@@ -200,6 +201,56 @@ $ sudo pacman -Syu gnupg pcsclite ccid hopenpgp-tools yubikey-personalization
$ sudo yum install -y gnupg2 pinentry-curses pcsc-lite pcsc-lite-libs gnupg2-smime
```
+## NixOS
+
+Generate a NixOS LiveCD image with the given config:
+
+```nix
+# yubikey-installer.nix
+{ nixpkgs ? <nixpkgs>, system ? "x86_64-linux" } :
+
+let
+ config = { pkgs, ... }:
+ with pkgs; {
+ imports = [ <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-kde.nix> ];
+
+ boot.kernelPackages = linuxPackages_latest;
+
+ services.pcscd.enable = true;
+ services.udev.packages = [ yubikey-personalization ];
+
+ environment.systemPackages = [ gnupg pinentry-curses pinentry-qt paperkey wget ];
+
+ programs = {
+ ssh.startAgent = false;
+ gnupg.agent = {
+ enable = true;
+ enableSSHSupport = true;
+ };
+ };
+ };
+
+ evalNixos = configuration: import <nixpkgs/nixos> {
+ inherit system configuration;
+ };
+
+in {
+ iso = (evalNixos config).config.system.build.isoImage;
+}
+```
+
+Build the installer and copy it to a USB drive.
+
+```console
+$ nix build -f yubikey-installer.nix --out-link installer
+
+$ sudo cp -v installer/iso/*.iso /dev/sdb; sync
+'installer/iso/nixos-20.03.git.c438ce1-x86_64-linux.iso' -> '/dev/sdb'
+```
+
+On NixOS, ensure that you have `pinentry-program /run/current-system/sw/bin/pinentry-curses` in your `$GNUPGHOME/gpg-agent.conf` before running any `gpg` commands.
+
+
## OpenBSD
```console