diff options
author | Rodney Lorrimar <dev@rodney.id.au> | 2020-01-22 10:27:55 +1000 |
---|---|---|
committer | Rodney Lorrimar <dev@rodney.id.au> | 2020-01-22 10:27:55 +1000 |
commit | bb5184a0b35cc1c191bb02b0446e9d5bb91b6c43 (patch) | |
tree | c39c8594c6eddfd3be3c4758c85e7a68f27746c3 | |
parent | Merge pull request #157 from ilpianista/patch-1 (diff) | |
download | YubiKey-Guide-bb5184a0b35cc1c191bb02b0446e9d5bb91b6c43.tar.gz |
Add instructions for NixOS
I just tested these steps on a spare laptop.
Diffstat (limited to '')
-rw-r--r-- | README.md | 51 |
1 files changed, 51 insertions, 0 deletions
@@ -13,6 +13,7 @@ If you have a comment or suggestion, please open an [Issue](https://github.com/d * [Debian/Ubuntu](#debianubuntu) * [Arch](#arch) * [RHEL7](#rhel7) + * [NixOS](#nixos) * [OpenBSD](#openbsd) * [macOS](#macos) * [Windows](#windows) @@ -200,6 +201,56 @@ $ sudo pacman -Syu gnupg pcsclite ccid hopenpgp-tools yubikey-personalization $ sudo yum install -y gnupg2 pinentry-curses pcsc-lite pcsc-lite-libs gnupg2-smime ``` +## NixOS + +Generate a NixOS LiveCD image with the given config: + +```nix +# yubikey-installer.nix +{ nixpkgs ? <nixpkgs>, system ? "x86_64-linux" } : + +let + config = { pkgs, ... }: + with pkgs; { + imports = [ <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-kde.nix> ]; + + boot.kernelPackages = linuxPackages_latest; + + services.pcscd.enable = true; + services.udev.packages = [ yubikey-personalization ]; + + environment.systemPackages = [ gnupg pinentry-curses pinentry-qt paperkey wget ]; + + programs = { + ssh.startAgent = false; + gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + }; + }; + + evalNixos = configuration: import <nixpkgs/nixos> { + inherit system configuration; + }; + +in { + iso = (evalNixos config).config.system.build.isoImage; +} +``` + +Build the installer and copy it to a USB drive. + +```console +$ nix build -f yubikey-installer.nix --out-link installer + +$ sudo cp -v installer/iso/*.iso /dev/sdb; sync +'installer/iso/nixos-20.03.git.c438ce1-x86_64-linux.iso' -> '/dev/sdb' +``` + +On NixOS, ensure that you have `pinentry-program /run/current-system/sw/bin/pinentry-curses` in your `$GNUPGHOME/gpg-agent.conf` before running any `gpg` commands. + + ## OpenBSD ```console |