Mirror/nix-git
Mirror/nix-git
1
0
Fork 0
mirror of https://codeberg.org/privacy1st/nix-git synced 2024-11-21 22:03:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

nitrokey decryption works (curses)

Browse Source
This commit is contained in:
Daniel Langbein 2023-08-31 16:04:59 +02:00
parent fe75399bfe
commit 38f2b99ab7
3 changed files with 105 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
gpg/pubkey_nitrokey.asc Normal file
View File

@ -0,0 +1,74 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBF5AoWEBEAC5Hkcg9dQvIc+kUR33WYGUe2fMDi7X5ZlUOavAQ4BZpOSO0ewt
b/x7Oc3stVvfWjkPhiOeCBmdpzcNDI6Ep1Pn7pcLVYlQ1o6imB0YvzdIDCGxQFZp
toQNj2iKcFPEoA5LKVTXzKlahbrNrL99DQ/m8R4Y9Xjhw/jSS4L5hCAdLfFHmSEk
9gkUHlUNA0udeeXHQykJzAPYXaRjzXm3h3dVerRmOaDDYfhwyozyT0cnlEOG5011
B03+qO/jlzqqJBkPRpy+ingVo7LQE4zkw0I3yQi6/IJNtFmEzXP1E381vyKuAJtf
P8SF+KNtYjJwPBVVcFfXAbyRab91F+QO8Rd31TOF/xPP0w8L5qFMqxhOsrs8xwOr
YhVn/xV9KjKFRI6gsmr7QKRt4ISyJXCKASN/GsOUe3ed36EhXxVGk7dzb7b05A1s
Xfpa37pKgA1AEjE5hxCCuMkQfjW8FvEosrJ+bSYTK9gdHcPo4SjYqjoBfW1rrhNG
3r7HbHg6ZTZkeN67udXdmGNomhHvUQbPCZQ48fZoVTHglOx0ucQ7qcnFGU0AItWj
qu7OH9fsQyHy0nXbddJyYmOsSBhMhzAHOT+VzWIOawmpKc2fgP9jQjwfovvADaxc
BGTUU+nFviDcMBDtKRswME8vj+8sbVsaDfHZvTOuD61OGIVzJiLFWJSSqwARAQAB
tCVEYW5pZWwgTGFuZ2JlaW4gPGRhbmllbEBzeXN0ZW1saS5vcmc+iQJOBBMBCgA4
FiEElPPT3awigCJY/ARLbEfHU/CCMAIFAl5AoWECGwMFCwkIBwMFFQoJCAsFFgID
AQACHgECF4AACgkQbEfHU/CCMALcNhAAif0ulNF9Iv4CnrwSncnvWsP8qv9ZR+dN
GKkmhRVHiuFI+RGPsZmNRDIh8OCDX0N3ZsRZnKqhIHTOo2MH7XKgANE5abvpS2EO
iaXqDVcfFhwlQm/fngo2ZO0CVN+UBdxbfqPh+/EGfSMklo41a/DBJSZHObMStMfS
Qk8H6SDYI4z/BN26UByjd3VWG/SQhvbu3i8TYXtdxbjLA/HGCczJEH31jR/J/upO
8WHI5ijm0uvsPXfc1plVTOqrUwUl6R6ynqGAMvJZqjBm4ITcvgh9Q8iFxD5jeemJ
ltM1u5GzG/km+Gb57TCd2MHD3WMad4QL+gkMPJUHEjhb1ez/+vatmwALNSNOkYUI
AIU2TJ/CQfVe4SHeoCgb4G2PCMi2wFczrYafAfCZggZWifMkclD5R2lri53ax3XZ
3tuw1J0GxibK+acKEajhzX9VNP9KcsJaoncqGY0KMJp2/sg0o2ocNrPqzUyhyP49
p/qcpugWmZebzV/zE4zjhC1ZZJXad2SYqylC5QzuCRq0WBC8idv3SeNLnm63IsHu
bBs9tFNdbP5FjgfVrDvo18UXC80MvtoaGrEq568iTp/XjZQ4vhmrynBES9Ah7vsR
uLhcJRTqqb5AprXPQ5OEWudhuqIzOZbT2pJlYToyD/l4pQEsxFIf9UMSlJeVmL7y
RE7iZCw0Bcy5Ag0EXkChYQEQAPt7FK6vYfGXK9glVI5IOoG97kMGnISmwioFl/lr
SfLeH/60VgQSrq2bHvbV2YcroaC3JhUZUcPQXc0zPOMMiOIALgLVYDJSH7+iTqz6
YcwFXCcoY0WFtdglisCJjjXC+SyxOBHCrCP8KhkO9vlf/UyMahPZPjMb74Uvobbi
Jng8E8Un09nJiD2VfM6HQkd57BodXmBznb79ZatMrqbd9dPbiMDuWe6q3JvDVmqR
EZhmFOtbbtB6APlEB5jIuvS2qQETX9o/Jonw7QntBZ/x/F4G+lgZo8KOJC6UvsVd
GLhsqfIT0Wml631gldEv5uWvF04Vjs6G1MsrCUB2wNHYPLN38w1VewI5qy6RBe52
dHpVOoIXXMPNy+1thU8bgCiwhbuWFNXFJvwgnYqAc4K7IxQWXTlC4uH1cWAN46t3
GsWORZj5igx5+H9LKQ3gPke6xiiKQaEsjJ0gurO9gtZO6a2HwDxCBi/2/Yo3NI7T
o4Z1VVYS/L906o9A4hSZz+Hpy17/roXkzgzxLCfC/cP6nL1nYSBXCQCCQN5FQ9DQ
S04YJDa9yN0WDF/wDS/fKVC1CckHFKwSBeBTvIcOkwpdMNdg2tqbBFYBBSZpWwHQ
esL2D5Edg6ZNanKsouLp0pXi5bxr/q79wAJDh6jua3yl0Qf0HG0b+Ox4ebwFxNtD
AY2XABEBAAGJAjYEGAEKACAWIQSU89PdrCKAIlj8BEtsR8dT8IIwAgUCXkChYQIb
DAAKCRBsR8dT8IIwAsSiEACvYTFz8r79p3BOufn9vVqT3iy7Dq38Tz2otcTQJLmp
TausS0ICza0VOs3zg5c5DkyDm87FXYUzHxM6qLZKQI0oyEOCih8hNoLHnZ5j2ZQM
O7RUOzbXHBiB7trxcWKC6bgWIBRq11IdnZzIKeWaWxCDxt5MzeZD6gGJGb8zfvLS
44JWmsnH3hEfXF6cO3yBWxptka9K0+ZD6RB93Kfaubs0cLaQKRwMuM+22icgvIpv
/yISodwY9ELvlqgHDJjUQkBMrgEXeXreOsDh1qJAFHFxbhgXUIs2OUXrt39FKpZo
bgQOO0yp8rFAf1gAcKVwI9kUWPYyK2zamKvloQQEn4zH87dwCJdCXgPcfx+XKD62
FkZM9Ea2eMjtujcfoqZ6w0oZCvOxi/XadUReXj/4BZVFL0nWUCD2/5rX5I3iT1QW
48LhCx/Ny0b8pcnwHqctJ6KnuOBR3QZuLhd7hvKYOMTUVQa9aEBFkmm7T75aKUki
HNw3d2fqOY/+Z9ZvFRKGY31d9w14m05usLXqUQBZf/efcfsk/pcHP2Pn0ckSxuwo
zHFIACkPMFgSfkZsBOVItp1JxeUp2pvFIhGkzOdWh5N9ufGmD66cSR3MCO/wynsU
N+Glr782PDpzcUjpsirIoYir6I//yhDrRlKDE41Gp4r3bXNcFvgHmS/653ybqWl4
9LkCDQReQKOcARAAqYIoQIPEM7uavgBlxy0e6fq60tcgdCpWW/2PxMGU9eRIRLbF
DKgTEYmNE3YykFNG66MsoGZ8pnHC5gl74oRIJN85P4T/FRA5jecJhNrUQT0eJUo6
PBNUfDe/RvoGhZMIvd0GIeezLBn2vZOLbxqyctMmg+xqz6rUH/iCLr1deFiUAKp4
pE3WxakY5OSRnmq2C1O40imvvTZkeyUPTRMaMiD4JkP6XdF3NqrfJOVBn89xzPTA
JiFUN9MISuptYmGfJ8RInR6363kMfDTmu7o6OM0J1dTWL0VIzm6/6siIT1Og2C09
plUTbqUBSseiyN/DuFNd4XroFBaid876IN2g7K4hYr/I8yQCb1l8e0N06ioaohvV
U5MAcNTQ2wgDlyohHTH4gmG3Qn6TYHXqVO+WzJaCXEkEFVKqB9rUIUm8Ci7kRYDp
8mh6b1m4nlwUXFJ3xvIIOKeI6osMeZWsHhHjiDg/4uxtTI8ew49nLZ0/yC2rf8bH
/mNFuHia923OS/YIYMOsLCmzUqsIxVAhXB3AESt4L0h/oTtvwaYDFaMr2YzuTzbl
Kn7Ge2yCLOXA3cgf5ct4qyrmkc9ft8dceID4EojnI4ux8T8KIM4T7Mn6ESxzbfbS
eV+JxdiM9TOUUyaW2QoushI/vUPORVYw++gRFrmXtfJEa8Ibi3/14CnRfbUAEQEA
AYkCNgQYAQoAIBYhBJTz092sIoAiWPwES2xHx1PwgjACBQJeQKOcAhsgAAoJEGxH
x1PwgjACWlsQAKOWGqOjBBEeS5bhhJ/6KgoDE7+qgIwPcqxEILYT+z96rTWmVC7I
/7yext3ZAWf1gzT7+5Pp9IU8CvJf1TEaf/55roCuQ5R/EdVn81m7znBh9ADxKSTS
xvKYa//gako4VIOj9Ejo4uExyCZiMSuWz62mcP43SghdL6ZOJW7jLtaNaZcN0bdv
DJABfLsYIkBclYgK8yF07XwuXJ2pdYkP4lWpq4/282Or7CkwXtm25n+EepZfsPsx
TlRJezYrnaEi7Anl3CU3eyCbTAoKp4DGzYxlnek7VKlMRaxTAoA4RU5F3TqZIOdm
yG+2ol7Csn5shpvY+kNHeDe0v0vfpkhMOxHOQKvO5ApwKvAc3KuQaHbnCudY7fU0
T+wqTAJEARz4KI8+ncYRBl7hUuiiR3sT/Q11mvl79Cldly8JJ1jRrXZVQzS2Y2S6
tXVBxNckuyVTw7oR1jyq9pv5oVArBbxnNTuMhoptVrDqh2ifkMWHwqqVGy07YKy/
qKYRlU2YOkdGz91RPcABf5uip+q6fqO1JAT8ddi0O9xuIUhvzKcOx2sxIVrGuejx
XvsYEEf0HuHQ1mcOgWZLUYjt2UwClz9LRX/5pmPb2CUyf4Nt2PNgpNSk6jMAsw9c
HOIRJevfUeTtJUGLzI5+40eR0a6ZYovb5L1SzR9EZjMKIdQvz7wQdPes
=McwK
-----END PGP PUBLIC KEY BLOCK-----

3
yodaTab/home-manager.nix
View File

@ -7,7 +7,8 @@ in
imports = [ imports = [
(import "${home-manager}/nixos") (import "${home-manager}/nixos")
./git.home.nix ./git.home.nix
./nitrokey-ssh-gpg.home.nix # TODO
#./nitrokey-ssh-gpg.home.nix
]; ];
/* Enable home-manager to configure GNOME */ /* Enable home-manager to configure GNOME */

30
yodaTab/nitrokey-ssh-gpg.nix
View File

@ -16,10 +16,27 @@
# Restart gpg-agent after config change. # Restart gpg-agent after config change.
# Otherwise there might be a gpg error about "no pinentry". # Otherwise there might be a gpg error about "no pinentry".
# https://discourse.nixos.org/t/cant-get-gnupg-to-work-no-pinentry/15373/19 # https://discourse.nixos.org/t/cant-get-gnupg-to-work-no-pinentry/15373/19
#
# Not sure if this is needed: Reload udev rules. # Not sure if this is needed: Reload udev rules.
# sudo -- udevadm control --reload-rules && udevadm trigger # sudo -- udevadm control --reload-rules && udevadm trigger
# #
# Not sure if this is needed:
# killall gpg-agent
# TODO: gpg-agent pinentry problem
# https://github.com/NixOS/nixpkgs/issues/97861
#
# gpgconf --check-programs
#=> gpgconf: error running '/nix/store/lvsbmqy4dmlri22145hbr6799hgbnpnf-gnupg-2.4.0/bin/pinentry': probably not installed
#
# ssh -v nas
#=> OpenSSH_9.3p2, OpenSSL 3.0.10 1 Aug 2023
#=> debug1: Reading configuration data /home/yoda/.ssh/config
#=> debug1: /home/yoda/.ssh/config line 67: Applying options for nas
#=> debug1: /home/yoda/.ssh/config line 180: Applying options for *
#=> debug1: Reading configuration data /etc/ssh/ssh_config
#=> debug1: Executing command: '/nix/store/8fv91097mbh5049i9rglc73dx6kjg3qk-bash-5.2-p15/bin/bash -c '/nix/store/lvsbmqy4dmlri22145hbr6799hgbnpnf-gnupg-2.4.0/bin/gpg-connect-agent --quiet updatestartuptty /bye >/dev/null 2>&1''
services.udev.packages = [ pkgs.nitrokey-udev-rules ]; services.udev.packages = [ pkgs.nitrokey-udev-rules ];
programs = { programs = {
ssh.startAgent = false; ssh.startAgent = false;
@ -27,8 +44,19 @@
enable = true; enable = true;
# ... Also sets SSH_AUTH_SOCK environment variable correctly. # ... Also sets SSH_AUTH_SOCK environment variable correctly.
enableSSHSupport = true; enableSSHSupport = true;
pinentryFlavor = "curses";
}; };
}; };
users.users.yoda = {
packages = with pkgs; [
pinentry-curses
];
};
environment.systemPackages = with pkgs; [
pinentry-curses
];
# Smartcard daemon. # Smartcard daemon.
services.pcscd.enable = true; services.pcscd.enable = true;
} }