mirror of
https://codeberg.org/privacy1st/nix-git
synced 2024-12-23 02:36:05 +01:00
refactor nitrokey ssh
This commit is contained in:
parent
b09419a5f2
commit
ab4e3f5cd0
@ -10,6 +10,7 @@
|
||||
./hardware-configuration.nix
|
||||
./home-manager.nix
|
||||
./print-and-scan.nix
|
||||
./nitrokey-ssh-gpg.nix
|
||||
./ssh-unlock.nix
|
||||
];
|
||||
|
||||
@ -165,33 +166,6 @@
|
||||
# started in user sessions.
|
||||
# programs.mtr.enable = true;
|
||||
|
||||
# Enable SSH server.
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
# Forbid root login through SSH.
|
||||
settings.PermitRootLogin = "no";
|
||||
# Use authorized keys only.
|
||||
settings.PasswordAuthentication = false;
|
||||
};
|
||||
|
||||
# Use NitroKey USB smartcard with SSH.
|
||||
# https://nixos.wiki/wiki/Nitrokey
|
||||
#
|
||||
# Restart gpg-agent after config change.
|
||||
# Otherwise there might be a gpg error about "no pinentry".
|
||||
# https://discourse.nixos.org/t/cant-get-gnupg-to-work-no-pinentry/15373/19
|
||||
#
|
||||
# Import public key of Nitrokey with GNOME "Passwords and Keys" and set trust to "Ultimate".
|
||||
#
|
||||
services.udev.packages = [ pkgs.nitrokey-udev-rules ];
|
||||
programs = {
|
||||
ssh.startAgent = false;
|
||||
gnupg.agent = {
|
||||
enable = true;
|
||||
enableSSHSupport = true;
|
||||
};
|
||||
};
|
||||
|
||||
nix.settings.auto-optimise-store = true;
|
||||
|
||||
# Firewall
|
||||
|
Loading…
Reference in New Issue
Block a user