refactor nitrokey ssh

This commit is contained in:
Daniel Langbein 2023-08-31 13:22:12 +02:00
parent b09419a5f2
commit ab4e3f5cd0

View File

@ -10,6 +10,7 @@
./hardware-configuration.nix ./hardware-configuration.nix
./home-manager.nix ./home-manager.nix
./print-and-scan.nix ./print-and-scan.nix
./nitrokey-ssh-gpg.nix
./ssh-unlock.nix ./ssh-unlock.nix
]; ];
@ -165,33 +166,6 @@
# started in user sessions. # started in user sessions.
# programs.mtr.enable = true; # programs.mtr.enable = true;
# Enable SSH server.
services.openssh = {
enable = true;
# Forbid root login through SSH.
settings.PermitRootLogin = "no";
# Use authorized keys only.
settings.PasswordAuthentication = false;
};
# Use NitroKey USB smartcard with SSH.
# https://nixos.wiki/wiki/Nitrokey
#
# Restart gpg-agent after config change.
# Otherwise there might be a gpg error about "no pinentry".
# https://discourse.nixos.org/t/cant-get-gnupg-to-work-no-pinentry/15373/19
#
# Import public key of Nitrokey with GNOME "Passwords and Keys" and set trust to "Ultimate".
#
services.udev.packages = [ pkgs.nitrokey-udev-rules ];
programs = {
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
};
nix.settings.auto-optimise-store = true; nix.settings.auto-optimise-store = true;
# Firewall # Firewall