yubikey-agent: replace overlay with nixos-unstable

Don't use the overlay anymore, because now there's a recent enough
version in nixpkgs branch nixos-unstable
This commit is contained in:
teutat3s 2022-07-07 22:22:43 +02:00
parent bf30ff4396
commit a5a97f1757
Signed by untrusted user: teutat3s
GPG key ID: 4FA1D3FA524F22C1
2 changed files with 6 additions and 50 deletions

View file

@ -1,18 +0,0 @@
final: prev: {
yubikey-agent-master =
let
version = "unstable-2022-03-17";
src = prev.fetchFromGitHub {
owner = "FiloSottile";
repo = "yubikey-agent";
rev = "205a7ef2554625c7494038600d963123d6311873";
sha256 = "sha256-wJpN63KY5scmez6yYFsIr3JLEUB+YSl/XvoatIIeRI0=";
};
in
(prev.yubikey-agent.override rec {
buildGoModule = args: prev.buildGoModule.override { go = prev.go_1_17; } (args // {
inherit src version;
vendorSha256 = "sha256-SnjbkDPVjAnCbM2nLqBsuaPZwOmvDTKiUbi/93BlWVQ=";
});
});
}

View file

@ -1,4 +1,4 @@
{ config, home-manager, inputs, lib, pkgs, ... }: { config, home-manager, inputs, lib, pkgs, latestModulesPath, ... }:
with lib; with lib;
let let
psCfg = config.pub-solar; psCfg = config.pub-solar;
@ -9,6 +9,10 @@ in
{ {
imports = [ imports = [
./session-variables.nix ./session-variables.nix
"${latestModulesPath}/services/security/yubikey-agent.nix"
];
disabledModules = [
"services/security/yubikey-agent.nix"
]; ];
config = { config = {
@ -40,40 +44,10 @@ in
vault vault
veracrypt veracrypt
waypoint waypoint
yubikey-agent-master yubikey-agent
nix-autobahn.packages.${pkgs.system}.nix-autobahn nix-autobahn.packages.${pkgs.system}.nix-autobahn
]; ];
systemd.user.services.yubikey-agent = {
Unit = {
Description = "Seamless ssh-agent for YubiKeys";
Documentation = [ "https://filippo.io/yubikey-agent" ];
};
Service = {
ExecStart = "${pkgs.yubikey-agent-master}/bin/yubikey-agent -l %t/yubikey-agent/yubikey-agent.sock";
ExecReload = "/bin/kill -HUP $MAINPID";
IPAddressDeny = "any";
RestrictAddressFamilies = "AF_UNIX";
RestrictNamespaces = "yes";
RestrictRealtime = "yes";
RestrictSUIDSGID = "yes";
LockPersonality = "yes";
SystemCallFilter = "@system-service ~@privileged @resources";
SystemCallErrorNumber = "EPERM";
SystemCallArchitectures = "native";
NoNewPrivileges = "yes";
KeyringMode = "private";
UMask = "0177";
RuntimeDirectory = "yubikey-agent";
};
Install = {
WantedBy = [ "sway-session.target" ];
};
};
programs.zsh = { programs.zsh = {
initExtra = import ./zshrc.nix { inherit config pkgs tritonshell; }; initExtra = import ./zshrc.nix { inherit config pkgs tritonshell; };
}; };