From a5a97f1757c3f7efdd73e3173774e8e3e2db5102 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 7 Jul 2022 22:22:43 +0200 Subject: [PATCH] yubikey-agent: replace overlay with nixos-unstable Don't use the overlay anymore, because now there's a recent enough version in nixpkgs branch nixos-unstable --- overlays/yubikey-agent.nix | 18 ------------------ users/teutat3s/home.nix | 38 ++++++-------------------------------- 2 files changed, 6 insertions(+), 50 deletions(-) delete mode 100644 overlays/yubikey-agent.nix diff --git a/overlays/yubikey-agent.nix b/overlays/yubikey-agent.nix deleted file mode 100644 index 2dafba71..00000000 --- a/overlays/yubikey-agent.nix +++ /dev/null @@ -1,18 +0,0 @@ -final: prev: { - yubikey-agent-master = - let - version = "unstable-2022-03-17"; - src = prev.fetchFromGitHub { - owner = "FiloSottile"; - repo = "yubikey-agent"; - rev = "205a7ef2554625c7494038600d963123d6311873"; - sha256 = "sha256-wJpN63KY5scmez6yYFsIr3JLEUB+YSl/XvoatIIeRI0="; - }; - in - (prev.yubikey-agent.override rec { - buildGoModule = args: prev.buildGoModule.override { go = prev.go_1_17; } (args // { - inherit src version; - vendorSha256 = "sha256-SnjbkDPVjAnCbM2nLqBsuaPZwOmvDTKiUbi/93BlWVQ="; - }); - }); -} diff --git a/users/teutat3s/home.nix b/users/teutat3s/home.nix index 09c964c6..7ae2c49e 100644 --- a/users/teutat3s/home.nix +++ b/users/teutat3s/home.nix @@ -1,4 +1,4 @@ -{ config, home-manager, inputs, lib, pkgs, ... }: +{ config, home-manager, inputs, lib, pkgs, latestModulesPath, ... }: with lib; let psCfg = config.pub-solar; @@ -9,6 +9,10 @@ in { imports = [ ./session-variables.nix + "${latestModulesPath}/services/security/yubikey-agent.nix" + ]; + disabledModules = [ + "services/security/yubikey-agent.nix" ]; config = { @@ -40,40 +44,10 @@ in vault veracrypt waypoint - yubikey-agent-master + yubikey-agent nix-autobahn.packages.${pkgs.system}.nix-autobahn ]; - - systemd.user.services.yubikey-agent = { - Unit = { - Description = "Seamless ssh-agent for YubiKeys"; - Documentation = [ "https://filippo.io/yubikey-agent" ]; - }; - - Service = { - ExecStart = "${pkgs.yubikey-agent-master}/bin/yubikey-agent -l %t/yubikey-agent/yubikey-agent.sock"; - ExecReload = "/bin/kill -HUP $MAINPID"; - IPAddressDeny = "any"; - RestrictAddressFamilies = "AF_UNIX"; - RestrictNamespaces = "yes"; - RestrictRealtime = "yes"; - RestrictSUIDSGID = "yes"; - LockPersonality = "yes"; - SystemCallFilter = "@system-service ~@privileged @resources"; - SystemCallErrorNumber = "EPERM"; - SystemCallArchitectures = "native"; - NoNewPrivileges = "yes"; - KeyringMode = "private"; - UMask = "0177"; - RuntimeDirectory = "yubikey-agent"; - }; - - Install = { - WantedBy = [ "sway-session.target" ]; - }; - }; - programs.zsh = { initExtra = import ./zshrc.nix { inherit config pkgs tritonshell; }; };