forked from pub-solar/os
yubikey-agent: replace overlay with nixos-unstable
Don't use the overlay anymore, because now there's a recent enough version in nixpkgs branch nixos-unstable
This commit is contained in:
parent
bf30ff4396
commit
a5a97f1757
|
@ -1,18 +0,0 @@
|
||||||
final: prev: {
|
|
||||||
yubikey-agent-master =
|
|
||||||
let
|
|
||||||
version = "unstable-2022-03-17";
|
|
||||||
src = prev.fetchFromGitHub {
|
|
||||||
owner = "FiloSottile";
|
|
||||||
repo = "yubikey-agent";
|
|
||||||
rev = "205a7ef2554625c7494038600d963123d6311873";
|
|
||||||
sha256 = "sha256-wJpN63KY5scmez6yYFsIr3JLEUB+YSl/XvoatIIeRI0=";
|
|
||||||
};
|
|
||||||
in
|
|
||||||
(prev.yubikey-agent.override rec {
|
|
||||||
buildGoModule = args: prev.buildGoModule.override { go = prev.go_1_17; } (args // {
|
|
||||||
inherit src version;
|
|
||||||
vendorSha256 = "sha256-SnjbkDPVjAnCbM2nLqBsuaPZwOmvDTKiUbi/93BlWVQ=";
|
|
||||||
});
|
|
||||||
});
|
|
||||||
}
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, home-manager, inputs, lib, pkgs, ... }:
|
{ config, home-manager, inputs, lib, pkgs, latestModulesPath, ... }:
|
||||||
with lib;
|
with lib;
|
||||||
let
|
let
|
||||||
psCfg = config.pub-solar;
|
psCfg = config.pub-solar;
|
||||||
|
@ -9,6 +9,10 @@ in
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./session-variables.nix
|
./session-variables.nix
|
||||||
|
"${latestModulesPath}/services/security/yubikey-agent.nix"
|
||||||
|
];
|
||||||
|
disabledModules = [
|
||||||
|
"services/security/yubikey-agent.nix"
|
||||||
];
|
];
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
|
@ -40,40 +44,10 @@ in
|
||||||
vault
|
vault
|
||||||
veracrypt
|
veracrypt
|
||||||
waypoint
|
waypoint
|
||||||
yubikey-agent-master
|
yubikey-agent
|
||||||
nix-autobahn.packages.${pkgs.system}.nix-autobahn
|
nix-autobahn.packages.${pkgs.system}.nix-autobahn
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
||||||
systemd.user.services.yubikey-agent = {
|
|
||||||
Unit = {
|
|
||||||
Description = "Seamless ssh-agent for YubiKeys";
|
|
||||||
Documentation = [ "https://filippo.io/yubikey-agent" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
Service = {
|
|
||||||
ExecStart = "${pkgs.yubikey-agent-master}/bin/yubikey-agent -l %t/yubikey-agent/yubikey-agent.sock";
|
|
||||||
ExecReload = "/bin/kill -HUP $MAINPID";
|
|
||||||
IPAddressDeny = "any";
|
|
||||||
RestrictAddressFamilies = "AF_UNIX";
|
|
||||||
RestrictNamespaces = "yes";
|
|
||||||
RestrictRealtime = "yes";
|
|
||||||
RestrictSUIDSGID = "yes";
|
|
||||||
LockPersonality = "yes";
|
|
||||||
SystemCallFilter = "@system-service ~@privileged @resources";
|
|
||||||
SystemCallErrorNumber = "EPERM";
|
|
||||||
SystemCallArchitectures = "native";
|
|
||||||
NoNewPrivileges = "yes";
|
|
||||||
KeyringMode = "private";
|
|
||||||
UMask = "0177";
|
|
||||||
RuntimeDirectory = "yubikey-agent";
|
|
||||||
};
|
|
||||||
|
|
||||||
Install = {
|
|
||||||
WantedBy = [ "sway-session.target" ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
programs.zsh = {
|
programs.zsh = {
|
||||||
initExtra = import ./zshrc.nix { inherit config pkgs tritonshell; };
|
initExtra = import ./zshrc.nix { inherit config pkgs tritonshell; };
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue