forked from pub-solar/os
yubikey-agent: replace overlay with nixos-unstable
Don't use the overlay anymore, because now there's a recent enough version in nixpkgs branch nixos-unstable
This commit is contained in:
parent
bf30ff4396
commit
a5a97f1757
|
@ -1,18 +0,0 @@
|
|||
final: prev: {
|
||||
yubikey-agent-master =
|
||||
let
|
||||
version = "unstable-2022-03-17";
|
||||
src = prev.fetchFromGitHub {
|
||||
owner = "FiloSottile";
|
||||
repo = "yubikey-agent";
|
||||
rev = "205a7ef2554625c7494038600d963123d6311873";
|
||||
sha256 = "sha256-wJpN63KY5scmez6yYFsIr3JLEUB+YSl/XvoatIIeRI0=";
|
||||
};
|
||||
in
|
||||
(prev.yubikey-agent.override rec {
|
||||
buildGoModule = args: prev.buildGoModule.override { go = prev.go_1_17; } (args // {
|
||||
inherit src version;
|
||||
vendorSha256 = "sha256-SnjbkDPVjAnCbM2nLqBsuaPZwOmvDTKiUbi/93BlWVQ=";
|
||||
});
|
||||
});
|
||||
}
|
|
@ -1,4 +1,4 @@
|
|||
{ config, home-manager, inputs, lib, pkgs, ... }:
|
||||
{ config, home-manager, inputs, lib, pkgs, latestModulesPath, ... }:
|
||||
with lib;
|
||||
let
|
||||
psCfg = config.pub-solar;
|
||||
|
@ -9,6 +9,10 @@ in
|
|||
{
|
||||
imports = [
|
||||
./session-variables.nix
|
||||
"${latestModulesPath}/services/security/yubikey-agent.nix"
|
||||
];
|
||||
disabledModules = [
|
||||
"services/security/yubikey-agent.nix"
|
||||
];
|
||||
|
||||
config = {
|
||||
|
@ -40,40 +44,10 @@ in
|
|||
vault
|
||||
veracrypt
|
||||
waypoint
|
||||
yubikey-agent-master
|
||||
yubikey-agent
|
||||
nix-autobahn.packages.${pkgs.system}.nix-autobahn
|
||||
];
|
||||
|
||||
|
||||
systemd.user.services.yubikey-agent = {
|
||||
Unit = {
|
||||
Description = "Seamless ssh-agent for YubiKeys";
|
||||
Documentation = [ "https://filippo.io/yubikey-agent" ];
|
||||
};
|
||||
|
||||
Service = {
|
||||
ExecStart = "${pkgs.yubikey-agent-master}/bin/yubikey-agent -l %t/yubikey-agent/yubikey-agent.sock";
|
||||
ExecReload = "/bin/kill -HUP $MAINPID";
|
||||
IPAddressDeny = "any";
|
||||
RestrictAddressFamilies = "AF_UNIX";
|
||||
RestrictNamespaces = "yes";
|
||||
RestrictRealtime = "yes";
|
||||
RestrictSUIDSGID = "yes";
|
||||
LockPersonality = "yes";
|
||||
SystemCallFilter = "@system-service ~@privileged @resources";
|
||||
SystemCallErrorNumber = "EPERM";
|
||||
SystemCallArchitectures = "native";
|
||||
NoNewPrivileges = "yes";
|
||||
KeyringMode = "private";
|
||||
UMask = "0177";
|
||||
RuntimeDirectory = "yubikey-agent";
|
||||
};
|
||||
|
||||
Install = {
|
||||
WantedBy = [ "sway-session.target" ];
|
||||
};
|
||||
};
|
||||
|
||||
programs.zsh = {
|
||||
initExtra = import ./zshrc.nix { inherit config pkgs tritonshell; };
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue