whovian
/
nixos_config
1
0
Fork 0
Code Issues Pull Requests Projects Wiki Activity
nixos_config/Notes.md

2.8 KiB
Raw Permalink Blame History

Notes for possible future use:

/run/udev/rules.d exists. Might be good to remember.

GUI Notes

  • Look into nixpkgs#eww for no real reason

Wallpapers that I like

https://github.com/NixOS/nixos-artwork/blob/master/wallpapers/nix-wallpaper-nineish-dark-gray.png

Information Backups:

$ sudo nix-channel --list
nixos https://nixos.org/channels/nixos-23.11
nixos-wsl https://github.com/nix-community/NixOS-WSL/archive/refs/heads/main.tar.gz

Options that I may want:

I really really should look further into these before actually using them.

virtualisation.docker = {
  enableOnBoot = true;
  autoPrune = {
    enable = true;
  };
};

wsl = {
  # Enable integration with Docker Desktop (needs to be installed)
  docker-desktop.enable = false;
};

environment.shells = [pkgs.zsh];

nix = {
  settings = {
    access-tokens = [
      "github.com=${github_token-variable}"
      "gitlab.com=OAuth2:${gitlab_token-variable}"
    ];
    accept-flake-config = true;
    auto-optimise-store = true;
  };

  gc = {
    automatic = true;
    options = "--delete-older-than 7d";
  };
};

networking.networkmanager.plugins = [];

Yubikey, probably?

Source: https://old.reddit.com/r/NixOS/comments/170tbbj/cannot_force_yubikey_in_2fa/k3okj79/

Add this to config:

{ pkgs, ... }: {
  programs.gnupg.agent.enable = true;
  services = {
    pcscd.enable = true;
    udev.packages = [ pkgs.yubikey-personalization pkgs.libu2f-host ];
  }
}

Run these commands

    $ gpg --card-status   # Verify that the hardware support works

    $ gpg --change-pin    # Change both the pin and the admin pin
                          # Default pins are 123456 and 12345678 respectively

    $ gpg --edit-card     # Issue these commands in the interactive session:
        admin             # Allow the "generate" command to be used
        key-attr          # Tell it you want RSA 4096
        generate          # Several interactive prompts.
                          # Asks for user pin first and admin pin second.
                          # and touch the key.

    $ pamu2fcfg           # Put this in security.pam.u2f.authFile.
                          # pamu2fcfg is in the pam_u2f package.

    # ykman is in the yubikey-manager package.
    $ ykman config usb --disable OTP       # Optional: Don't emit gibberish when bumped.
    $ ykman openpgp keys set-touch sig on  # Optional: Require key to be touched on use
    $ ykman openpgp keys set-touch enc on
    $ ykman openpgp keys set-touch aut on
    $ ykman openpgp keys set-touch att on

{ pkgs, ... }: {
  security.pam.u2f.control = "required";
  security.pam.u2f.enable = true;
  security.pam.u2f.authFile = pkgs.writeText "u2f-auth-file" ''
    <gibberish from running `pamu2fcfg`>
  '';
}