set up nitrokey

switch to ssh commit signing
2024-02-02 11:28:26 +01:00 · 2024-02-02 11:27:57 +01:00
3 changed files with 63 additions and 53 deletions
--- a/common.nix
+++ b/common.nix
@ -29,6 +29,11 @@ with builtins; {
  environment = {
    systemPackages = with pkgs; [
      pynitrokey
      nitrokey-app2
      veracrypt
      htmlq
      wget
@ -104,14 +109,19 @@ with builtins; {
    "ebdbb2"
  ];
-  programs = {
+  # nitrokey
-    dconf.enable = true;
+  services.udev.packages = [pkgs.nitrokey-udev-rules];
  services.pcscd.enable = true;
-    mtr.enable = true;
+  programs = {
    ssh.startAgent = false;
    gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
    };
    dconf.enable = true;
    mtr.enable = true;
  };
  time.timeZone = "Europe/Berlin";
--- a/hosts/potatobook-g/configuration.nix
+++ b/hosts/potatobook-g/configuration.nix
@ -53,7 +53,6 @@
      evremap.enable = true;
    };
    terminal.enable = true;
    git.signingKey = "08F0 E7C9 6941 84C2 D514 7F31 5621 290C A02C 7BD8";
  };
  fileSystems = {
--- a/modules/git.nix
+++ b/modules/git.nix
@ -1,12 +1,9 @@
 {
  config,
  lib,
  pkgs,
  ...
-}: let
+}: {
  cfg = config.jade.git;
 in {
  options.jade.git.signingKey = lib.mkOption {type = lib.types.str;};
  config = {
  home-manager.users.jade = {pkgs, ...}: {
    programs.git = {
      enable = true;
@ -21,9 +18,14 @@ in {
        s = "status";
      };
      signing = {
-          key = cfg.signingKey;
+        key = "${pkgs.writeText "red_nk3.pub" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOaE8TFsIazpn4OnHvHcRpOFr9FfvMaWOiEjmHsmnAoE cardno:000F_70CD7D05"}";
        signByDefault = true;
      };
      extraConfig = {
        gpg = {
          format = "ssh";
        };
      };
    };
    programs.gitui = {
      enable = true;
@ -62,5 +64,4 @@ in {
      '';
    };
  };
  };
 }
Author	SHA1	Message	Date
Jade	a73e54b6ac	set up nitrokey	2024-02-02 11:28:26 +01:00
Jade	ad32bdf223	switch to ssh commit signing	2024-02-02 11:27:57 +01:00