Try better unlocking
This commit is contained in:
parent
13887307fe
commit
957fc883a1
|
@ -116,6 +116,7 @@ in {
|
|||
./roles/headless-mpd.nix
|
||||
./roles/mail.nix
|
||||
./roles/mail2rss.nix
|
||||
./roles/ssh-via-gpg-agent.nix
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -62,12 +62,12 @@ in {
|
|||
|
||||
systemd.user = {
|
||||
services.battery = {
|
||||
Unit = { Description = "Watch battery state and warn user"; };
|
||||
Unit.Description = "Watch battery state and warn user";
|
||||
Service = {
|
||||
ExecStart = "${battery-watch}/bin/battery-watch";
|
||||
Restart = "always";
|
||||
};
|
||||
Install = { WantedBy = [ "default.target" ]; };
|
||||
Install.WantedBy = [ "default.target" ];
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -136,10 +136,10 @@
|
|||
PATH = "$HOME/.nix-profile/bin:$PATH";
|
||||
BROWSER = "${pkgs.firefox}/bin/firefox";
|
||||
EMAIL = "malte.brandy@maralorn.de";
|
||||
SUDO_ASKPASS = let
|
||||
print-pw = pkgs.writeShellScriptBin "print-pw"
|
||||
"pass show eu/m-0/${config.m-0.hostName}.m-0.eu/${config.home.username}";
|
||||
in "${print-pw}/bin/print-pw";
|
||||
SUDO_ASKPASS = toString (pkgs.writeShellScript "print-sudo-pw"
|
||||
"pass show eu/m-0/${config.m-0.hostName}.m-0.eu/${config.home.username}");
|
||||
SSH_ASKPASS = toString (pkgs.writeShellScript "print-ssh-pw"
|
||||
"pass show eu/m-0/${config.m-0.hostName}.m-0.eu/ssh-key");
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -152,6 +152,14 @@
|
|||
maxCacheTtl = 31536000; # 1year
|
||||
};
|
||||
};
|
||||
systemd.user.services.auto-ssh-add = {
|
||||
Service = {
|
||||
ExecStart = toString (pkgs.writeShellScript "auto-ssh-add"
|
||||
"ssh-add < /dev/null"); # to trigger the usage of SSH_ASKPASS
|
||||
Type = "oneshot";
|
||||
};
|
||||
Install.WantedBy = [ "default.target" ];
|
||||
};
|
||||
|
||||
xdg.enable = true;
|
||||
}
|
||||
|
|
8
home-manager/roles/ssh-via-gpg-agent.nix
Normal file
8
home-manager/roles/ssh-via-gpg-agent.nix
Normal file
|
@ -0,0 +1,8 @@
|
|||
{ ... }: {
|
||||
services = {
|
||||
gpg-agent = {
|
||||
defaultCacheTtlSsh = 31536000; # 1year
|
||||
enableSshSupport = 31536000; # 1year
|
||||
};
|
||||
};
|
||||
}
|
|
@ -5,7 +5,7 @@ let
|
|||
inherit (config.m-0) hosts prefix;
|
||||
nixos-hardware = (import ../../../nix/sources.nix).nixos-hardware;
|
||||
inherit (import ../../../common/common.nix { inherit pkgs; }) syncthing;
|
||||
vpn = (import ../../../private.nix).privateValue ({ ... }:{}) "vpn";
|
||||
vpn = (import ../../../private.nix).privateValue ({ ... }: { }) "vpn";
|
||||
in {
|
||||
|
||||
imports = [
|
||||
|
@ -77,14 +77,20 @@ in {
|
|||
key = pkgs.privatePath "syncthing/apollo/key.pem";
|
||||
};
|
||||
};
|
||||
gnome3.chrome-gnome-shell.enable = true;
|
||||
xserver = {
|
||||
enable = true;
|
||||
displayManager.gdm.enable = true;
|
||||
displayManager = {
|
||||
gdm.enable = true;
|
||||
autoLogin = {
|
||||
enable = true;
|
||||
user = "maralorn";
|
||||
};
|
||||
};
|
||||
desktopManager.gnome3.enable = true;
|
||||
};
|
||||
};
|
||||
boot.kernel.sysctl = { "fs.inotify.max_user_watches" = 204800; };
|
||||
|
||||
boot.kernel.sysctl."fs.inotify.max_user_watches" = 204800;
|
||||
|
||||
system.stateVersion = "19.09";
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue