Try better unlocking

2020-12-17 02:26:47 +01:00 · 2020-12-17 02:26:47 +01:00 · 957fc883a1
parent 13887307fe
commit 957fc883a1
5 changed files with 33 additions and 10 deletions
--- a/home-manager/machines.nix
+++ b/home-manager/machines.nix
@ -116,6 +116,7 @@ in {
      ./roles/headless-mpd.nix
      ./roles/mail.nix
      ./roles/mail2rss.nix
+      ./roles/ssh-via-gpg-agent.nix
    ];
  };
 }
--- a/home-manager/roles/battery.nix
+++ b/home-manager/roles/battery.nix
@ -62,12 +62,12 @@ in {

  systemd.user = {
    services.battery = {
-      Unit = { Description = "Watch battery state and warn user"; };
+      Unit.Description = "Watch battery state and warn user";
      Service = {
        ExecStart = "${battery-watch}/bin/battery-watch";
        Restart = "always";
      };
-      Install = { WantedBy = [ "default.target" ]; };
+      Install.WantedBy = [ "default.target" ];
    };
  };

--- a/home-manager/roles/default.nix
+++ b/home-manager/roles/default.nix
@ -136,10 +136,10 @@
      PATH = "$HOME/.nix-profile/bin:$PATH";
      BROWSER = "${pkgs.firefox}/bin/firefox";
      EMAIL = "malte.brandy@maralorn.de";
-      SUDO_ASKPASS = let
-        print-pw = pkgs.writeShellScriptBin "print-pw"
-          "pass show eu/m-0/${config.m-0.hostName}.m-0.eu/${config.home.username}";
-      in "${print-pw}/bin/print-pw";
+      SUDO_ASKPASS = toString (pkgs.writeShellScript "print-sudo-pw"
+        "pass show eu/m-0/${config.m-0.hostName}.m-0.eu/${config.home.username}");
+      SSH_ASKPASS = toString (pkgs.writeShellScript "print-ssh-pw"
+        "pass show eu/m-0/${config.m-0.hostName}.m-0.eu/ssh-key");
    };
  };

@ -152,6 +152,14 @@
      maxCacheTtl = 31536000; # 1year
    };
  };
+  systemd.user.services.auto-ssh-add = {
+    Service = {
+      ExecStart = toString (pkgs.writeShellScript "auto-ssh-add"
+        "ssh-add < /dev/null"); # to trigger the usage of SSH_ASKPASS
+      Type = "oneshot";
+    };
+    Install.WantedBy = [ "default.target" ];
+  };

  xdg.enable = true;
 }
--- a/home-manager/roles/ssh-via-gpg-agent.nix
+++ b/home-manager/roles/ssh-via-gpg-agent.nix
@ -0,0 +1,8 @@
+{ ... }: {
+  services = {
+    gpg-agent = {
+      defaultCacheTtlSsh = 31536000; # 1year
+      enableSshSupport = 31536000; # 1year
+    };
+  };
+}
--- a/nixos/machines/apollo/configuration.nix
+++ b/nixos/machines/apollo/configuration.nix
@ -5,7 +5,7 @@ let
  inherit (config.m-0) hosts prefix;
  nixos-hardware = (import ../../../nix/sources.nix).nixos-hardware;
  inherit (import ../../../common/common.nix { inherit pkgs; }) syncthing;
-  vpn = (import ../../../private.nix).privateValue ({ ... }:{}) "vpn";
+  vpn = (import ../../../private.nix).privateValue ({ ... }: { }) "vpn";
 in {

  imports = [
@ -77,14 +77,20 @@ in {
          key = pkgs.privatePath "syncthing/apollo/key.pem";
        };
    };
-    gnome3.chrome-gnome-shell.enable = true;
    xserver = {
      enable = true;
-      displayManager.gdm.enable = true;
+      displayManager = {
+        gdm.enable = true;
+        autoLogin = {
+          enable = true;
+          user = "maralorn";
+        };
+      };
      desktopManager.gnome3.enable = true;
    };
  };
-  boot.kernel.sysctl = { "fs.inotify.max_user_watches" = 204800; };
+
+  boot.kernel.sysctl."fs.inotify.max_user_watches" = 204800;

  system.stateVersion = "19.09";
 }