-
Notifications
You must be signed in to change notification settings - Fork 39
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
configure using NixOS module #4
Conversation
instead users can override `users.users.root.shell` or `users.defaultUserShell`
…o nixos-shell.nix)
4bbcc17
to
c2d9fe5
Compare
|
||
environment = { | ||
systemPackages = with pkgs; [ | ||
xterm # for resize command |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not in this pr, but this would shell script would be probably more lightweight:
https://github.com/nix-community/nixos-generators/blob/master/formats/vm-nogui.nix#L3
share/nixos-shell/nixos-shell.nix
Outdated
|
||
# Allow passwordless ssh login with the user's key if it exists. | ||
(let | ||
pubkey = "${builtins.getEnv "HOME"}/.ssh/id_rsa.pub"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you mention this in the readme?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would at least also check for id_ecdsa.pub
and id_ed25519.pub
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(let
keys = lib.map (key: "${builtins.getEnv "HOME"}/.ssh/${key}")
["id_rsa.pub" "id_ecdsa.pub" "id_ed25519.pub"];
in {
users.users.root.openssh.authorizedKeys.keyFiles = lib.filter builtins.pathExists keys;
})
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wishlist: Would it be possible to add the output of ssh-add -L? That would take care of all keys an ssh agent has, for example the keys stored on a yubikey.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the snippet, applied.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@tokudan that might be possible by using an environment variable that is set in nixos-shell.
2d25077
to
968e3d2
Compare
Thanks! No it looks solid. |
Only forwardings are not declarative yet:
|
@@ -3,59 +3,29 @@ | |||
set -euo pipefail | |||
|
|||
script_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" | |||
export QEMU_KERNEL_PARAMS="console=ttyS0 ${QEMU_KERNEL_PARAMS:-}" | |||
export QEMU_PATH=${PATH:-} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The idea here was to capture $PATH of the user in case there were some project-specific PATH entries like script directories added.
Or the user has something like ~/bin/
, also this is probably
restored by re-evaluating ~/.bashrc
or ~/.zshrc
.
I don't think we would need this in a declarative form, do you?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, in that case couldn't we just builtins.getEnv "PATH"
? I was wondering why you introduced a new env variable.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That should work.
This is my response to #3.
Additionally in a29fe70 I enabled the module of the user's shell, e.g.
programs.zsh
and in d15bdea allowed SSH login with the user's key. If desired I can split those out into different PRs.