Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

configure using NixOS module #4

Merged
merged 19 commits into from
Jan 30, 2019
Merged

configure using NixOS module #4

merged 19 commits into from
Jan 30, 2019

Conversation

dermetfan
Copy link
Contributor

@dermetfan dermetfan commented Jan 29, 2019

This is my response to #3.

Additionally in a29fe70 I enabled the module of the user's shell, e.g. programs.zsh and in d15bdea allowed SSH login with the user's key. If desired I can split those out into different PRs.


environment = {
systemPackages = with pkgs; [
xterm # for resize command
Copy link
Owner

@Mic92 Mic92 Jan 29, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not in this pr, but this would shell script would be probably more lightweight:

https://github.com/nix-community/nixos-generators/blob/master/formats/vm-nogui.nix#L3


# Allow passwordless ssh login with the user's key if it exists.
(let
pubkey = "${builtins.getEnv "HOME"}/.ssh/id_rsa.pub";
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you mention this in the readme?

Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would at least also check for id_ecdsa.pub and id_ed25519.pub.

Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(let
  keys = lib.map (key: "${builtins.getEnv "HOME"}/.ssh/${key}")
    ["id_rsa.pub" "id_ecdsa.pub" "id_ed25519.pub"];
in {
  users.users.root.openssh.authorizedKeys.keyFiles = lib.filter builtins.pathExists keys;
})

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wishlist: Would it be possible to add the output of ssh-add -L? That would take care of all keys an ssh agent has, for example the keys stored on a yubikey.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the snippet, applied.

Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tokudan that might be possible by using an environment variable that is set in nixos-shell.

@Mic92 Mic92 merged commit dddfdd9 into Mic92:master Jan 30, 2019
@Mic92
Copy link
Owner

Mic92 commented Jan 30, 2019

Thanks! No it looks solid.

@Mic92
Copy link
Owner

Mic92 commented Jan 30, 2019

Only forwardings are not declarative yet:

QEMU_NET_OPTS="hostfwd=tcp::2222-:22"

@@ -3,59 +3,29 @@
set -euo pipefail

script_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
export QEMU_KERNEL_PARAMS="console=ttyS0 ${QEMU_KERNEL_PARAMS:-}"
export QEMU_PATH=${PATH:-}
Copy link
Owner

@Mic92 Mic92 Jan 30, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The idea here was to capture $PATH of the user in case there were some project-specific PATH entries like script directories added.
Or the user has something like ~/bin/, also this is probably
restored by re-evaluating ~/.bashrc or ~/.zshrc.
I don't think we would need this in a declarative form, do you?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, in that case couldn't we just builtins.getEnv "PATH"? I was wondering why you introduced a new env variable.

Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That should work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants