Conversation
instead users can override `users.users.root.shell` or `users.defaultUserShell`
…o nixos-shell.nix)
dermetfan
force-pushed
the
nixos-config
branch
from
4bbcc17 to
c2d9fe5
Compare
|
|
||
| environment = { | ||
| systemPackages = with pkgs; [ | ||
| xterm # for resize command |
There was a problem hiding this comment.
Not in this pr, but this would shell script would be probably more lightweight:
https://github.com/nix-community/nixos-generators/blob/master/formats/vm-nogui.nix#L3
|
|
||
| # Allow passwordless ssh login with the user's key if it exists. | ||
| (let | ||
| pubkey = "${builtins.getEnv "HOME"}/.ssh/id_rsa.pub"; |
There was a problem hiding this comment.
Can you mention this in the readme?
There was a problem hiding this comment.
I would at least also check for id_ecdsa.pub and id_ed25519.pub.
There was a problem hiding this comment.
(let
keys = lib.map (key: "${builtins.getEnv "HOME"}/.ssh/${key}")
["id_rsa.pub" "id_ecdsa.pub" "id_ed25519.pub"];
in {
users.users.root.openssh.authorizedKeys.keyFiles = lib.filter builtins.pathExists keys;
})
There was a problem hiding this comment.
Wishlist: Would it be possible to add the output of ssh-add -L? That would take care of all keys an ssh agent has, for example the keys stored on a yubikey.
There was a problem hiding this comment.
Thanks for the snippet, applied.
There was a problem hiding this comment.
@tokudan that might be possible by using an environment variable that is set in nixos-shell.
dermetfan
force-pushed
the
nixos-config
branch
from
2d25077 to
968e3d2
Compare
|
Thanks! No it looks solid. |
|
Only forwardings are not declarative yet: |
|
|
||
| script_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" | ||
| export QEMU_KERNEL_PARAMS="console=ttyS0 ${QEMU_KERNEL_PARAMS:-}" | ||
| export QEMU_PATH=${PATH:-} |
There was a problem hiding this comment.
The idea here was to capture $PATH of the user in case there were some project-specific PATH entries like script directories added.
Or the user has something like ~/bin/, also this is probably
restored by re-evaluating ~/.bashrc or ~/.zshrc.
I don't think we would need this in a declarative form, do you?
There was a problem hiding this comment.
Ah, in that case couldn't we just builtins.getEnv "PATH"? I was wondering why you introduced a new env variable.
3 participants
This is my response to #3.
Additionally in a29fe70 I enabled the module of the user's shell, e.g.
programs.zshand in d15bdea allowed SSH login with the user's key. If desired I can split those out into different PRs.