gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added yubikey and networking configurations. The system should now use dnscrypt-proxy2 for its DNS, with a list of defined servers.

Browse source
This commit is contained in:
kat witch 2020-11-06 13:22:43 +00:00 committed by kat
parent 0668a962e8
commit 460b88a3e3
5 changed files with 51 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
configuration/hosts/litha/configuration.nix
View file

@ -11,6 +11,8 @@
../../profiles/common ../../profiles/common
../../profiles/desktop ../../profiles/desktop
../../profiles/xfce ../../profiles/xfce
../../profiles/network
../../profiles/yubikey
]; ];
# Use the systemd-boot EFI boot loader. # Use the systemd-boot EFI boot loader.
@ -21,7 +23,6 @@
networking.useDHCP = false; networking.useDHCP = false;
networking.interfaces.enp34s0.useDHCP = true; networking.interfaces.enp34s0.useDHCP = true;
networking.networkmanager.enable = true;
system.stateVersion = "20.09"; system.stateVersion = "20.09";

2
configuration/hosts/samhain/configuration.nix
View file

@ -9,6 +9,8 @@
../../profiles/gnome ../../profiles/gnome
../../profiles/gaming ../../profiles/gaming
../../profiles/development ../../profiles/development
../../profiles/network
../../profiles/yubikey
]; ];
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;

2
configuration/hosts/yule/configuration.nix
View file

@ -9,6 +9,8 @@
../../profiles/gnome ../../profiles/gnome
../../profiles/gaming ../../profiles/gaming
../../profiles/development ../../profiles/development
../../profiles/network
../../profiles/yubikey
]; ];
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;

33
configuration/profiles/network/default.nix Normal file
View file

@ -0,0 +1,33 @@
{ config, lib, pkgs, ... }:
{
networking = {
networkmanager.enable = true;
resolvconf.useLocalResolver = true;
networkmanager.dns = "none";
};
services.dnscrypt-proxy2 = {
enable = true;
settings = {
ipv6_servers = true;
require_dnssec = true;
sources.public-resolvers = {
urls = [
"https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md"
"https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md"
];
cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
};
# You can choose a specific set of servers from https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v2/public-resolvers.md
server_names = [ "acsacsar-ams-ipv4" "acsacsar-ams-ipv6" "dnscrypt.eu-dk" "dnscrypt.eu-dk-ipv6" "dnscrypt.eu-nl" "dnscrypt.eu-nl-ipv6" "meganerd" "meganerd-ipv6" ];
};
};
systemd.services.dnscrypt-proxy2.serviceConfig = {
StateDirectory = "dnscrypt-proxy2";
};
}

12
configuration/profiles/yubikey/default.nix Normal file
View file

@ -0,0 +1,12 @@
{ config, lib, pkgs, ... }:
{
services.pcscd.enable = true;
services.udev.packages = [ pkgs.yubikey-personalization ];
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryFlavor = "curses";
};
}