Added yubikey and networking configurations. The system should now use dnscrypt-proxy2 for its DNS, with a list of defined servers.

2026-02-09 04:19:19 -08:00 · 2020-11-06 13:22:43 +00:00 · 2020-11-06 13:22:43 +00:00 · 460b88a3e3
commit 460b88a3e3
parent 0668a962e8
5 changed files with 51 additions and 1 deletions
--- a/configuration/hosts/litha/configuration.nix
+++ b/configuration/hosts/litha/configuration.nix
@ -11,6 +11,8 @@
      ../../profiles/common
      ../../profiles/desktop
      ../../profiles/xfce
+      ../../profiles/network
+      ../../profiles/yubikey
    ];

  # Use the systemd-boot EFI boot loader.
@ -21,7 +23,6 @@

  networking.useDHCP = false;
  networking.interfaces.enp34s0.useDHCP = true;
-  networking.networkmanager.enable = true;

  system.stateVersion = "20.09";
  
--- a/configuration/hosts/samhain/configuration.nix
+++ b/configuration/hosts/samhain/configuration.nix
@ -9,6 +9,8 @@
      ../../profiles/gnome
      ../../profiles/gaming
      ../../profiles/development
+      ../../profiles/network
+      ../../profiles/yubikey
    ];

  boot.loader.systemd-boot.enable = true;
--- a/configuration/hosts/yule/configuration.nix
+++ b/configuration/hosts/yule/configuration.nix
@ -9,6 +9,8 @@
      ../../profiles/gnome
      ../../profiles/gaming
      ../../profiles/development
+      ../../profiles/network
+      ../../profiles/yubikey
    ];

  boot.loader.systemd-boot.enable = true;
--- a/configuration/profiles/network/default.nix
+++ b/configuration/profiles/network/default.nix
@ -0,0 +1,33 @@
+
+{ config, lib, pkgs, ... }:
+{
+    networking = {
+        networkmanager.enable = true;
+        resolvconf.useLocalResolver = true;
+        networkmanager.dns = "none";
+    };
+
+    services.dnscrypt-proxy2 = {
+        enable = true;
+        settings = {
+            ipv6_servers = true;
+            require_dnssec = true;
+
+            sources.public-resolvers = {
+                    urls = [
+                        "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md"
+                        "https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md"
+                    ];
+                    cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
+                    minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
+                };
+
+                # You can choose a specific set of servers from https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v2/public-resolvers.md
+                server_names = [ "acsacsar-ams-ipv4" "acsacsar-ams-ipv6" "dnscrypt.eu-dk" "dnscrypt.eu-dk-ipv6" "dnscrypt.eu-nl" "dnscrypt.eu-nl-ipv6" "meganerd" "meganerd-ipv6" ];
+        };
+    };
+
+    systemd.services.dnscrypt-proxy2.serviceConfig = {
+        StateDirectory = "dnscrypt-proxy2";
+    };
+}
--- a/configuration/profiles/yubikey/default.nix
+++ b/configuration/profiles/yubikey/default.nix
@ -0,0 +1,12 @@
+
+{ config, lib, pkgs, ... }:
+{
+    services.pcscd.enable = true;
+    services.udev.packages = [ pkgs.yubikey-personalization ];
+
+    programs.gnupg.agent = {
+        enable = true;
+        enableSSHSupport = true;
+        pinentryFlavor = "curses";
+    };
+}