This adds yubikey-agent as a package and a nixos module.
On macOS, we use `wrapProgram` to set pinentry_mac as default in PATH;
on Linux we rely on the user to set their preferred pinentry in PATH.
In particular, we use a systemd override to prefix PATH to select a
chosen pinentry program if specified.
On Linux, we need libnotify to provide the notify-send utility for
desktop notifications (such as "Waiting for Yubikey touch...").
This might work on other flavors of unix, but I haven't tested.
We reuse the programs.gnupg.agent.pinentryFlavor option for
yubikey-agent, but in doing so I hit a problem: pinentryFlavour's
default value is specified in a mkDefault, but only conditionally. We
ought to be able to pick up the pinentryFlavour whether or not gpg-agent
is running. As a result, this commit moves the default value to the
definition of programs.gnupg.agent.enable.
Fixes this warning at ibus-daemon startup:
(ibus-dconf:15691): dconf-WARNING **: 21:49:24.018: unable to open file '/etc/dconf/db/ibus': Failed to open file ?/etc/dconf/db/ibus?: open() failed: No such file or directory; expect degraded performance
Fixes this warning at ibus-daemon startup:
(ibus-dconf:15691): dconf-WARNING **: 21:49:24.018: unable to open file '/etc/dconf/db/ibus': Failed to open file ?/etc/dconf/db/ibus?: open() failed: No such file or directory; expect degraded performance
While renaming `networking.defaultMailServer` directly to
`services.ssmtp` is shorter and probably clearer, it causes eval errors
due to the second rename (directDelivery -> enable) when using e.g. `lib.mkForce`.
For instance,
``` nix
{ lib, ... }: {
networking.defaultMailServer = {
hostName = "localhost";
directDelivery = lib.mkForce true;
domain = "example.org";
};
}
```
would break with the following (rather confusing) error:
```
error: The option value `services.ssmtp.enable' in `/home/ma27/Projects/nixpkgs/nixos/modules/programs/ssmtp.nix' is not of type `boolean'.
(use '--show-trace' to show detailed location information)
```
To quote the XDG specification:
There is a single base directory relative to which user-specific
data files should be written. This directory is defined by the\
environment variable $XDG_DATA_HOME.
Rather than adding another directory to $HOME, I think that it's better
to follow this standard to avoid a cluttered home-dir.
This reverts commit 6a756af3e7.
Currently zshenv by default only set fpath and HELPDIR without exporting them.
A parent shell would also not set those variables usually as they are shell local.
It also sources a file called set-environment but this is protected by an
environment variable called __NIXOS_SET_ENVIRONMENT_DONE. Hence any modification
done by the parent shell should persist as long as __NIXOS_SET_ENVIRONMENT_DONE
is not unset.
This behavior deviates from what we do in bashrc and breaks common setups such
as tmux/mosh or screen.
Fixes#80437
As of 2020-01-09, way-cooler is officially dead:
http://way-cooler.org/blog/2020/01/09/way-cooler-post-mortem.html
hence, remove the package and the module.
Signed-off-by: Matthias Beyer <mail@beyermatthias.de>
docs/release-notes: remove way-cooler
way-cooler: show warnings about removal
Apply suggestions from code review
Co-Authored-By: worldofpeace <worldofpeace@protonmail.ch>
way-cooler: add suggestion by @Infinisil
sway: refactor with a wrapper
This moves the wrapper functionality from the NixOS module to a new package
(wrapper) that wraps the original sway package (sway-unwrapped). Therefore it's
now also possible to properly use Sway on non-NixOS systems out of the box.
The new submodule for the wrapperFeatures makes it easy to extend the
functionality which should become useful in the future.
This also introduces a GTK wrapper feature to fix issues with icon/GTK themes,
e.g. when running waybar or wofi. This should also work for #67704. If not, we
might have to add some additional dependencies/arguments for this case.
A centralized list for these renames is not good because:
- It breaks disabledModules for modules that have a rename defined
- Adding/removing renames for a module means having to find them in the
central file
- Merge conflicts due to multiple people editing the central file
If no display manager is enabled this will not make any difference, but
if a Wayland compatible display manager like SDDM is enabled, a session
for Sway will be available. Therefore it does make sense to enable this
by default.
This adds the display manager integration mentioned in #57602.
This PR is part of the networking.* namespace cleanup.
ssmtp used to be configured via `networking.defaultMailServer` which is
sort of misleading since it provides options only for ssmtp. Other
dumb mail relays like nullmailer have always been living under
services.
The intent of this PR is to align ssmtp's options with those of similar
services. Specifically, two renames have been done:
* Rename `networking.defaultMailHost` to `services.ssmtp`.
* Rename `directDelivery` to `enable` because this is what it basically does.
From https://github.com/zsh-users/zsh-syntax-highlighting#faq:
"It must be sourced after all custom widgets have been created
(i.e., after all zle -N calls and after running compinit)."
zsh-syntax-highlighting must be sourced to the end.
This solves the dependency cycle in gcr alternatively so there won't be
two gnupg store paths in a standard NixOS system which has udisks2 enabled
by default.
NixOS users are expected to use the gpg-agent user service to pull in the
appropriate pinentry flavour or install it on their systemPackages and set
it in their local gnupg agent config instead.
Co-authored-by: Florian Klink <flokli@flokli.de>
This solves the dependency cycle in gcr alternatively so there won't be
two gnupg store paths in a standard NixOS system which has udisks2 enabled
by default.
NixOS users are expected to use the gpg-agent user service to pull in the
appropriate pinentry flavour or install it on their systemPackages and set
it in their local gnupg agent config instead.
Co-authored-by: Florian Klink <flokli@flokli.de>
If you want to be able to use OpenSC with ssh-agent, you need to be able
to add it to the ssh-agent whitelist. This adds an option,
agentPKCS11Whitelist, that exposes the option.
Note that I currently work around this by injecting the parameter into
the agentTimeout option:
programs.ssh.agentTimeout = "1h -P ${pkgs.opensc}/lib/opensc-pkcs11.so";
but I feel that a proper option would be better :)
This enlarges the system uid/gid range 6-fold, from 100 to 600 ids. This
is a preventative measure against running out of dynamically allocated
ids for NixOS services with isSystemUser, which should become the
preferred way of allocating uids for non-real users.
We had these set so gtk2 can discover themes properly, however we failed
realize that gtk2 already has a patch that makes it search in XDG_DATA_DIRS.
I don't believe any issue is solved by setting these.