diff options
| -rw-r--r-- | krebs/3modules/default.nix | 1 | ||||
| -rw-r--r-- | krebs/3modules/exim-smarthost.nix | 24 | ||||
| -rw-r--r-- | krebs/3modules/makefu/default.nix | 67 | ||||
| -rw-r--r-- | krebs/3modules/nginx.nix | 13 | ||||
| -rw-r--r-- | krebs/3modules/power-action.nix (renamed from lass/3modules/power-action.nix) | 4 | ||||
| -rw-r--r-- | krebs/3modules/retiolum.nix | 40 | ||||
| -rw-r--r-- | krebs/4lib/default.nix | 1 | ||||
| -rw-r--r-- | krebs/5pkgs/exim/default.nix | 5 | ||||
| -rw-r--r-- | lass/1systems/helios.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/buildbot-standalone.nix | 7 | ||||
| -rw-r--r-- | lass/2configs/git.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/power-action.nix | 4 | ||||
| -rw-r--r-- | lass/3modules/default.nix | 1 | ||||
| -rw-r--r-- | makefu/1systems/omo.nix | 25 | ||||
| -rw-r--r-- | makefu/2configs/bepasty-dual.nix | 6 | ||||
| -rw-r--r-- | makefu/2configs/hw/tp-x2x0.nix | 7 | ||||
| -rw-r--r-- | makefu/2configs/zsh-user.nix | 2 |
17 files changed, 172 insertions, 39 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index d64d8047a..9af42acc9 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -28,6 +28,7 @@ let ./on-failure.nix ./os-release.nix ./per-user.nix + ./power-action.nix ./Reaktor.nix ./realwallpaper.nix ./retiolum-bootstrap.nix diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index aba6ee0b5..cfe2e5f04 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -2,6 +2,7 @@ with config.krebs.lib; let + indent = replaceChars ["\n"] ["\n "]; cfg = config.krebs.exim-smarthost; out = { @@ -12,6 +13,11 @@ let api = { enable = mkEnableOption "krebs.exim-smarthost"; + authenticators = mkOption { + type = types.attrsOf types.str; + default = {}; + }; + dkim = mkOption { type = types.listOf (types.submodule ({ config, ... }: { options = { @@ -80,6 +86,16 @@ let default = []; }; + ssl_cert = mkOption { + type = types.nullOr types.str; + default = null; + }; + + ssl_key = mkOption { + type = types.nullOr types.str; + default = null; + }; + system-aliases = mkOption { type = types.listOf (types.submodule ({ options = { @@ -136,7 +152,9 @@ let syslog_timestamp = false syslog_duplication = false - tls_advertise_hosts = + ${optionalString (cfg.ssl_cert != null) "tls_certificate = ${cfg.ssl_cert}"} + ${optionalString (cfg.ssl_key != null) "tls_privatekey = ${cfg.ssl_key}"} + tls_advertise_hosts =${optionalString (cfg.ssl_cert != null) " *"} begin acl @@ -257,6 +275,10 @@ let begin rewrite begin authenticators + ${concatStringsSep "\n" (mapAttrsToList (name: text: '' + ${name}: + ${indent text} + '') cfg.authenticators)} ''; }; }; diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 52db3de85..a878f50ee 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -49,10 +49,22 @@ with config.krebs.lib; ''; }; siem = { - ip4.addr = "10.8.10.2"; + ip4.addr = "10.8.10.2"; + ip4.prefix = "10.8.10.0/24"; aliases = [ "darth.siem" ]; + tinc.pubkey = '' + Ed25519PublicKey = 24t9ye4gRLg6UbVxBvuuDlvU/cnByxMjYjym4LO6GkK + -----BEGIN RSA PUBLIC KEY----- + MIIBCQKCAQEApcUeTecVahqNIfLEkfgNiaW+eHQ9Y90DxHhy9vdPZh8dmLqoFBoW + TCPcZIRpyj7hxRkNIhh34Ewpul0oQ1tzrUGcT2xvMNwaCupRDmhZn9jR9aFFEYKb + fUOplCxb4y2UKbWAA6hie3PKH9wnPfbwSsexb2BSQAqSt4iNIVCV6j7LXpiopbGS + Exs3/Pz+IeMtGyuMYA3rUmJsVRKR1o7axLtlhYK7JSMbqdYhaQJ4NZrvIXw//w21 + kM/TJTPZ4j47ME18jQInO62X5h+xVch6DtvwvjBMMMKbS0am9qw1P3qo7MP3PmQh + rvVQRth8L63q4NLOnT29XmnxPSVGL1PBQQICEAE= + -----END RSA PUBLIC KEY----- + ''; }; }; }; @@ -60,9 +72,20 @@ with config.krebs.lib; nets = { siem = { ip4.addr = "10.8.10.6"; + ip4.prefix = "10.8.10.0/24"; aliases = [ "ossim.siem" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAv5qv9R3E1AHJOhTnHJ2E5zWjItRdXSw/inpz/W+KcBeM/HSG0XEl + RyGAwty7VP4CiLp7CagWmtVsz/5ytnXJzLDeRLn5t+KzO6am0aOpvAt6ZggZXPhL + cQkn4IGi1TJE5tw+lzabBkUZm3zD1KEXpqJeZ6spA4e9lB/+T3Tx23g9WDEOKand + mAJrsdsvTCIiVJefidOAmgeZVVOV3ltBonNP1nqEy+5v4B3EBT/Uj7ImL2aRj/pd + dPs6dGV2LqSQvnrSbFZzuKVXKpD1M+wgT/5NQk/hVJJxBQC6rxvpg1XyQkepcLWL + WjvogOl4NjXStmKDX2+gPPFx6XTmwDenOwIDAQAB + -----END RSA PUBLIC KEY----- + ''; }; }; }; @@ -126,9 +149,21 @@ with config.krebs.lib; }; siem = { ip4.addr = "10.8.10.4"; + ip4.prefix = "10.8.10.0/24"; aliases = [ - "arch.siem" + "makefu.siem" ]; + tinc.pubkey = '' + Ed25519PublicKey = rFTglGxm563e/w82Q9Qqy/E+V/ipT4DOTyTuYrWrtmI + -----BEGIN RSA PUBLIC KEY----- + MIIBCQKCAQEAx+OQXQj6rlXIByo48JZXSexRz5G5oJVZTHAJ0GF5f70U65C0x83p + XtNp4LGYti+cyyzmQjf/N7jr2CxUlOATN2nRO4CT+JaMM2MoqnPWqTZBPMDiHq2y + ce0zjLPPl0hVc5mg+6F0tgolbUvTIo2CgAIl5lNvJiVfmXRSehmMprf1NPkxJd/O + vAOD7mgnCjkEAWElf1cfxSGZqSLbNltRK340nE5x6A5tY7iEueP/r9chEmOnVjKm + t+GJAJIe1PClWJHJYAXF8I7R3g+XQIqgw+VTN3Ng5cS5W/mbTFIzLWMZpdZaAhWR + 56pthtZAE5FZ+4vxMpDQ4yeDu0b6gajWNQICEAE= + -----END RSA PUBLIC KEY----- + ''; }; }; ssh.privkey.path = <secrets/ssh_host_ed25519_key>; @@ -167,6 +202,7 @@ with config.krebs.lib; extraZones = { "krebsco.de" = '' euer IN MX 1 aspmx.l.google.com. + nixos.unstable IN CNAME krebscode.github.io. pigstarter IN A ${nets.internet.ip4.addr} gold IN A ${nets.internet.ip4.addr} boot IN A ${nets.internet.ip4.addr} @@ -324,7 +360,21 @@ with config.krebs.lib; nets = { siem = { ip4.addr = "10.8.10.7"; + ip4.prefix = "10.8.10.0/24"; aliases = [ "display.siem" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA+/TpxsVIBL9J9QAe/+jB6sgu/O6J+KY4YrAzZ6dM4kbFv5JA64f5 + 6znv8EFqn6loS9Aez3e08P5scyGjiwWytdKN5Yztlffc0xDD7MUU2RiCsQF1X74J + +1i8NhSq3PJ6UeUURxYYnAYzBlFvsxev4vpniFTsIR9tmcAYX9NT9420D6nV7xq7 + FdkoBlYj4eUQqQzHH1T/Lmt+BGmf+BufIJas+Oo/Sg59vIk9OM08WyAjHVT2iNbg + LXDhzVaeGOOM3GOa0YGG0giM3Rd245YPaPiVbwrMy8HQRBpMzXOPjcC1nYZSjxrW + LQxtRS+dmfEMG7MJ8T2T2bseX6z6mONc1QIDAQAB + -----END RSA PUBLIC KEY----- + -----BEGIN ED25519 PUBLIC KEY----- + 3JGeGnADWR+hfb4TEoHDyopEYgkfGNJKwy71bqcsNrO + -----END ED25519 PUBLIC KEY----- + ''; }; retiolum = { ip4.addr = "10.243.214.15"; @@ -394,10 +444,21 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB nets = { siem = { ip4.addr = "10.8.10.1"; + ip4.prefix = "10.8.10.0/24"; aliases = [ - "sjump.siem" + "shoney.siem" "graphs.siem" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA0OK28PHsMGMxAqVRiRGv93zzEWJgV3hMFquWrpbYC3OZwHDYcNHu + 74skwRRwwnbcq0ZtWroEvUTmZczuPt2FewdtuEutT7uZJnAYnzSOrB9lmmdoXKQU + l4ho1LEf/J0sMBi7RU/OJosuruQTAl53ca5KQbRCXkcPlmq4KzUpvgPINpEpYQjB + CGC3ErOvw2jXESbDnWomYZgJl3uilJUEYlyQEwyWVG+fO8uxlz9qKLXMlkoJTbs4 + fTIcxh7y6ZA7QfMN3Ruq1R66smfXQ4xu1hybvqL66RLiDQgH3BRyKIgobS1UxI4z + L+xhIsiMXQIo2hv8aOUnf/7Ac9DXNR83GwIDAQAB + -----END RSA PUBLIC KEY----- + ''; }; internet = { ip4.addr = "64.137.234.215"; diff --git a/krebs/3modules/nginx.nix b/krebs/3modules/nginx.nix index bc32da3b1..214f55018 100644 --- a/krebs/3modules/nginx.nix +++ b/krebs/3modules/nginx.nix @@ -71,6 +71,14 @@ let type = bool; default = true; }; + force_encryption = mkOption { + type = bool; + default = false; + description = '' + redirect all `http` traffic to the same domain but with ssl + protocol. + ''; + }; protocols = mkOption { type = listOf (enum [ "SSLv2" "SSLv3" "TLSv1" "TLSv1.1" "TLSv1.2" ]); default = [ "TLSv1.1" "TLSv1.2" ]; @@ -120,6 +128,11 @@ let server_name ${toString (unique server-names)}; ${concatMapStringsSep "\n" (x: indent "listen ${x};") listen} ${optionalString ssl.enable (indent '' + ${optionalString ssl.force_encryption '' + if ($scheme = http){ + return 301 https://$server_name$request_uri; + } + ''} listen 443 ssl; ssl_certificate ${ssl.certificate}; ssl_certificate_key ${ssl.certificate_key}; diff --git a/lass/3modules/power-action.nix b/krebs/3modules/power-action.nix index 30875c9a9..4c2533eb7 100644 --- a/lass/3modules/power-action.nix +++ b/krebs/3modules/power-action.nix @@ -3,10 +3,10 @@ with config.krebs.lib; let - cfg = config.lass.power-action; + cfg = config.krebs.power-action; out = { - options.lass.power-action = api; + options.krebs.power-action = api; config = lib.mkIf cfg.enable imp; }; diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix index 0bd815211..18e0dd65a 100644 --- a/krebs/3modules/retiolum.nix +++ b/krebs/3modules/retiolum.nix @@ -12,9 +12,11 @@ let define a tinc network ''; type = with types; attrsOf (submodule (tinc: { - options = { + options = let + netname = tinc.config._module.args.name; + in { - enable = mkEnableOption "krebs.tinc.${tinc.config._module.args.name}" // { default = true; }; + enable = mkEnableOption "krebs.tinc.${netname}" // { default = true; }; host = mkOption { type = types.host; @@ -23,7 +25,7 @@ let netname = mkOption { type = types.enum (attrNames tinc.config.host.nets); - default = tinc.config._module.args.name; + default = netname; description = '' The tinc network name. It is used to name the TUN device and to generate the default value for @@ -38,6 +40,27 @@ let Extra Configuration to be appended to tinc.conf ''; }; + tincUp = mkOption { + type = types.string; + default = let + net = tinc.config.host.nets.${netname}; + iproute = tinc.config.iproutePackage; + in '' + ${optionalString (net.ip4 != null) /* sh */ '' + ${iproute}/sbin/ip -4 addr add ${net.ip4.addr} dev ${netname} + ${iproute}/sbin/ip -4 route add ${net.ip4.prefix} dev ${netname} + ''} + ${optionalString (net.ip6 != null) /* sh */ '' + ${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${netname} + ${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${netname} + ''} + ''; + description = '' + tinc-up script to be used. Defaults to setting the + krebs.host.nets.<netname>.ip4 and ip6 for the new ips and + configures forwarding of the respecitive netmask as subnet. + ''; + }; tincPackage = mkOption { type = types.package; @@ -131,6 +154,7 @@ let krebs.secret.files = mapAttrs' (netname: cfg: nameValuePair "${netname}.rsa_key.priv" cfg.privkey ) config.krebs.tinc; + users.users = mapAttrs' (netname: cfg: nameValuePair "${netname}" { inherit (cfg.user) home name uid; @@ -140,7 +164,6 @@ let systemd.services = mapAttrs (netname: cfg: let - net = cfg.host.nets.${netname}; tinc = cfg.tincPackage; iproute = cfg.iproutePackage; @@ -157,14 +180,7 @@ let ''; "tinc-up" = pkgs.writeDash "${netname}-tinc-up" '' ${iproute}/sbin/ip link set ${netname} up - ${optionalString (net.ip4 != null) /* sh */ '' - ${iproute}/sbin/ip -4 addr add ${net.ip4.addr} dev ${netname} - ${iproute}/sbin/ip -4 route add ${net.ip4.prefix} dev ${netname} - ''} - ${optionalString (net.ip6 != null) /* sh */ '' - ${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${netname} - ${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${netname} - ''} + ${cfg.tincUp} ''; } ); diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix index 296748333..f62c033bd 100644 --- a/krebs/4lib/default.nix +++ b/krebs/4lib/default.nix @@ -33,6 +33,7 @@ let out = rec { dir.has-default-nix = path: pathExists (path + "/default.nix"); genid = import ./genid.nix { lib = lib // out; }; + genid_signed = x: ((genid x) + 16777216) / 2; git = import ./git.nix { lib = lib // out; }; shell = import ./shell.nix { inherit lib; }; tree = import ./tree.nix { inherit lib; }; diff --git a/krebs/5pkgs/exim/default.nix b/krebs/5pkgs/exim/default.nix index 0918e308d..835970555 100644 --- a/krebs/5pkgs/exim/default.nix +++ b/krebs/5pkgs/exim/default.nix @@ -1,4 +1,4 @@ -{ coreutils, fetchurl, db, openssl, pcre, perl, pkgconfig, stdenv }: +{ coreutils, fetchurl, db, openssl, pam, pcre, perl, pkgconfig, stdenv }: stdenv.mkDerivation rec { name = "exim-4.87"; @@ -8,7 +8,7 @@ stdenv.mkDerivation rec { sha256 = "1jbxn13shq90kpn0s73qpjnx5xm8jrpwhcwwgqw5s6sdzw6iwsbl"; }; - buildInputs = [ coreutils db openssl pcre perl pkgconfig ]; + buildInputs = [ coreutils db openssl pam pcre perl pkgconfig ]; preBuild = '' sed ' @@ -24,6 +24,7 @@ stdenv.mkDerivation rec { s:^# \(SUPPORT_TLS\)=.*:\1=yes: s:^# \(USE_OPENSSL_PC=openssl\)$:\1: s:^# \(LOG_FILE_PATH=syslog\)$:\1: + s:^# \(SUPPORT_PAM\)=.*:\1=yes\nEXTRALIBS=-lpam: s:^# \(HAVE_IPV6=yes\)$:\1: s:^# \(CHOWN_COMMAND\)=.*:\1=${coreutils}/bin/chown: s:^# \(CHGRP_COMMAND\)=.*:\1=${coreutils}/bin/chgrp: diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix index 5f161d731..53026a6fb 100644 --- a/lass/1systems/helios.nix +++ b/lass/1systems/helios.nix @@ -58,7 +58,7 @@ with config.krebs.lib; # }; #} { - lass.power-action.battery = "BAT1"; + krebs.power-action.battery = "BAT1"; } ]; diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 5afb23687..7c7693ab7 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -3,8 +3,13 @@ with config.krebs.lib; let + sshHostConfig = pkgs.writeText "ssh-config" '' + ControlMaster auto + ControlPath /tmp/%u_sshmux_%r@%h:%p + ControlPersist 4h + ''; sshWrapper = pkgs.writeDash "ssh-wrapper" '' - ${pkgs.openssh}/bin/ssh -i ${shell.escape config.lass.build-ssh-privkey.path} "$@" + ${pkgs.openssh}/bin/ssh -F ${sshHostConfig} -i ${shell.escape config.lass.build-ssh-privkey.path} "$@" ''; in { diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 9a1cab176..ab4450715 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -80,7 +80,7 @@ let perm = push "refs/*" [ non-fast-forward create delete merge ]; } ++ optional repo.public { - user = [ tv makefu ]; + user = attrValues config.krebs.users; repo = [ repo ]; perm = fetch; } ++ diff --git a/lass/2configs/power-action.nix b/lass/2configs/power-action.nix index 0ff8547c7..133966498 100644 --- a/lass/2configs/power-action.nix +++ b/lass/2configs/power-action.nix @@ -11,7 +11,7 @@ let ''; in { - lass.power-action = { + krebs.power-action = { enable = true; plans.low-battery = { upperLimit = 30; @@ -36,6 +36,6 @@ in { ]; security.sudo.extraConfig = '' - ${config.lass.power-action.user.name} ALL= (root) NOPASSWD: ${suspend} + ${config.krebs.power-action.user.name} ALL= (root) NOPASSWD: ${suspend} ''; } diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 6a3b41ca4..60370b230 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -4,7 +4,6 @@ _: ./ejabberd ./folderPerms.nix ./mysql-backup.nix - ./power-action.nix ./umts.nix ./urxvtd.nix ./wordpress_nginx.nix diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index e11abd40d..ead8f49b6 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -4,6 +4,7 @@ { config, pkgs, lib, ... }: let + toMapper = id: "/media/crypt${builtins.toString id}"; byid = dev: "/dev/disk/by-id/" + dev; keyFile = byid "usb-Verbatim_STORE_N_GO_070B3CEE0B223954-0:0"; rootDisk = byid "ata-SanDisk_SD8SNAT128G1122_162099420904"; @@ -33,7 +34,8 @@ let # all physical disks # TODO callPackage ../3modules/MonitorDisks { disks = allDisks } - allDisks = [ rootDisk cryptDisk0 cryptDisk1 cryptDisk2 ]; + dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 ]; + allDisks = [ rootDisk ] ++ dataDisks; in { imports = [ @@ -73,25 +75,34 @@ in { virtualisation.docker.enable = true; - # HDD Array stuff - environment.systemPackages = [ pkgs.mergerfs ]; services.smartd.devices = builtins.map (x: { device = x; }) allDisks; - makefu.snapraid = let - toMapper = id: "/media/crypt${builtins.toString id}"; - in { + makefu.snapraid = { enable = true; disks = map toMapper [ 0 1 ]; parity = toMapper 2; }; + # TODO create folders in /media + system.activationScripts.createCryptFolders = '' + ${lib.concatMapStringsSep "\n" + (d: "install -m 755 -d " + (toMapper d) ) + [ 0 1 2 "X" ]} + ''; + environment.systemPackages = [ pkgs.mergerfs ]; fileSystems = let cryptMount = name: { "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };}; in cryptMount "crypt0" // cryptMount "crypt1" - // cryptMount "crypt2"; + // cryptMount "crypt2" + // { "/media/cryptX" = { + device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 ]); + fsType = "mergerfs"; + options = [ "defaults" "allow_other" ]; + }; + }; powerManagement.powerUpCommands = lib.concatStrings (map (disk: '' ${pkgs.hdparm}/sbin/hdparm -S 100 ${disk} diff --git a/makefu/2configs/bepasty-dual.nix b/makefu/2configs/bepasty-dual.nix index f675c4ac8..4b5389c32 100644 --- a/makefu/2configs/bepasty-dual.nix +++ b/makefu/2configs/bepasty-dual.nix @@ -45,6 +45,7 @@ in { #certificate = "${sec}/wildcard.krebsco.de.crt"; #certificate_key = "${sec}/wildcard.krebsco.de.key"; ciphers = "RC4:HIGH:!aNULL:!MD5" ; + force_encryption = true; }; locations = singleton ( nameValuePair "/.well-known/acme-challenge" '' root ${acmechall}/${ext-dom}/; @@ -54,10 +55,7 @@ in { ssl_session_timeout 10m; ssl_verify_client off; proxy_ssl_session_reuse off; - - if ($scheme = http){ - return 301 https://$server_name$request_uri; - }''; + ''; }; defaultPermissions = "read"; secretKey = secKey; diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix index c10ec1314..9047cfb66 100644 --- a/makefu/2configs/hw/tp-x2x0.nix +++ b/makefu/2configs/hw/tp-x2x0.nix @@ -12,6 +12,12 @@ with config.krebs.lib; zramSwap.enable = true; zramSwap.numDevices = 2; + # enable synaptics so we can easily disable the touchpad + # enable the touchpad with `synclient TouchpadOff=0` + services.xserver.synaptics = { + enable = true; + additionalOptions = ''Option "TouchpadOff" "1"''; + }; hardware.trackpoint = { enable = true; sensitivity = 220; @@ -19,7 +25,6 @@ with config.krebs.lib; emulateWheel = true; }; - services.tlp.enable = true; services.tlp.extraConfig = '' # BUG: http://linrunner.de/en/tlp/docs/tlp-faq.html#erratic-battery diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix index 99c1315e1..a3286b7fd 100644 --- a/makefu/2configs/zsh-user.nix +++ b/makefu/2configs/zsh-user.nix @@ -22,7 +22,7 @@ in bindkey "\e[3~" delete-char zstyle ':completion:*' menu select - gpg-connect-agent updatestartuptty /bye >/dev/null + ${pkgs.gnupg}/bin/gpg-connect-agent updatestartuptty /bye >/dev/null GPG_TTY=$(tty) export GPG_TTY unset SSH_AGENT_PID |