nix
/
System
2
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: nix:9ec930a1d232e37f1d9902a7c6a6d1755e47153e
Branches Tags
nix:trunk
..
compare: nix:c06cd8034e6ca878c12338fffd26651efa00cca9
Branches Tags
nix:trunk

No commits in common. "9ec930a1d232e37f1d9902a7c6a6d1755e47153e" and "c06cd8034e6ca878c12338fffd26651efa00cca9" have entirely different histories.
9ec930a1d2 ... c06cd8034e

7 changed files with 22 additions and 48 deletions
Show Stats Expand all files Collapse all files

2
.sops.yaml
View File

@ -8,7 +8,6 @@ keys:
- &matrix age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d - &matrix age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d
- &tounge age15vjvppw2gzjwmtlptefhrhqtjyu0a07v488a9s25a3k2vtpqc9uqvw6vl6 - &tounge age15vjvppw2gzjwmtlptefhrhqtjyu0a07v488a9s25a3k2vtpqc9uqvw6vl6
- &fusion age1fe57fel46lk5n9t34lh5nl909gk88trwy9ttgxqk3up9d83wxsnsdmuu3a - &fusion age1fe57fel46lk5n9t34lh5nl909gk88trwy9ttgxqk3up9d83wxsnsdmuu3a
- &productivity-vm age1n5g03x8p54kzx9nktqgasjugqjydz8u0rw9zcdx5l9c486h3me6qtnh57s
creation_rules: creation_rules:
- path_regex: secrets/all/.* - path_regex: secrets/all/.*
key_groups: key_groups:
@ -21,7 +20,6 @@ creation_rules:
- *matrix - *matrix
- *tounge - *tounge
- *fusion - *fusion
- *productivity-vm
- path_regex: secrets/levitation - path_regex: secrets/levitation
key_groups: key_groups:
- age: - age:

10
home-manager/common/programs/core.nix
View File

@ -74,16 +74,6 @@ with lib; {
signByDefault = lib.mkDefault config.nathan.programs.util.git.gpgSign; signByDefault = lib.mkDefault config.nathan.programs.util.git.gpgSign;
}; };
}) })
(mkIf (config.nathan.programs.util.git.enable
&& config.nathan.programs.util.git.sshSign) {
programs.git = {
extraConfig = {
commit.gpgsign = true;
gpg.format = "ssh";
user.signingkey = "~/.ssh/id_ed25519.pub";
};
};
})
(mkIf config.nathan.programs.util.git.enable { (mkIf config.nathan.programs.util.git.enable {
# Git adjacent packages # Git adjacent packages
home.packages = [ home.packages = [

1
home-manager/options.nix
View File

@ -22,7 +22,6 @@ with nLib; {
enable = mkEnableOptionT "git"; enable = mkEnableOptionT "git";
gpgSign = gpgSign =
mkDefaultOption "git signatures" config.nathan.config.isDesktop; mkDefaultOption "git signatures" config.nathan.config.isDesktop;
sshSign = mkDefaultOption "git ssh signatures" false;
}; };
# Bat configuration, enabled by default # Bat configuration, enabled by default
bat = mkEnableOptionT "bat"; bat = mkEnableOptionT "bat";

23
info/ssh-keys.nix
View File

@ -1,23 +0,0 @@
{ config, lib, pkgs }: rec {
keys = {
# yubikey ssh key
"yubikey" =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRs6zVljIlQEZ8F+aEBqqbpeFJwCw3JdveZ8TQWfkev cardno:000615938515";
# WSL key
"wsl" =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGXEV5lvLQ1CcPuJANv5AiYxtcRFEYXD5nODCazWnYC5 nathan@mccarty.io";
# Phone key
"phone" =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFR0zpmBCb0iEOeeI6SBwgucddNzccfQ5Zmdgib5iSmF nix-on-droid@localhost";
# Tablet key
"tablet" =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKltqneJjfdLjOvnWQC2iP7hP7aTYkURPiR8LFjB7z87 nix-on-droid@localhost";
# Macbook key
"extremophile" =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPLIZC4A4OhpTvfoL5jeMb1Ong9CwZ/URCYZL6y4Gp7b nathan@extremophile.local";
# vm key
"productivity-vm" =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMgtdTJThr5/vfUswQb3ee6A++W1OxAOGFQJTE8xDuHv nathan@productivity-vm";
};
list = builtins.attrValues keys;
}

4
machines/productivity-vm/home.nix
View File

@ -7,10 +7,6 @@
programs = { programs = {
media.enable = false; media.enable = false;
util = { wine = true; }; util = { wine = true; };
git = {
gpgSign = false;
sshSign = true;
};
# games = { launcher = true; }; # games = { launcher = true; };
# media.nicotineService = true; # media.nicotineService = true;
}; };

13
machines/wsl/home.nix
View File

@ -9,10 +9,7 @@
}; };
}; };
programs = { programs = {
util = { util = { productivity = true; };
productivity = true;
git.sshSign = true;
};
devel = { devel = {
core = true; core = true;
rust = true; rust = true;
@ -25,4 +22,12 @@
}; };
}; };
}; };
# Setup git commit signing with ssh key
programs.git = {
extraConfig = {
commit.gpgsign = true;
gpg.format = "ssh";
user.signingkey = "~/.ssh/id_ed25519.pub";
};
};
} }

17
modules/linux/user.nix
View File

@ -1,7 +1,5 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let nc = config.nathan.config;
nc = config.nathan.config;
ssh = import ../../info/ssh-keys.nix { };
in with lib; { in with lib; {
config = mkMerge [ config = mkMerge [
{ {
@ -34,7 +32,18 @@ in with lib; {
]; ];
hashedPassword = hashedPassword =
"$6$ShBAPGwzKZuB7eEv$cbb3erUqtVGFo/Vux9UwT2NkbVG9VGCxJxPiZFYL0DIc3t4GpYxjkM0M7fFnh.6V8MoSKLM/TvOtzdWbYwI58."; "$6$ShBAPGwzKZuB7eEv$cbb3erUqtVGFo/Vux9UwT2NkbVG9VGCxJxPiZFYL0DIc3t4GpYxjkM0M7fFnh.6V8MoSKLM/TvOtzdWbYwI58.";
openssh.authorizedKeys.keys = ssh.list; openssh.authorizedKeys.keys = [
# yubikey ssh key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRs6zVljIlQEZ8F+aEBqqbpeFJwCw3JdveZ8TQWfkev cardno:000615938515"
# WSL key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGXEV5lvLQ1CcPuJANv5AiYxtcRFEYXD5nODCazWnYC5 nathan@mccarty.io"
# Phone key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFR0zpmBCb0iEOeeI6SBwgucddNzccfQ5Zmdgib5iSmF nix-on-droid@localhost"
# Tablet key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKltqneJjfdLjOvnWQC2iP7hP7aTYkURPiR8LFjB7z87 nix-on-droid@localhost"
# Macbook key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPLIZC4A4OhpTvfoL5jeMb1Ong9CwZ/URCYZL6y4Gp7b nathan@extremophile.local"
];
}) })
]; ];
}; };