Compare commits

...

4 Commits

Author SHA1 Message Date
Nathan McCarty 9ec930a1d2
Reconfigure sops 2023-04-26 01:28:39 -04:00
Nathan McCarty 7d45b0584a
Refactor git ssh signing 2023-04-26 01:25:39 -04:00
Nathan McCarty 3df790a53c
Enable ssh sign on vm 2023-04-26 01:21:29 -04:00
Nathan McCarty 94a6643fc4
Refactor ssh keys 2023-04-26 01:19:06 -04:00
7 changed files with 48 additions and 22 deletions

View File

@ -8,6 +8,7 @@ keys:
- &matrix age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d
- &tounge age15vjvppw2gzjwmtlptefhrhqtjyu0a07v488a9s25a3k2vtpqc9uqvw6vl6
- &fusion age1fe57fel46lk5n9t34lh5nl909gk88trwy9ttgxqk3up9d83wxsnsdmuu3a
- &productivity-vm age1n5g03x8p54kzx9nktqgasjugqjydz8u0rw9zcdx5l9c486h3me6qtnh57s
creation_rules:
- path_regex: secrets/all/.*
key_groups:
@ -20,6 +21,7 @@ creation_rules:
- *matrix
- *tounge
- *fusion
- *productivity-vm
- path_regex: secrets/levitation
key_groups:
- age:

View File

@ -74,6 +74,16 @@ with lib; {
signByDefault = lib.mkDefault config.nathan.programs.util.git.gpgSign;
};
})
(mkIf (config.nathan.programs.util.git.enable
&& config.nathan.programs.util.git.sshSign) {
programs.git = {
extraConfig = {
commit.gpgsign = true;
gpg.format = "ssh";
user.signingkey = "~/.ssh/id_ed25519.pub";
};
};
})
(mkIf config.nathan.programs.util.git.enable {
# Git adjacent packages
home.packages = [

View File

@ -22,6 +22,7 @@ with nLib; {
enable = mkEnableOptionT "git";
gpgSign =
mkDefaultOption "git signatures" config.nathan.config.isDesktop;
sshSign = mkDefaultOption "git ssh signatures" false;
};
# Bat configuration, enabled by default
bat = mkEnableOptionT "bat";

23
info/ssh-keys.nix Normal file
View File

@ -0,0 +1,23 @@
{ config, lib, pkgs }: rec {
keys = {
# yubikey ssh key
"yubikey" =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRs6zVljIlQEZ8F+aEBqqbpeFJwCw3JdveZ8TQWfkev cardno:000615938515";
# WSL key
"wsl" =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGXEV5lvLQ1CcPuJANv5AiYxtcRFEYXD5nODCazWnYC5 nathan@mccarty.io";
# Phone key
"phone" =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFR0zpmBCb0iEOeeI6SBwgucddNzccfQ5Zmdgib5iSmF nix-on-droid@localhost";
# Tablet key
"tablet" =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKltqneJjfdLjOvnWQC2iP7hP7aTYkURPiR8LFjB7z87 nix-on-droid@localhost";
# Macbook key
"extremophile" =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPLIZC4A4OhpTvfoL5jeMb1Ong9CwZ/URCYZL6y4Gp7b nathan@extremophile.local";
# vm key
"productivity-vm" =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMgtdTJThr5/vfUswQb3ee6A++W1OxAOGFQJTE8xDuHv nathan@productivity-vm";
};
list = builtins.attrValues keys;
}

View File

@ -7,6 +7,10 @@
programs = {
media.enable = false;
util = { wine = true; };
git = {
gpgSign = false;
sshSign = true;
};
# games = { launcher = true; };
# media.nicotineService = true;
};

View File

@ -9,7 +9,10 @@
};
};
programs = {
util = { productivity = true; };
util = {
productivity = true;
git.sshSign = true;
};
devel = {
core = true;
rust = true;
@ -22,12 +25,4 @@
};
};
};
# Setup git commit signing with ssh key
programs.git = {
extraConfig = {
commit.gpgsign = true;
gpg.format = "ssh";
user.signingkey = "~/.ssh/id_ed25519.pub";
};
};
}

View File

@ -1,5 +1,7 @@
{ config, lib, pkgs, ... }:
let nc = config.nathan.config;
let
nc = config.nathan.config;
ssh = import ../../info/ssh-keys.nix { };
in with lib; {
config = mkMerge [
{
@ -32,18 +34,7 @@ in with lib; {
];
hashedPassword =
"$6$ShBAPGwzKZuB7eEv$cbb3erUqtVGFo/Vux9UwT2NkbVG9VGCxJxPiZFYL0DIc3t4GpYxjkM0M7fFnh.6V8MoSKLM/TvOtzdWbYwI58.";
openssh.authorizedKeys.keys = [
# yubikey ssh key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRs6zVljIlQEZ8F+aEBqqbpeFJwCw3JdveZ8TQWfkev cardno:000615938515"
# WSL key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGXEV5lvLQ1CcPuJANv5AiYxtcRFEYXD5nODCazWnYC5 nathan@mccarty.io"
# Phone key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFR0zpmBCb0iEOeeI6SBwgucddNzccfQ5Zmdgib5iSmF nix-on-droid@localhost"
# Tablet key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKltqneJjfdLjOvnWQC2iP7hP7aTYkURPiR8LFjB7z87 nix-on-droid@localhost"
# Macbook key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPLIZC4A4OhpTvfoL5jeMb1Ong9CwZ/URCYZL6y4Gp7b nathan@extremophile.local"
];
openssh.authorizedKeys.keys = ssh.list;
})
];
};