nix
/
System
2
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: nix:c06cd8034e6ca878c12338fffd26651efa00cca9
Branches Tags
nix:trunk
...
compare: nix:9ec930a1d232e37f1d9902a7c6a6d1755e47153e
Branches Tags
nix:trunk

4 Commits
c06cd8034e ... 9ec930a1d2

Author SHA1 Message Date
Nathan McCarty 9ec930a1d2
Reconfigure sops 2023-04-26 01:28:39 -04:00
Nathan McCarty 7d45b0584a
Refactor git ssh signing 2023-04-26 01:25:39 -04:00
Nathan McCarty 3df790a53c
Enable ssh sign on vm 2023-04-26 01:21:29 -04:00
Nathan McCarty 94a6643fc4
Refactor ssh keys 2023-04-26 01:19:06 -04:00
7 changed files with 48 additions and 22 deletions
Show Stats Expand all files Collapse all files

2
.sops.yaml
View File

@ -8,6 +8,7 @@ keys:
- &matrix age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d - &matrix age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d
- &tounge age15vjvppw2gzjwmtlptefhrhqtjyu0a07v488a9s25a3k2vtpqc9uqvw6vl6 - &tounge age15vjvppw2gzjwmtlptefhrhqtjyu0a07v488a9s25a3k2vtpqc9uqvw6vl6
- &fusion age1fe57fel46lk5n9t34lh5nl909gk88trwy9ttgxqk3up9d83wxsnsdmuu3a - &fusion age1fe57fel46lk5n9t34lh5nl909gk88trwy9ttgxqk3up9d83wxsnsdmuu3a
- &productivity-vm age1n5g03x8p54kzx9nktqgasjugqjydz8u0rw9zcdx5l9c486h3me6qtnh57s
creation_rules: creation_rules:
- path_regex: secrets/all/.* - path_regex: secrets/all/.*
key_groups: key_groups:
@ -20,6 +21,7 @@ creation_rules:
- *matrix - *matrix
- *tounge - *tounge
- *fusion - *fusion
- *productivity-vm
- path_regex: secrets/levitation - path_regex: secrets/levitation
key_groups: key_groups:
- age: - age:

10
home-manager/common/programs/core.nix
View File

@ -74,6 +74,16 @@ with lib; {
signByDefault = lib.mkDefault config.nathan.programs.util.git.gpgSign; signByDefault = lib.mkDefault config.nathan.programs.util.git.gpgSign;
}; };
}) })
(mkIf (config.nathan.programs.util.git.enable
&& config.nathan.programs.util.git.sshSign) {
programs.git = {
extraConfig = {
commit.gpgsign = true;
gpg.format = "ssh";
user.signingkey = "~/.ssh/id_ed25519.pub";
};
};
})
(mkIf config.nathan.programs.util.git.enable { (mkIf config.nathan.programs.util.git.enable {
# Git adjacent packages # Git adjacent packages
home.packages = [ home.packages = [

1
home-manager/options.nix
View File

@ -22,6 +22,7 @@ with nLib; {
enable = mkEnableOptionT "git"; enable = mkEnableOptionT "git";
gpgSign = gpgSign =
mkDefaultOption "git signatures" config.nathan.config.isDesktop; mkDefaultOption "git signatures" config.nathan.config.isDesktop;
sshSign = mkDefaultOption "git ssh signatures" false;
}; };
# Bat configuration, enabled by default # Bat configuration, enabled by default
bat = mkEnableOptionT "bat"; bat = mkEnableOptionT "bat";

23
info/ssh-keys.nix Normal file
View File

@ -0,0 +1,23 @@
{ config, lib, pkgs }: rec {
keys = {
# yubikey ssh key
"yubikey" =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRs6zVljIlQEZ8F+aEBqqbpeFJwCw3JdveZ8TQWfkev cardno:000615938515";
# WSL key
"wsl" =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGXEV5lvLQ1CcPuJANv5AiYxtcRFEYXD5nODCazWnYC5 nathan@mccarty.io";
# Phone key
"phone" =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFR0zpmBCb0iEOeeI6SBwgucddNzccfQ5Zmdgib5iSmF nix-on-droid@localhost";
# Tablet key
"tablet" =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKltqneJjfdLjOvnWQC2iP7hP7aTYkURPiR8LFjB7z87 nix-on-droid@localhost";
# Macbook key
"extremophile" =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPLIZC4A4OhpTvfoL5jeMb1Ong9CwZ/URCYZL6y4Gp7b nathan@extremophile.local";
# vm key
"productivity-vm" =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMgtdTJThr5/vfUswQb3ee6A++W1OxAOGFQJTE8xDuHv nathan@productivity-vm";
};
list = builtins.attrValues keys;
}

4
machines/productivity-vm/home.nix
View File

@ -7,6 +7,10 @@
programs = { programs = {
media.enable = false; media.enable = false;
util = { wine = true; }; util = { wine = true; };
git = {
gpgSign = false;
sshSign = true;
};
# games = { launcher = true; }; # games = { launcher = true; };
# media.nicotineService = true; # media.nicotineService = true;
}; };

13
machines/wsl/home.nix
View File

@ -9,7 +9,10 @@
}; };
}; };
programs = { programs = {
util = { productivity = true; }; util = {
productivity = true;
git.sshSign = true;
};
devel = { devel = {
core = true; core = true;
rust = true; rust = true;
@ -22,12 +25,4 @@
}; };
}; };
}; };
# Setup git commit signing with ssh key
programs.git = {
extraConfig = {
commit.gpgsign = true;
gpg.format = "ssh";
user.signingkey = "~/.ssh/id_ed25519.pub";
};
};
} }

17
modules/linux/user.nix
View File

@ -1,5 +1,7 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let nc = config.nathan.config; let
nc = config.nathan.config;
ssh = import ../../info/ssh-keys.nix { };
in with lib; { in with lib; {
config = mkMerge [ config = mkMerge [
{ {
@ -32,18 +34,7 @@ in with lib; {
]; ];
hashedPassword = hashedPassword =
"$6$ShBAPGwzKZuB7eEv$cbb3erUqtVGFo/Vux9UwT2NkbVG9VGCxJxPiZFYL0DIc3t4GpYxjkM0M7fFnh.6V8MoSKLM/TvOtzdWbYwI58."; "$6$ShBAPGwzKZuB7eEv$cbb3erUqtVGFo/Vux9UwT2NkbVG9VGCxJxPiZFYL0DIc3t4GpYxjkM0M7fFnh.6V8MoSKLM/TvOtzdWbYwI58.";
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = ssh.list;
# yubikey ssh key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRs6zVljIlQEZ8F+aEBqqbpeFJwCw3JdveZ8TQWfkev cardno:000615938515"
# WSL key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGXEV5lvLQ1CcPuJANv5AiYxtcRFEYXD5nODCazWnYC5 nathan@mccarty.io"
# Phone key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFR0zpmBCb0iEOeeI6SBwgucddNzccfQ5Zmdgib5iSmF nix-on-droid@localhost"
# Tablet key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKltqneJjfdLjOvnWQC2iP7hP7aTYkURPiR8LFjB7z87 nix-on-droid@localhost"
# Macbook key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPLIZC4A4OhpTvfoL5jeMb1Ong9CwZ/URCYZL6y4Gp7b nathan@extremophile.local"
];
}) })
]; ];
}; };