From 490f562d85ebeeb19ea1882ed53d8ba7982e96d1 Mon Sep 17 00:00:00 2001 From: Matei Adriel Date: Tue, 10 Jan 2023 20:39:33 +0100 Subject: [PATCH] A bunch of stuff, including commit signing! --- flake.lock | 21 ++++++++++++++++ flake.nix | 4 ++++ home/adrielus/features/cli/default.nix | 2 +- home/adrielus/features/cli/git.nix | 24 ++++++++++++------- home/adrielus/features/cli/tmux/default.nix | 2 +- .../desktop/common/wakatime/default.nix | 14 ++++++----- home/adrielus/features/neovim/default.nix | 6 ++--- home/adrielus/global/default.nix | 6 ++++- hosts/nixos/common/users/adrielus.nix | 13 ++++++++++ hosts/nixos/tethys/id_ed25519.pub | 1 + hosts/nixos/tethys/ssh_host_ed25519_key.pub | 2 +- hosts/nixos/tethys/ssh_host_rsa_key.pub | 1 + secrets.nix | 8 +++---- 13 files changed, 78 insertions(+), 26 deletions(-) create mode 100644 hosts/nixos/tethys/id_ed25519.pub create mode 100644 hosts/nixos/tethys/ssh_host_rsa_key.pub diff --git a/flake.lock b/flake.lock index c7fe661..43d5140 100644 --- a/flake.lock +++ b/flake.lock @@ -108,6 +108,26 @@ "type": "github" } }, + "homeage": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1669234151, + "narHash": "sha256-TwT87E3m2TZLgwYJESlype14HxUOrRGojPM5C2akrMg=", + "owner": "jordanisaacs", + "repo": "homeage", + "rev": "02bfe4ca06962d222e522fff0240c93946b20278", + "type": "github" + }, + "original": { + "owner": "jordanisaacs", + "repo": "homeage", + "type": "github" + } + }, "impermanence": { "locked": { "lastModified": 1668668915, @@ -191,6 +211,7 @@ "base16": "base16", "catppuccin-base16": "catppuccin-base16", "home-manager": "home-manager", + "homeage": "homeage", "impermanence": "impermanence", "neovim-nightly-overlay": "neovim-nightly-overlay", "nixpkgs": "nixpkgs" diff --git a/flake.nix b/flake.nix index 2e63ec5..4720160 100644 --- a/flake.nix +++ b/flake.nix @@ -13,6 +13,10 @@ agenix.url = "github:ryantm/agenix"; agenix.inputs.nixpkgs.follows = "nixpkgs"; +# Homeage + homeage.url = "github:jordanisaacs/homeage"; + homeage.inputs.nixpkgs.follows = "nixpkgs"; + # Base16-nix base16.url = github:SenchoPens/base16.nix; base16.inputs.nixpkgs.follows = "nixpkgs"; diff --git a/home/adrielus/features/cli/default.nix b/home/adrielus/features/cli/default.nix index 302ba3d..9a6361e 100644 --- a/home/adrielus/features/cli/default.nix +++ b/home/adrielus/features/cli/default.nix @@ -1,5 +1,5 @@ { pkgs, ... }: { - imports = [ ./bat.nix ./git.nix ./ssh.nix ./fish.nix ./tmux ./starship.nix ]; + imports = [ ./bat.nix ./ssh.nix ./fish.nix ./tmux ./git.nix ./starship.nix ]; # Enable bash programs.bash.enable = true; diff --git a/home/adrielus/features/cli/git.nix b/home/adrielus/features/cli/git.nix index 33c6885..bda7678 100644 --- a/home/adrielus/features/cli/git.nix +++ b/home/adrielus/features/cli/git.nix @@ -1,11 +1,9 @@ -{ pkgs, ... }: { +{ pkgs, config, ... }: { programs.git = { enable = true; package = pkgs.gitFull; - aliases = { - graph = "log --decorate --oneline --graph"; - }; + aliases.graph = "log --decorate --oneline --graph"; userName = "Matei Adriel"; userEmail = "rafaeladriel11@gmail.com"; @@ -15,12 +13,20 @@ hub.protocol = "ssh"; core.editor = "nvim"; rebase.autoStash = true; + + # Sign commits using ssh + gpg.format = "ssh"; + user.signingkey = "~/.ssh/id_ed25519.pub"; + + # Sign everythin gby default + commit.gpgsign = true; + tag.gpgsign = true; }; }; - home.packages = with pkgs; [ - # Two github clis - gh - hub - ]; + # Github cli + programs.gh = { + enable = true; + settings.git_protocol = "ssh"; + }; } diff --git a/home/adrielus/features/cli/tmux/default.nix b/home/adrielus/features/cli/tmux/default.nix index d9018dc..82ab711 100644 --- a/home/adrielus/features/cli/tmux/default.nix +++ b/home/adrielus/features/cli/tmux/default.nix @@ -1,5 +1,5 @@ { pkgs, config, ... }: -let base17-tmux = pkgs.fetchFromGitHub { +let base16-tmux = pkgs.fetchFromGitHub { owner = "tinted-theming"; repo = "base16-tmux"; sha256 = "1p6czpd9f0sbibdsph1hdw4ljp6zzjij2159bks16wbfbg3p1hhx"; diff --git a/home/adrielus/features/desktop/common/wakatime/default.nix b/home/adrielus/features/desktop/common/wakatime/default.nix index 17c0fc5..a1d676c 100644 --- a/home/adrielus/features/desktop/common/wakatime/default.nix +++ b/home/adrielus/features/desktop/common/wakatime/default.nix @@ -1,8 +1,10 @@ -{ pkgs, ... }: { - age.secrets.wakatime.file = ./wakatime_config.age; - - home = { - file.".wakatime.cfg".source = config.age.secrets.wakatime.path; - packages = with pkgs; [ wakatime ]; +{ pkgs, config, ... }: { + homeage.file.wakatime = { + source = ./wakatime_config.age; + symlinks = [ + "${config.home.homeDirectory}/.wakatime.cfg" + ]; }; + + home.packages = with pkgs; [ wakatime ]; } diff --git a/home/adrielus/features/neovim/default.nix b/home/adrielus/features/neovim/default.nix index 61d9617..405b907 100644 --- a/home/adrielus/features/neovim/default.nix +++ b/home/adrielus/features/neovim/default.nix @@ -39,11 +39,11 @@ let ]; in let - simlink = config.lib.file.mkOutOfStoreSymlink; + symlink = config.lib.file.mkOutOfStoreSymlink; extraRuntime = [ (if devMode - then simlink "${paths.dotfiles}/vscode-snippets" + then symlink "${paths.dotfiles}/vscode-snippets" else ../../../../dotfiles/vscode-snippets) ]; @@ -79,7 +79,7 @@ in home.file.".config/nvim".source = if devMode then - simlink "${paths.dotfiles}/neovim" else + symlink "${paths.dotfiles}/neovim" else ../../../../dotfiles/neovim; home.packages = [ diff --git a/home/adrielus/global/default.nix b/home/adrielus/global/default.nix index 3e7e66b..08ea537 100644 --- a/home/adrielus/global/default.nix +++ b/home/adrielus/global/default.nix @@ -3,6 +3,7 @@ let # Extra modules to import imports = [ inputs.base16.homeManagerModule + inputs.homeage.homeManagerModules.homeage # inputs.impermanence.nixosModules.home-manager.impermanence ../features/cli @@ -16,7 +17,7 @@ let in { # Import all modules defined in modules/home-manager - moduleImports = builtins.attrValues outputs.homeManagerModules ++ imports; + imports = builtins.attrValues outputs.homeManagerModules ++ imports; nixpkgs = { # Add all overlays defined in the overlays directory @@ -47,4 +48,7 @@ in homeDirectory = lib.mkDefault "/home/${config.home.username}"; stateVersion = lib.mkDefault "22.11"; }; + + # Where homeage should look for our ssh key + homeage.identityPaths = [ "~/.ssh/id_ed25519" ]; } diff --git a/hosts/nixos/common/users/adrielus.nix b/hosts/nixos/common/users/adrielus.nix index 60eb983..7d56c32 100644 --- a/hosts/nixos/common/users/adrielus.nix +++ b/hosts/nixos/common/users/adrielus.nix @@ -1,4 +1,11 @@ { pkgs, config, ... }: +let + # Record containing all the hosts + hosts = outputs.nixosConfigurations; + + # Function from hostname to relative path to public ssh key + idKey = host: ../../${host}/id_ed25519.pub; +in { # Password file stored through agenix age.secrets.adrielusPassword.file = ./adrielus_password.age; @@ -31,5 +38,11 @@ # Adds me to some default groups, and creates the home dir isNormalUser = true; }; + + openssh.authorizedKeys.keyFiles = + builtins.attrValues # attrsetof path -> path[] + (builtins.mapAttrs # ... -> attrsetof host -> attrsetof path + (name: _: idKey name) # string -> host -> path + hosts); }; } diff --git a/hosts/nixos/tethys/id_ed25519.pub b/hosts/nixos/tethys/id_ed25519.pub new file mode 100644 index 0000000..fcb8d99 --- /dev/null +++ b/hosts/nixos/tethys/id_ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINmdOiG0elKHvJ5yoUMd8I5qQdygvjdq45bxv65K230G tethys diff --git a/hosts/nixos/tethys/ssh_host_ed25519_key.pub b/hosts/nixos/tethys/ssh_host_ed25519_key.pub index fcb8d99..f25cf48 100644 --- a/hosts/nixos/tethys/ssh_host_ed25519_key.pub +++ b/hosts/nixos/tethys/ssh_host_ed25519_key.pub @@ -1 +1 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINmdOiG0elKHvJ5yoUMd8I5qQdygvjdq45bxv65K230G tethys +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZYc7pDnaqiDnt5sDtlYHmmdhEXut3bxi28cgr2mguE root@nixos diff --git a/hosts/nixos/tethys/ssh_host_rsa_key.pub b/hosts/nixos/tethys/ssh_host_rsa_key.pub new file mode 100644 index 0000000..4deac8a --- /dev/null +++ b/hosts/nixos/tethys/ssh_host_rsa_key.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCvOM9q+uCw2GDDPggk5PR8oUcfb7WqVIp9No2dVbOppRfjnY+NBHMDPBL1VYT+lKZ6Q8bsdXdmued3Cz0mzCR7vQkV7eRu6O0363iZAhVdWvvfgSug+QPgYWYE5FnwH4LUgBzz2+rLXOAPWA7bcFQIlMtrAnAKW2DymYcJyYDSCy/FFL+twfgilUwy26X2JikvCSO6H8yLFqhhLUKGrCLJ0XyZgQw4BjrgPp68FzYNfHUZ1RcKzBi/OTLKpHp40tFyup9N6F6LL74miEpv9Yfx2xrtnTei+sz+PCceJwJidurc/yPMdtT4UFgKyJrWGFkIymY6q0q8nOg6KNR+DnzVDfTJfzDrBFgTwiJh3sUorlzMyw+FAqRiCMvU8qfHoKYJQb5wfSbfWfxhaRX9pa6aeJt83b8fQjbjbJiNrGp0zNp+ASvaT3R4zteQBWLMyHPxCONDepH1Yl3sjnm/+EIblVWryzhsRSCq/AEsyblR+dHDxMx56ob0LGfxKBzDN70W/vbXviOZVwXalw4GHjuD9bTh1CmBacfOtoOwbP55eVzW7EF22LUg1IqYYVKcPnqoAcIi5BJFZVtHWRTG9aZPNplsNPiF8QrPpKnpjfqTQmNdNuWSrBD81HGsm0aafjSAoxpl1K+bzvJxeBPOIJ40SGCH/jHWcmWk/At5D0Ne/w== root@nixos diff --git a/secrets.nix b/secrets.nix index d56d0dd..7265c14 100644 --- a/secrets.nix +++ b/secrets.nix @@ -1,8 +1,8 @@ let - tethys = builtins.readFile ./hosts/nixos/tethys/ssh_host_ed25519_key.pub; + adrielus = builtins.readFile ./hosts/nixos/tethys/id_ed25519.pub; in { - "./hosts/nixos/common/global/wireless/wifi_passwords.age".publicKeys = [ tethys ]; - "./hosts/nixos/common/users/adrielus_password.age".publicKeys = [ tethys ]; - "./home/adrielus/features/desktop/common/wakatime/wakatime_config.age".publicKeys = [ tethys ]; + "./hosts/nixos/common/global/wireless/wifi_passwords.age".publicKeys = [ adrielus ]; + "./hosts/nixos/common/users/adrielus_password.age".publicKeys = [ adrielus ]; + "./home/adrielus/features/desktop/common/wakatime/wakatime_config.age".publicKeys = [ adrielus ]; }