ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'master' of github.com:RingOfStorms/dotfiles

Browse source
This commit is contained in:
RingOfStorms (Joshua Bell) 2024-03-12 03:34:44 -05:00
commit 2491070e0f
9 changed files with 58 additions and 53 deletions
Download patch file Download diff file Expand all files Collapse all files

1
flake.nix
View file

@ -41,6 +41,7 @@
}; };
}; };
flakeDir = ./.; flakeDir = ./.;
publicsDir = ./publics;
secretsDir = ./secrets; secretsDir = ./secrets;
systemsDir = ./systems; systemsDir = ./systems;
usersDir = ./users; usersDir = ./users;

2
publics/nix2git.pub Normal file
View file

@ -0,0 +1,2 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAKFIuMe7qoUDI/LxhrrYmIDbH0xUwj1wm5vVulApLPV nix2github

2
readme.md
View file

@ -40,4 +40,4 @@ gif () {
ffmpeg -i $1 -filter_complex "fps=7,scale=iw:-1:flags=lanczos,split[s0][s1];[s0]palettegen=max_colors=32[p];[s1][p]paletteuse=dither=bayer" $1".gif" ffmpeg -i $1 -filter_complex "fps=7,scale=iw:-1:flags=lanczos,split[s0][s1];[s0]palettegen=max_colors=32[p];[s1][p]paletteuse=dither=bayer" $1".gif"
} }
``` ```
- - Ensure my neovim undohistory/auto saves don't save `.age` files as they can be sensitive.

4
systems/_common/configuration.nix
View file

@ -14,7 +14,7 @@ in
(/${settings.systemsDir}/${settings.system.hostname}/hardware-configuration.nix) (/${settings.systemsDir}/${settings.system.hostname}/hardware-configuration.nix)
# home manager import # home manager import
(import "${home-manager}/nixos") (import "${home-manager}/nixos")
# ./ragenix.nix ./ragenix.nix
]; ];
# Enable flakes # Enable flakes
@ -24,7 +24,7 @@ in
security.polkit.enable = true; security.polkit.enable = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.extraSpecialArgs = args; home-manager.extraSpecialArgs = { inherit settings; inherit ylib; inherit (args) ragenix; };
# ========== # ==========
# Common # Common

40
systems/_common/ragenix.nix
View file

@ -1,23 +1,29 @@
# TODO check out the by host way this person does: https://github.com/hlissner/dotfiles/blob/089f1a9da9018df9e5fc200c2d7bef70f4546026/modules/agenix.nix # TODO check out the by host way this person does: https://github.com/hlissner/dotfiles/blob/089f1a9da9018df9e5fc200c2d7bef70f4546026/modules/agenix.nix
{ settings, lib, inputs, ... }: { settings, lib, ragenix, ... }:
let let
secretsDir = "${settings.secretsDir}"; # secretsDir = "${settings.secretsDir}";
secretsFile = "${secretsDir}/secrets.nix"; # secretsFile = "${secretsDir}/secrets.nix";
in in
{ {
# imports = [ inputs.ragenix.nixosModules.age ]; imports = [ ragenix.nixosModules.age ];
environment.systemPackages = [ inputs.ragenix.defaultPackage.${settings.system.architecture} ]; environment.systemPackages = [ ragenix.packages.${settings.system.architecture}.default ];
# age = { age = {
# secrets = secrets =
# if pathExists secretsFile # if builtins.pathExists secretsFile
# then # then
# mapAttrs' # builtins.mapAttrs'
# (n: _: nameValuePair (removeSuffix ".age" n) { # (n: _: lib.nameValuePair (lib.removeSuffix ".age" n) {
# file = "${secretsDir}/${n}"; # file = "${secretsDir}/${n}";
# owner = mkDefault settings.user.username; # TODO and root? or does that matter... # owner = lib.mkDefault settings.user.username; # TODO and root? or does that matter...
# }) # })
# (import secretsFile) # (import secretsFile)
# else { }; # else { };
# }; {
test1 = {
file = /${settings.secretsDir}/test1.age;
owner = settings.user.username;
};
};
};
} }

1
users/_common/home.nix
View file

@ -8,6 +8,5 @@
imports = ylib.umport { imports = ylib.umport {
paths = [ ./programs ]; paths = [ ./programs ];
recursive = true; recursive = true;
exclude = [ ./programs/ssh/generate_ssh_key.nix ];
}; };
} }

29
users/_common/programs/ssh.nix Normal file
View file

@ -0,0 +1,29 @@
{ lib, ... } @ args:
{
# We always want a standard ssh key-pair used for secret management, create it if not there.
home.activation.generateSshKey = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
if [ ! -f $HOME/.ssh/id_ed25519 ]; then
if [ -v DRY_RUN ]; then
echo "DRY_RUN is set. Would generate SSH key for ${settings.user.username}."
else
echo "Generating SSH key for ${settings.user.username}."
mkdir -p $HOME/.ssh
chmod 700 $HOME/.ssh
${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $HOME/.ssh/id_ed25519 -N ""
fi
else
echo "SSH key already exists for ${settings.user.username}."
fi
'';
programs.ssh = {
enable = true;
matchBlocks = {
github = {
hostname = "github.com";
identityFile = age.secrets.test1.file;
};
};
};
}

15
users/_common/programs/ssh/generate_ssh_key.nix
View file

@ -1,15 +0,0 @@
{ settings, pkgs, ... }:
''
if [ ! -f $HOME/.ssh/id_ed25519 ]; then
if [ -v DRY_RUN ]; then
echo "DRY_RUN is set. Would generate SSH key for ${settings.user.username}."
else
echo "Generating SSH key for ${settings.user.username}."
mkdir -p $HOME/.ssh
chmod 700 $HOME/.ssh
${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $HOME/.ssh/id_ed25519 -N ""
fi
else
echo "SSH key already exists for ${settings.user.username}."
fi
''

17
users/_common/programs/ssh/ssh.nix
View file

@ -1,17 +0,0 @@
{ lib, ... } @ args:
{
# We always want a standard ssh key-pair used for secret management, create it if not there.
home.activation.generateSshKey = lib.hm.dag.entryAfter [ "writeBoundary" ] (import ./generate_ssh_key.nix args);
programs.ssh = {
enable = true;
matchBlocks = {
github = {
hostname = "github.com";
# TODO lEFT OFF HERE TRYING TO GET THIS TO WORK
# identityFile = age.secrets.test1.file;
};
};
};
}