From 25d2fc59a4ed3ea6169ed7f3e6f19a32da087149 Mon Sep 17 00:00:00 2001
From: = <ringofstorms@gmail.com>
Date: Tue, 12 Mar 2024 02:06:19 -0500
Subject: [PATCH] more stuff

---
 flake.nix                                     |  1 +
 publics/nix2git.pub                           |  2 +
 readme.md                                     |  2 +-
 systems/_common/configuration.nix             |  4 +-
 systems/_common/ragenix.nix                   | 40 +++++++++++--------
 users/_common/home.nix                        |  1 -
 users/_common/programs/ssh.nix                | 29 ++++++++++++++
 .../_common/programs/ssh/generate_ssh_key.nix | 15 -------
 users/_common/programs/ssh/ssh.nix            | 17 --------
 9 files changed, 58 insertions(+), 53 deletions(-)
 create mode 100644 publics/nix2git.pub
 create mode 100644 users/_common/programs/ssh.nix
 delete mode 100644 users/_common/programs/ssh/generate_ssh_key.nix
 delete mode 100644 users/_common/programs/ssh/ssh.nix

diff --git a/flake.nix b/flake.nix
index e3c40d2..344e395 100644
--- a/flake.nix
+++ b/flake.nix
@@ -41,6 +41,7 @@
           };
         };
         flakeDir = ./.;
+        publicsDir = ./publics;
         secretsDir = ./secrets;
         systemsDir = ./systems;
         usersDir = ./users;
diff --git a/publics/nix2git.pub b/publics/nix2git.pub
new file mode 100644
index 0000000..e665e98
--- /dev/null
+++ b/publics/nix2git.pub
@@ -0,0 +1,2 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAKFIuMe7qoUDI/LxhrrYmIDbH0xUwj1wm5vVulApLPV nix2github
+
diff --git a/readme.md b/readme.md
index 1a75da0..9884ef5 100644
--- a/readme.md
+++ b/readme.md
@@ -40,4 +40,4 @@ gif () {
   ffmpeg -i $1 -filter_complex "fps=7,scale=iw:-1:flags=lanczos,split[s0][s1];[s0]palettegen=max_colors=32[p];[s1][p]paletteuse=dither=bayer" $1".gif"
 }
 ```
-- 
+- Ensure my neovim undohistory/auto saves don't save `.age` files as they can be sensitive.
diff --git a/systems/_common/configuration.nix b/systems/_common/configuration.nix
index caff93f..3882b63 100644
--- a/systems/_common/configuration.nix
+++ b/systems/_common/configuration.nix
@@ -14,7 +14,7 @@ in
       (/${settings.systemsDir}/${settings.system.hostname}/hardware-configuration.nix)
       # home manager import
       (import "${home-manager}/nixos")
-      # ./ragenix.nix
+      ./ragenix.nix
     ];
 
   # Enable flakes
@@ -24,7 +24,7 @@ in
   security.polkit.enable = true;
   home-manager.useUserPackages = true;
   home-manager.useGlobalPkgs = true;
-  home-manager.extraSpecialArgs = args;
+  home-manager.extraSpecialArgs = { inherit settings; inherit ylib; inherit (args) ragenix; };
 
   # ==========
   #   Common
diff --git a/systems/_common/ragenix.nix b/systems/_common/ragenix.nix
index 2e4279e..62f7271 100644
--- a/systems/_common/ragenix.nix
+++ b/systems/_common/ragenix.nix
@@ -1,23 +1,29 @@
 # TODO check out the by host way this person does: https://github.com/hlissner/dotfiles/blob/089f1a9da9018df9e5fc200c2d7bef70f4546026/modules/agenix.nix
-{ settings, lib, inputs, ... }:
+{ settings, lib, ragenix, ... }:
 let
-  secretsDir = "${settings.secretsDir}";
-  secretsFile = "${secretsDir}/secrets.nix";
+  # secretsDir = "${settings.secretsDir}";
+  # secretsFile = "${secretsDir}/secrets.nix";
 in
 {
-  # imports = [ inputs.ragenix.nixosModules.age ];
-  environment.systemPackages = [ inputs.ragenix.defaultPackage.${settings.system.architecture} ];
+  imports = [ ragenix.nixosModules.age ];
+  environment.systemPackages = [ ragenix.packages.${settings.system.architecture}.default ];
 
-  # age = {
-  #   secrets =
-  #     if pathExists secretsFile
-  #     then
-  #       mapAttrs'
-  #         (n: _: nameValuePair (removeSuffix ".age" n) {
-  #           file = "${secretsDir}/${n}";
-  #           owner = mkDefault settings.user.username; # TODO and root? or does that matter...
-  #         })
-  #         (import secretsFile)
-  #     else { };
-  # };
+  age = {
+    secrets =
+      # if builtins.pathExists secretsFile
+      # then
+      #   builtins.mapAttrs'
+      #     (n: _: lib.nameValuePair (lib.removeSuffix ".age" n) {
+      #       file = "${secretsDir}/${n}";
+      #       owner = lib.mkDefault settings.user.username; # TODO and root? or does that matter...
+      #     })
+      #     (import secretsFile)
+      # else { };
+      {
+        test1 = {
+          file = /${settings.secretsDir}/test1.age;
+          owner = settings.user.username;
+        };
+      };
+  };
 }
diff --git a/users/_common/home.nix b/users/_common/home.nix
index 052a856..b7cd79a 100644
--- a/users/_common/home.nix
+++ b/users/_common/home.nix
@@ -8,6 +8,5 @@
   imports = ylib.umport {
     paths = [ ./programs ];
     recursive = true;
-    exclude = [ ./programs/ssh/generate_ssh_key.nix ];
   };
 }
diff --git a/users/_common/programs/ssh.nix b/users/_common/programs/ssh.nix
new file mode 100644
index 0000000..19a4f1e
--- /dev/null
+++ b/users/_common/programs/ssh.nix
@@ -0,0 +1,29 @@
+{ lib, ... } @ args:
+{
+  # We always want a standard ssh key-pair used for secret management, create it if not there.
+  home.activation.generateSshKey = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
+    if [ ! -f $HOME/.ssh/id_ed25519 ]; then
+      if [ -v DRY_RUN ]; then
+        echo "DRY_RUN is set. Would generate SSH key for ${settings.user.username}."
+      else
+        echo "Generating SSH key for ${settings.user.username}."
+        mkdir -p $HOME/.ssh
+        chmod 700 $HOME/.ssh
+        ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $HOME/.ssh/id_ed25519 -N ""
+      fi
+    else
+      echo "SSH key already exists for ${settings.user.username}."
+    fi
+  '';
+
+  programs.ssh = {
+    enable = true;
+    matchBlocks = {
+      github = {
+        hostname = "github.com";
+        identityFile = age.secrets.test1.file;
+      };
+    };
+  };
+}
+
diff --git a/users/_common/programs/ssh/generate_ssh_key.nix b/users/_common/programs/ssh/generate_ssh_key.nix
deleted file mode 100644
index 77bf46d..0000000
--- a/users/_common/programs/ssh/generate_ssh_key.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ settings, pkgs, ... }:
-''
-  if [ ! -f $HOME/.ssh/id_ed25519 ]; then
-    if [ -v DRY_RUN ]; then
-      echo "DRY_RUN is set. Would generate SSH key for ${settings.user.username}."
-    else
-      echo "Generating SSH key for ${settings.user.username}."
-      mkdir -p $HOME/.ssh
-      chmod 700 $HOME/.ssh
-      ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $HOME/.ssh/id_ed25519 -N ""
-    fi
-  else
-    echo "SSH key already exists for ${settings.user.username}."
-  fi
-''
diff --git a/users/_common/programs/ssh/ssh.nix b/users/_common/programs/ssh/ssh.nix
deleted file mode 100644
index 7386e02..0000000
--- a/users/_common/programs/ssh/ssh.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ lib, ... } @ args:
-{
-  # We always want a standard ssh key-pair used for secret management, create it if not there.
-  home.activation.generateSshKey = lib.hm.dag.entryAfter [ "writeBoundary" ] (import ./generate_ssh_key.nix args);
-
-  programs.ssh = {
-    enable = true;
-    matchBlocks = {
-      github = {
-        hostname = "github.com";
-        # TODO lEFT OFF HERE TRYING TO GET THIS TO WORK
-        # identityFile = age.secrets.test1.file;
-      };
-    };
-  };
-}
-