more stuff

2024-03-12 02:06:19 -05:00 · 2024-03-12 02:06:19 -05:00 · 25d2fc59a4
commit 25d2fc59a4
parent 16da7ed48b
9 changed files with 58 additions and 53 deletions
--- a/flake.nix
+++ b/flake.nix
@ -41,6 +41,7 @@
          };
        };
        flakeDir = ./.;
+        publicsDir = ./publics;
        secretsDir = ./secrets;
        systemsDir = ./systems;
        usersDir = ./users;
--- a/publics/nix2git.pub
+++ b/publics/nix2git.pub
@ -0,0 +1,2 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAKFIuMe7qoUDI/LxhrrYmIDbH0xUwj1wm5vVulApLPV nix2github
+
--- a/readme.md
+++ b/readme.md
@ -40,4 +40,4 @@ gif () {
  ffmpeg -i $1 -filter_complex "fps=7,scale=iw:-1:flags=lanczos,split[s0][s1];[s0]palettegen=max_colors=32[p];[s1][p]paletteuse=dither=bayer" $1".gif"
 }
 ```
- 
+- Ensure my neovim undohistory/auto saves don't save `.age` files as they can be sensitive.
--- a/systems/_common/configuration.nix
+++ b/systems/_common/configuration.nix
@ -14,7 +14,7 @@ in
      (/${settings.systemsDir}/${settings.system.hostname}/hardware-configuration.nix)
      # home manager import
      (import "${home-manager}/nixos")
-      # ./ragenix.nix
+      ./ragenix.nix
    ];

  # Enable flakes
@ -24,7 +24,7 @@ in
  security.polkit.enable = true;
  home-manager.useUserPackages = true;
  home-manager.useGlobalPkgs = true;
-  home-manager.extraSpecialArgs = args;
+  home-manager.extraSpecialArgs = { inherit settings; inherit ylib; inherit (args) ragenix; };

  # ==========
  #   Common
--- a/systems/_common/ragenix.nix
+++ b/systems/_common/ragenix.nix
@ -1,23 +1,29 @@
 # TODO check out the by host way this person does: https://github.com/hlissner/dotfiles/blob/089f1a9da9018df9e5fc200c2d7bef70f4546026/modules/agenix.nix
-{ settings, lib, inputs, ... }:
+{ settings, lib, ragenix, ... }:
 let
-  secretsDir = "${settings.secretsDir}";
-  secretsFile = "${secretsDir}/secrets.nix";
+  # secretsDir = "${settings.secretsDir}";
+  # secretsFile = "${secretsDir}/secrets.nix";
 in
 {
-  # imports = [ inputs.ragenix.nixosModules.age ];
-  environment.systemPackages = [ inputs.ragenix.defaultPackage.${settings.system.architecture} ];
+  imports = [ ragenix.nixosModules.age ];
+  environment.systemPackages = [ ragenix.packages.${settings.system.architecture}.default ];

-  # age = {
-  #   secrets =
-  #     if pathExists secretsFile
+  age = {
+    secrets =
+      # if builtins.pathExists secretsFile
      # then
-  #       mapAttrs'
-  #         (n: _: nameValuePair (removeSuffix ".age" n) {
+      #   builtins.mapAttrs'
+      #     (n: _: lib.nameValuePair (lib.removeSuffix ".age" n) {
      #       file = "${secretsDir}/${n}";
-  #           owner = mkDefault settings.user.username; # TODO and root? or does that matter...
+      #       owner = lib.mkDefault settings.user.username; # TODO and root? or does that matter...
      #     })
      #     (import secretsFile)
      # else { };
-  # };
+      {
+        test1 = {
+          file = /${settings.secretsDir}/test1.age;
+          owner = settings.user.username;
+        };
+      };
+  };
 }
--- a/users/_common/home.nix
+++ b/users/_common/home.nix
@ -8,6 +8,5 @@
  imports = ylib.umport {
    paths = [ ./programs ];
    recursive = true;
-    exclude = [ ./programs/ssh/generate_ssh_key.nix ];
  };
 }
--- a/users/_common/programs/ssh.nix
+++ b/users/_common/programs/ssh.nix
@ -0,0 +1,29 @@
+{ lib, ... } @ args:
+{
+  # We always want a standard ssh key-pair used for secret management, create it if not there.
+  home.activation.generateSshKey = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
+    if [ ! -f $HOME/.ssh/id_ed25519 ]; then
+      if [ -v DRY_RUN ]; then
+        echo "DRY_RUN is set. Would generate SSH key for ${settings.user.username}."
+      else
+        echo "Generating SSH key for ${settings.user.username}."
+        mkdir -p $HOME/.ssh
+        chmod 700 $HOME/.ssh
+        ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $HOME/.ssh/id_ed25519 -N ""
+      fi
+    else
+      echo "SSH key already exists for ${settings.user.username}."
+    fi
+  '';
+
+  programs.ssh = {
+    enable = true;
+    matchBlocks = {
+      github = {
+        hostname = "github.com";
+        identityFile = age.secrets.test1.file;
+      };
+    };
+  };
+}
+
--- a/users/_common/programs/ssh/generate_ssh_key.nix
+++ b/users/_common/programs/ssh/generate_ssh_key.nix
@ -1,15 +0,0 @@
-{ settings, pkgs, ... }:
-''
-  if [ ! -f $HOME/.ssh/id_ed25519 ]; then
-    if [ -v DRY_RUN ]; then
-      echo "DRY_RUN is set. Would generate SSH key for ${settings.user.username}."
-    else
-      echo "Generating SSH key for ${settings.user.username}."
-      mkdir -p $HOME/.ssh
-      chmod 700 $HOME/.ssh
-      ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $HOME/.ssh/id_ed25519 -N ""
-    fi
-  else
-    echo "SSH key already exists for ${settings.user.username}."
-  fi
-''
--- a/users/_common/programs/ssh/ssh.nix
+++ b/users/_common/programs/ssh/ssh.nix
@ -1,17 +0,0 @@
-{ lib, ... } @ args:
-{
-  # We always want a standard ssh key-pair used for secret management, create it if not there.
-  home.activation.generateSshKey = lib.hm.dag.entryAfter [ "writeBoundary" ] (import ./generate_ssh_key.nix args);
-
-  programs.ssh = {
-    enable = true;
-    matchBlocks = {
-      github = {
-        hostname = "github.com";
-        # TODO lEFT OFF HERE TRYING TO GET THIS TO WORK
-        # identityFile = age.secrets.test1.file;
-      };
-    };
-  };
-}
-
				`@ -0,0 +1,2 @@`
				`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAKFIuMe7qoUDI/LxhrrYmIDbH0xUwj1wm5vVulApLPV nix2github`