diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..b7a8695 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,7 @@ +keys: + - &primary ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID1RPCcS8DtIf75a2FEW4d8X6WTVeLlmretoLqppvZlJ openpgp:0xC317996E +creation_rules: + - path_regex: secrets/secrets.yaml$ + key_groups: + - age: + - *primary diff --git a/configuration.nix b/configuration.nix index 2ac37a0..f637c4e 100755 --- a/configuration.nix +++ b/configuration.nix @@ -13,6 +13,8 @@ in ./system-modules/networking.nix ./system-modules/virtualisation.nix ./system-modules/sshd.nix + ./system-modules/gpg.nix + ./system-modules/sops.nix # ./system-modules/syncthing.nix ./system-modules/hsmw.nix ./system-modules/docker.nix diff --git a/flake.nix b/flake.nix index 3b3cb54..6d6e4c1 100755 --- a/flake.nix +++ b/flake.nix @@ -91,14 +91,15 @@ let dark = (-0.3); bright = (0.5); - alter = let f = rice.lib.alter-luminace-hex; in color-name: color-value: { base = color-value; dark = f color-value dark; bright = f color-value bright; }; - ccolor = builtins.mapAttrs alter { + alter-set = let f = rice.lib.alter-luminace-hex; in color-name: color-value: { base = color-value; dark = f color-value dark; bright = f color-value bright; }; + alter = let f = rice.lib.alter-luminace-hex; in color-value: { base = color-value; dark = f color-value dark; bright = f color-value bright; }; + ccolor = builtins.mapAttrs alter-set { black = "#000022"; # "#111111" "#001100"; white = "#ddddff"; # "#dddddd" "#66dd66"; - blue = "#6611dd"; # "#3333dd" "#003300"; + blue = "#4422ff"; # "#3333dd" "#003300"; cyan = "#11dddd"; # "#11dddd" "#00dd55"; - green = "#11dd11"; # "#11dd11" "#11dd11"; - magenta = "#dd00dd"; # "#dd11dd" "#005500"; + green = "#11dd99"; # "#11dd11" "#11dd11"; + magenta = "#6622dd"; # "#dd11dd" "#005500"; red = "#dd1166"; # "#dd1111" "#00aa00"; yellow = "#dd6611"; # "#dddd11" "#ffff00"; }; @@ -107,9 +108,13 @@ foreground = white.base; border = cyan.base; border2 = blue.base; - accent = cyan; - secondary = magenta; - tertiary = blue; + accent = blue; + secondary = cyan; + tertiary = magenta; + special = yellow; + weird = green; + positive = alter "#00dd00"; + negative = alter "#dd0000"; }; in ccolor // xcolor; font = { diff --git a/home-modules/fish.nix b/home-modules/fish.nix index 18a4271..0a02e87 100755 --- a/home-modules/fish.nix +++ b/home-modules/fish.nix @@ -38,58 +38,106 @@ lib.mkIf (user != "tv") # bash>>fish is set in users system module programs.fish = { - enable = true; - shellAliases = { - ls = "eza --icons --git --smart-group --group-directories-first"; - ll = "eza --icons --git --smart-group --group-directories-first --long"; - la = "eza --icons --git --smart-group --group-directories-first --all"; - lla = "eza --icons --git --smart-group --group-directories-first --all --long"; - lt = "eza --icons --git --smart-group --group-directories-first --long --tree"; - ltd = "eza --icons --git --smart-group --group-directories-first --long --tree -D"; - lt2 = "eza --icons --git --smart-group --group-directories-first --long --tree -L 2"; - sr = "sudo reboot"; - nf = "neofetch"; - nxf = "nxfetch"; - nn = "nano"; - m = "micro"; - p = "python"; - ipy = "ipython"; - c = "codium"; - g = "git"; - # gst = "git status"; - gps = "git push"; - gpl = "git pull"; - gad = "git add"; - gcm = "git commit -m "; - gmr = "git merge"; - gin = "git init"; - gdf = "git diff"; - grs = "git reset"; - grh = "git reset --hard"; - gch = "git checkout"; - gsh = "git stash"; - gsp = "git stash pop"; - glg = "git log --graph --abbrev-commit --decorate --format=format:'%C(bold blue)%h%C(reset) - %C(bold green)(%ar)%C(reset) %C(white)%s%C(reset) %C(dim white)- %an%C(reset)%C(auto)%d%C(reset)' --all"; - gll = "git log --graph --abbrev-commit --decorate --format=format:'%C(bold blue)%h%C(reset) - %C(bold cyan)%aD%C(reset) %C(bold green)(%ar)%C(reset)%C(auto)%d%C(reset)%n'' %C(white)%s%C(reset) %C(dim white)- %an%C(reset)'"; - gmt = "git_monitor"; - gsw = "git switch"; - gft = "git fetch"; - ns = "nix-shell"; - lzd = "lazydocker"; - d = "docker"; - dcmp = "docker compose"; + enable = true; + shellAliases = { + ls = "eza --icons --git --smart-group --group-directories-first"; + ll = "eza --icons --git --smart-group --group-directories-first --long"; + la = "eza --icons --git --smart-group --group-directories-first --all"; + lla = "eza --icons --git --smart-group --group-directories-first --all --long"; + lt = "eza --icons --git --smart-group --group-directories-first --long --tree"; + ltd = "eza --icons --git --smart-group --group-directories-first --long --tree -D"; + lt2 = "eza --icons --git --smart-group --group-directories-first --long --tree -L 2"; + sr = "sudo reboot"; + nf = "neofetch"; + nxf = "nxfetch"; + nn = "nano"; + m = "micro"; + p = "python"; + ipy = "ipython"; + c = "codium"; + g = "git"; + # gst = "git status"; + gps = "git push"; + gpl = "git pull"; + gad = "git add"; + gcm = "git commit -m "; + gmr = "git merge"; + gin = "git init"; + gdf = "git diff"; + grs = "git reset"; + grh = "git reset --hard"; + gch = "git checkout"; + gsh = "git stash"; + gsp = "git stash pop"; + glg = "git log --graph --abbrev-commit --decorate --format=format:'%C(bold blue)%h%C(reset) - %C(bold green)(%ar)%C(reset) %C(white)%s%C(reset) %C(dim white)- %an%C(reset)%C(auto)%d%C(reset)' --all"; + gll = "git log --graph --abbrev-commit --decorate --format=format:'%C(bold blue)%h%C(reset) - %C(bold cyan)%aD%C(reset) %C(bold green)(%ar)%C(reset)%C(auto)%d%C(reset)%n'' %C(white)%s%C(reset) %C(dim white)- %an%C(reset)'"; + gmt = "git_monitor"; + gsw = "git switch"; + gft = "git fetch"; + ns = "nix-shell"; + lzd = "lazydocker"; + d = "docker"; + dcmp = "docker compose"; - code = "codium"; - # ya = "yazi"; # function - # nxfiglet = "figlet"; - }; - interactiveShellInit = '' - set -g fish_greeting - if not set -q IN_NIX_SHELL - nxfetch - end - ${pkgs.starship}/bin/starship init fish | source - # ${pkgs.any-nix-shell}/bin/any-nix-shell fish --info-right | source - ''; - }; + code = "codium"; + # ya = "yazi"; # function + # nxfiglet = "figlet"; + }; + interactiveShellInit = '' + set -g fish_greeting + if not set -q IN_NIX_SHELL + nxfetch + end + ${pkgs.starship}/bin/starship init fish | source + # ${pkgs.any-nix-shell}/bin/any-nix-shell fish --info-right | source + ''; + functions = { + # gpg = ''; + # set bold \e[1m + # set green \e[32m + # set blue \e[34m + # set yellow \e[33m + # set cyan \e[36m + # set purple \e[35m + # set reset \e[0m + + # if string match -r -- "--list-(secret|public)?-?keys?" "$argv" + # set output (command gpg $argv) + + # if test -z "$output" + # return $status + # end + + # echo "$output" | sed -e 's/(Key fingerprint =)/'$yellow'\1'$reset'/g' \ + # -e 's/(.*\.kbx)/'$yellow'Keyring: \1'$reset'/g' \ + # -e 's/^uid[[:blank:]]+/uid /g' \ + # -e 's/(^uid.*\] )(.*)/\1'$green'\2'$reset'/g' \ + # -e 's/(\[.*\])/'$cyan'\1'$reset'/g' \ + # -e 's/(^pub|^sec)/'$bold$green'\1'$reset'/g' \ + # -e 's/(^sub|^ssb|^uid)/'$bold'\1'$reset'/g' \ + # -e 's/(\[expires: )([0-9]{4}-[0-9]{2}-[0-9]{2})(\].*)/'$cyan'\1'$blue'\2'$cyan'\3'$reset'/g' \ + # -e 's/([0-9]{4}-[0-9]{2}-[0-9]{2})/'$blue'\1'$reset'/g' \ + # -e 's/^$/------------------------------------------/g' \ + # -e 's| ([[:alnum:]]*)/| '$purple'\1'$reset'/|g' \ + # -e 's|'$HOME'|~|g' + + # # Print info footer + # set info_footer "------------------------------------------\n" + # set info_footer $info_footer $cyan"E"$reset"=encryption, " + # set info_footer $info_footer $cyan"S"$reset"=signing, " + # set info_footer $info_footer $cyan"C"$reset"=certification, " + # set info_footer $info_footer $cyan"A"$reset"=authentication\n" + # set info_footer $info_footer $green$bold"pub"$reset"=public primary key, " + # set info_footer $info_footer $bold"sub"$reset"=public subkey,\n" + # set info_footer $info_footer $green$bold"sec"$reset"=secret primary key, " + # set info_footer $info_footer $bold"ssb"$reset"=secret subkey,\n" + # set info_footer $info_footer $bold"uid"$reset"=user ID, "$purple"algorithm"$reset"/"$bold"key-ID"$reset + + # echo -e $info_footer + # else + # command gpg $argv + # end + # ''; + }; + }; } diff --git a/home-modules/gpg.nix b/home-modules/gpg.nix new file mode 100644 index 0000000..46647d1 --- /dev/null +++ b/home-modules/gpg.nix @@ -0,0 +1,60 @@ +{ pkgs, ... }: +{ + # there also is a system module + home.packages = with pkgs; [ + gnupg + gpg-tui + ]; + + services.gpg-agent = { + enable = true; + verbose = true; + sshKeys = [ + "97081264F7FD72D890D496E839AA9A4C7892A7D8" # [A] Sub Key from Master Key + ]; + enableSshSupport = true; + enableFishIntegration = true; + }; + + home.file.".gnupg/gpg.conf".text = '' + # Use AES256, 192, or 128 as cipher + personal-cipher-preferences AES256 AES192 AES + # Use SHA512, 384, or 256 as digest + personal-digest-preferences SHA512 SHA384 SHA256 + # Use ZLIB, BZIP2, ZIP, or no compression + personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed + # Default preferences for new keys + default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed + # SHA512 as digest to sign keys + cert-digest-algo SHA512 + # SHA512 as digest for symmetric ops + s2k-digest-algo SHA512 + # AES256 as cipher for symmetric ops + s2k-cipher-algo AES256 + # UTF-8 support for compatibility + charset utf-8 + # No comments in messages + no-comments + # No version in output + no-emit-version + # Disable banner + no-greeting + # Long key id format + keyid-format 0xlong + # Display UID validity + list-options show-uid-validity + verify-options show-uid-validity + # Display all keys and their fingerprints + with-fingerprint + # Display key origins and updates + #with-key-origin + # Cross-certify subkeys are present and valid + require-cross-certification + # Disable caching of passphrase for symmetrical ops + no-symkey-cache + # Output ASCII instead of binary + armor + # Enable smartcard + # use-agent + ''; +} diff --git a/home-modules/helix.nix b/home-modules/helix.nix index 3beff24..7c46824 100644 --- a/home-modules/helix.nix +++ b/home-modules/helix.nix @@ -65,25 +65,25 @@ "modifiers" = [ "italic" ]; }; "constant" = accent.bright; - "constant.character.escape" = foreground; + "constant.character.escape" = special.bright; "constant.numeric" = foreground; - "constructor" = foreground; + "constructor" = blue.dark; "debug" = yellow.base; "diagnostic.modifiers" = [ "underlined" ]; "diff.delta" = blue.bright; - "diff.minus" = red.bright; - "diff.plus" = green.bright; + "diff.minus" = negative.bright; + "diff.plus" = positive.bright; "error" = red.base; - "function" = foreground; - "hint" = foreground; + "function" = secondary.bright; + "hint" = tertiary.bright; "info" = foreground; - "keyword" = foreground; + "keyword" = secondary.base; "label" = foreground; - "namespace" = foreground; + "namespace" = weird.bright; "operator" = foreground; - "special" = foreground; + "special" = special.base; "string" = secondary.bright; - "type" = foreground; + "type" = red.dark; "variable" = accent.base; "variableother.member" = foreground; "warning" = red.base; diff --git a/home-modules/vscode.nix b/home-modules/vscode.nix index 26742b9..80e2c8a 100755 --- a/home-modules/vscode.nix +++ b/home-modules/vscode.nix @@ -60,7 +60,7 @@ userSettings = { workbench.colorTheme = "Just Black"; editor.fontFamily = "'${rice.font.code.name2}', 'monospace', monospace"; - emote.SSH.useLocalServer = false; + remote.SSH.useLocalServer = false; }; enableUpdateCheck = false; enableExtensionUpdateCheck = false; diff --git a/home.nix b/home.nix index 577f18e..da4ebb7 100755 --- a/home.nix +++ b/home.nix @@ -34,6 +34,7 @@ ./home-modules/nh.nix ./home-modules/ssh.nix + ./home-modules/gpg.nix ./home-modules/git.nix ./home-modules/mako.nix diff --git a/system-modules/gpg.nix b/system-modules/gpg.nix new file mode 100644 index 0000000..e9102da --- /dev/null +++ b/system-modules/gpg.nix @@ -0,0 +1,15 @@ +{ pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + gnupg + ]; + programs.gnupg = { + dirmngr.enable = true; + agent = { + enable = true; + enableSSHSupport = true; + enableExtraSocket = true; + enableBrowserSocket = true; + }; + }; +} diff --git a/system-modules/sops.nix b/system-modules/sops.nix new file mode 100644 index 0000000..631d7a1 --- /dev/null +++ b/system-modules/sops.nix @@ -0,0 +1,8 @@ +{ pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + age + ssh-to-age + sops + ]; +}