nx2/dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sops i fucking cannnnt

Browse Source
This commit is contained in:
Lennart J. Kurzweg (Nx2)
2024-05-30 20:43:20 +02:00
parent 1ff9e9231d
commit 52343cbc23
10 changed files with 218 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
.sops.yaml Normal file
View File

@@ -0,0 +1,7 @@
keys:
- &primary ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID1RPCcS8DtIf75a2FEW4d8X6WTVeLlmretoLqppvZlJ openpgp:0xC317996E
creation_rules:
- path_regex: secrets/secrets.yaml$
key_groups:
- age:
- *primary

2
configuration.nix
View File

@@ -13,6 +13,8 @@ in
./system-modules/networking.nix
./system-modules/virtualisation.nix
./system-modules/sshd.nix
./system-modules/gpg.nix
./system-modules/sops.nix
# ./system-modules/syncthing.nix
./system-modules/hsmw.nix
./system-modules/docker.nix

21
flake.nix
View File

@@ -91,14 +91,15 @@
let
dark = (-0.3);
bright = (0.5);
alter = let f = rice.lib.alter-luminace-hex; in color-name: color-value: { base = color-value; dark = f color-value dark; bright = f color-value bright; };
ccolor = builtins.mapAttrs alter {
alter-set = let f = rice.lib.alter-luminace-hex; in color-name: color-value: { base = color-value; dark = f color-value dark; bright = f color-value bright; };
alter = let f = rice.lib.alter-luminace-hex; in color-value: { base = color-value; dark = f color-value dark; bright = f color-value bright; };
ccolor = builtins.mapAttrs alter-set {
black = "#000022"; # "#111111" "#001100";
white = "#ddddff"; # "#dddddd" "#66dd66";
blue = "#6611dd"; # "#3333dd" "#003300";
blue = "#4422ff"; # "#3333dd" "#003300";
cyan = "#11dddd"; # "#11dddd" "#00dd55";
green = "#11dd11"; # "#11dd11" "#11dd11";
magenta = "#dd00dd"; # "#dd11dd" "#005500";
green = "#11dd99"; # "#11dd11" "#11dd11";
magenta = "#6622dd"; # "#dd11dd" "#005500";
red = "#dd1166"; # "#dd1111" "#00aa00";
yellow = "#dd6611"; # "#dddd11" "#ffff00";
};
@@ -107,9 +108,13 @@
foreground = white.base;
border = cyan.base;
border2 = blue.base;
accent = cyan;
secondary = magenta;
tertiary = blue;
accent = blue;
secondary = cyan;
tertiary = magenta;
special = yellow;
weird = green;
positive = alter "#00dd00";
negative = alter "#dd0000";
};
in ccolor // xcolor;
font = {

152
home-modules/fish.nix
View File

@@ -38,58 +38,106 @@ lib.mkIf (user != "tv")
# bash>>fish is set in users system module
programs.fish = {
enable = true;
shellAliases = {
ls = "eza --icons --git --smart-group --group-directories-first";
ll = "eza --icons --git --smart-group --group-directories-first --long";
la = "eza --icons --git --smart-group --group-directories-first --all";
lla = "eza --icons --git --smart-group --group-directories-first --all --long";
lt = "eza --icons --git --smart-group --group-directories-first --long --tree";
ltd = "eza --icons --git --smart-group --group-directories-first --long --tree -D";
lt2 = "eza --icons --git --smart-group --group-directories-first --long --tree -L 2";
sr = "sudo reboot";
nf = "neofetch";
nxf = "nxfetch";
nn = "nano";
m = "micro";
p = "python";
ipy = "ipython";
c = "codium";
g = "git";
# gst = "git status";
gps = "git push";
gpl = "git pull";
gad = "git add";
gcm = "git commit -m ";
gmr = "git merge";
gin = "git init";
gdf = "git diff";
grs = "git reset";
grh = "git reset --hard";
gch = "git checkout";
gsh = "git stash";
gsp = "git stash pop";
glg = "git log --graph --abbrev-commit --decorate --format=format:'%C(bold blue)%h%C(reset) - %C(bold green)(%ar)%C(reset) %C(white)%s%C(reset) %C(dim white)- %an%C(reset)%C(auto)%d%C(reset)' --all";
gll = "git log --graph --abbrev-commit --decorate --format=format:'%C(bold blue)%h%C(reset) - %C(bold cyan)%aD%C(reset) %C(bold green)(%ar)%C(reset)%C(auto)%d%C(reset)%n'' %C(white)%s%C(reset) %C(dim white)- %an%C(reset)'";
gmt = "git_monitor";
gsw = "git switch";
gft = "git fetch";
ns = "nix-shell";
lzd = "lazydocker";
d = "docker";
dcmp = "docker compose";
enable = true;
shellAliases = {
ls = "eza --icons --git --smart-group --group-directories-first";
ll = "eza --icons --git --smart-group --group-directories-first --long";
la = "eza --icons --git --smart-group --group-directories-first --all";
lla = "eza --icons --git --smart-group --group-directories-first --all --long";
lt = "eza --icons --git --smart-group --group-directories-first --long --tree";
ltd = "eza --icons --git --smart-group --group-directories-first --long --tree -D";
lt2 = "eza --icons --git --smart-group --group-directories-first --long --tree -L 2";
sr = "sudo reboot";
nf = "neofetch";
nxf = "nxfetch";
nn = "nano";
m = "micro";
p = "python";
ipy = "ipython";
c = "codium";
g = "git";
# gst = "git status";
gps = "git push";
gpl = "git pull";
gad = "git add";
gcm = "git commit -m ";
gmr = "git merge";
gin = "git init";
gdf = "git diff";
grs = "git reset";
grh = "git reset --hard";
gch = "git checkout";
gsh = "git stash";
gsp = "git stash pop";
glg = "git log --graph --abbrev-commit --decorate --format=format:'%C(bold blue)%h%C(reset) - %C(bold green)(%ar)%C(reset) %C(white)%s%C(reset) %C(dim white)- %an%C(reset)%C(auto)%d%C(reset)' --all";
gll = "git log --graph --abbrev-commit --decorate --format=format:'%C(bold blue)%h%C(reset) - %C(bold cyan)%aD%C(reset) %C(bold green)(%ar)%C(reset)%C(auto)%d%C(reset)%n'' %C(white)%s%C(reset) %C(dim white)- %an%C(reset)'";
gmt = "git_monitor";
gsw = "git switch";
gft = "git fetch";
ns = "nix-shell";
lzd = "lazydocker";
d = "docker";
dcmp = "docker compose";
code = "codium";
# ya = "yazi"; # function
# nxfiglet = "figlet";
};
interactiveShellInit = ''
set -g fish_greeting
if not set -q IN_NIX_SHELL
nxfetch
end
${pkgs.starship}/bin/starship init fish | source
# ${pkgs.any-nix-shell}/bin/any-nix-shell fish --info-right | source
'';
code = "codium";
# ya = "yazi"; # function
# nxfiglet = "figlet";
};
interactiveShellInit = ''
set -g fish_greeting
if not set -q IN_NIX_SHELL
nxfetch
end
${pkgs.starship}/bin/starship init fish | source
# ${pkgs.any-nix-shell}/bin/any-nix-shell fish --info-right | source
'';
functions = {
# gpg = '';
# set bold \e[1m
# set green \e[32m
# set blue \e[34m
# set yellow \e[33m
# set cyan \e[36m
# set purple \e[35m
# set reset \e[0m
# if string match -r -- "--list-(secret|public)?-?keys?" "$argv"
# set output (command gpg $argv)
# if test -z "$output"
# return $status
# end
# echo "$output" | sed -e 's/(Key fingerprint =)/'$yellow'\1'$reset'/g' \
# -e 's/(.*\.kbx)/'$yellow'Keyring: \1'$reset'/g' \
# -e 's/^uid[[:blank:]]+/uid /g' \
# -e 's/(^uid.*\] )(.*)/\1'$green'\2'$reset'/g' \
# -e 's/(\[.*\])/'$cyan'\1'$reset'/g' \
# -e 's/(^pub|^sec)/'$bold$green'\1'$reset'/g' \
# -e 's/(^sub|^ssb|^uid)/'$bold'\1'$reset'/g' \
# -e 's/(\[expires: )([0-9]{4}-[0-9]{2}-[0-9]{2})(\].*)/'$cyan'\1'$blue'\2'$cyan'\3'$reset'/g' \
# -e 's/([0-9]{4}-[0-9]{2}-[0-9]{2})/'$blue'\1'$reset'/g' \
# -e 's/^$/------------------------------------------/g' \
# -e 's| ([[:alnum:]]*)/| '$purple'\1'$reset'/|g' \
# -e 's|'$HOME'|~|g'
# # Print info footer
# set info_footer "------------------------------------------\n"
# set info_footer $info_footer $cyan"E"$reset"=encryption, "
# set info_footer $info_footer $cyan"S"$reset"=signing, "
# set info_footer $info_footer $cyan"C"$reset"=certification, "
# set info_footer $info_footer $cyan"A"$reset"=authentication\n"
# set info_footer $info_footer $green$bold"pub"$reset"=public primary key, "
# set info_footer $info_footer $bold"sub"$reset"=public subkey,\n"
# set info_footer $info_footer $green$bold"sec"$reset"=secret primary key, "
# set info_footer $info_footer $bold"ssb"$reset"=secret subkey,\n"
# set info_footer $info_footer $bold"uid"$reset"=user ID, "$purple"algorithm"$reset"/"$bold"key-ID"$reset
# echo -e $info_footer
# else
# command gpg $argv
# end
# '';
};
};
}

60
home-modules/gpg.nix Normal file
View File

@@ -0,0 +1,60 @@
{ pkgs, ... }:
{
# there also is a system module
home.packages = with pkgs; [
gnupg
gpg-tui
];
services.gpg-agent = {
enable = true;
verbose = true;
sshKeys = [
"97081264F7FD72D890D496E839AA9A4C7892A7D8" # [A] Sub Key from Master Key
];
enableSshSupport = true;
enableFishIntegration = true;
};
home.file.".gnupg/gpg.conf".text = ''
# Use AES256, 192, or 128 as cipher
personal-cipher-preferences AES256 AES192 AES
# Use SHA512, 384, or 256 as digest
personal-digest-preferences SHA512 SHA384 SHA256
# Use ZLIB, BZIP2, ZIP, or no compression
personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed
# Default preferences for new keys
default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed
# SHA512 as digest to sign keys
cert-digest-algo SHA512
# SHA512 as digest for symmetric ops
s2k-digest-algo SHA512
# AES256 as cipher for symmetric ops
s2k-cipher-algo AES256
# UTF-8 support for compatibility
charset utf-8
# No comments in messages
no-comments
# No version in output
no-emit-version
# Disable banner
no-greeting
# Long key id format
keyid-format 0xlong
# Display UID validity
list-options show-uid-validity
verify-options show-uid-validity
# Display all keys and their fingerprints
with-fingerprint
# Display key origins and updates
#with-key-origin
# Cross-certify subkeys are present and valid
require-cross-certification
# Disable caching of passphrase for symmetrical ops
no-symkey-cache
# Output ASCII instead of binary
armor
# Enable smartcard
# use-agent
'';
}

20
home-modules/helix.nix
View File

@@ -65,25 +65,25 @@
"modifiers" = [ "italic" ];
};
"constant" = accent.bright;
"constant.character.escape" = foreground;
"constant.character.escape" = special.bright;
"constant.numeric" = foreground;
"constructor" = foreground;
"constructor" = blue.dark;
"debug" = yellow.base;
"diagnostic.modifiers" = [ "underlined" ];
"diff.delta" = blue.bright;
"diff.minus" = red.bright;
"diff.plus" = green.bright;
"diff.minus" = negative.bright;
"diff.plus" = positive.bright;
"error" = red.base;
"function" = foreground;
"hint" = foreground;
"function" = secondary.bright;
"hint" = tertiary.bright;
"info" = foreground;
"keyword" = foreground;
"keyword" = secondary.base;
"label" = foreground;
"namespace" = foreground;
"namespace" = weird.bright;
"operator" = foreground;
"special" = foreground;
"special" = special.base;
"string" = secondary.bright;
"type" = foreground;
"type" = red.dark;
"variable" = accent.base;
"variableother.member" = foreground;
"warning" = red.base;

2
home-modules/vscode.nix
View File

@@ -60,7 +60,7 @@
userSettings = {
workbench.colorTheme = "Just Black";
editor.fontFamily = "'${rice.font.code.name2}', 'monospace', monospace";
emote.SSH.useLocalServer = false;
remote.SSH.useLocalServer = false;
};
enableUpdateCheck = false;
enableExtensionUpdateCheck = false;

1
home.nix
View File

@@ -34,6 +34,7 @@
./home-modules/nh.nix
./home-modules/ssh.nix
./home-modules/gpg.nix
./home-modules/git.nix
./home-modules/mako.nix

15
system-modules/gpg.nix Normal file
View File

@@ -0,0 +1,15 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
gnupg
];
programs.gnupg = {
dirmngr.enable = true;
agent = {
enable = true;
enableSSHSupport = true;
enableExtraSocket = true;
enableBrowserSocket = true;
};
};
}

8
system-modules/sops.nix Normal file
View File

@@ -0,0 +1,8 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
age
ssh-to-age
sops
];
}