From 414ff779b6eeaa876dbd9ad7a99e5e5a54ff230d Mon Sep 17 00:00:00 2001 From: Swarsel Date: Thu, 25 Jul 2024 14:41:23 +0200 Subject: [PATCH] refactor: make gpg-agent a common setting --- SwarselSystems.org | 65 +++++++++++++++++------------- profiles/TEMPLATE/home.nix | 12 ------ profiles/common/home/default.nix | 1 + profiles/common/home/gpg-agent.nix | 15 +++++++ profiles/common/home/sops.nix | 1 + profiles/common/nixos/sops.nix | 1 + profiles/fourside/home.nix | 16 -------- profiles/fourside/nixos.nix | 1 - profiles/threed/home.nix | 12 ------ profiles/winters/home.nix | 12 ------ 10 files changed, 54 insertions(+), 82 deletions(-) create mode 100644 profiles/common/home/gpg-agent.nix diff --git a/SwarselSystems.org b/SwarselSystems.org index 9072f7f..b07c523 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -264,18 +264,6 @@ I also enable the extra socket here for ssh agent forwarding. But I have not ful #+begin_src nix :tangle no :noweb-ref gpgagent - services.gpg-agent = { - enable = true; - enableSshSupport = true; - enableExtraSocket = true; - pinentryPackage = pkgs.pinentry.gtk2; - defaultCacheTtl = 600; - maxCacheTtl = 7200; - extraConfig = '' - allow-loopback-pinentry - allow-emacs-pinentry - ''; - }; #+end_src @@ -2165,7 +2153,6 @@ Mostly just sets some opened ports for several games, enables virtualbox (which # kernelPackages = pkgs.linuxPackages_latest; }; - sops.age.sshKeyPaths = [ "${config.users.users.swarsel.home}/.ssh/sops" ]; networking = { hostName = "fourside"; # Define your hostname. @@ -2270,9 +2257,6 @@ This is basically just adjusted to the core count, path to the =hwmon= (this was { config, pkgs, lib, ... }: with lib; { - <> - sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ]; - # waybar config - TEMPLATE - update for cores and temp programs.waybar.settings.mainBar = { # temperature.hwmon-path = "/sys/devices/pci0000:00/0000:00:18.3/hwmon/hwmon4/temp1_input"; @@ -5110,6 +5094,7 @@ I use sops-nix to handle secrets that I want to have available on my machines at { sops = { + age.sshKeyPaths = [ "${config.users.users.swarsel.home}/.ssh/sops" ]; defaultSopsFile = "${config.users.users.swarsel.home}/.dotfiles/secrets/general/secrets.yaml"; validateSopsFiles = false; @@ -5566,6 +5551,7 @@ This section sets up all the imports that are used in the home-manager section. ./kdeconnect.nix ./mako.nix ./sway.nix + ./gpg-agent.nix ]; nix = { @@ -5954,20 +5940,21 @@ I use sops-nix to handle secrets that I want to have available on my machines at Since we are using the home-manager implementation here, we need to specify the runtime path. #+begin_src nix :tangle profiles/common/home/sops.nix - { config, ... }: - { - sops = { - defaultSopsFile = "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml"; - validateSopsFiles = false; - secrets = { - mrswarsel = { path = "/run/user/1000/secrets/mrswarsel"; }; - nautilus = { path = "/run/user/1000/secrets/nautilus"; }; - leon = { path = "/run/user/1000/secrets/leon"; }; - swarselmail = { path = "/run/user/1000/secrets/swarselmail"; }; - caldav = { path = "${config.home.homeDirectory}/.emacs.d/.caldav"; }; + { config, ... }: + { + sops = { + age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ]; + defaultSopsFile = "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml"; + validateSopsFiles = false; + secrets = { + mrswarsel = { path = "/run/user/1000/secrets/mrswarsel"; }; + nautilus = { path = "/run/user/1000/secrets/nautilus"; }; + leon = { path = "/run/user/1000/secrets/leon"; }; + swarselmail = { path = "/run/user/1000/secrets/swarselmail"; }; + caldav = { path = "${config.home.homeDirectory}/.emacs.d/.caldav"; }; + }; }; - }; -} + } #+end_src *** SSH Machines @@ -7532,6 +7519,26 @@ Currently, I am too lazy to explain every option here, but most of it is very se } #+end_src +*** gpg-agent + +#+begin_src nix :tangle profiles/common/home/gpg-agent.nix + { pkgs, ... }: + { + services.gpg-agent = { + enable = true; + enableSshSupport = true; + enableExtraSocket = true; + pinentryPackage = pkgs.pinentry.gtk2; + defaultCacheTtl = 600; + maxCacheTtl = 7200; + extraConfig = '' + allow-loopback-pinentry + allow-emacs-pinentry + ''; + }; + } +#+end_src + ** flake.nix template :PROPERTIES: :CUSTOM_ID: h:aee5ec75-7ca6-40d8-b6ac-a3e7e33a474b diff --git a/profiles/TEMPLATE/home.nix b/profiles/TEMPLATE/home.nix index 02ed160..ce2d860 100644 --- a/profiles/TEMPLATE/home.nix +++ b/profiles/TEMPLATE/home.nix @@ -3,18 +3,6 @@ { - services.gpg-agent = { - enable = true; - enableSshSupport = true; - enableExtraSocket = true; - pinentryPackage = pkgs.pinentry.gtk2; - defaultCacheTtl = 600; - maxCacheTtl = 7200; - extraConfig = '' - allow-loopback-pinentry - allow-emacs-pinentry - ''; - }; home = { username = "TEMPLATE"; diff --git a/profiles/common/home/default.nix b/profiles/common/home/default.nix index 341c053..f068793 100644 --- a/profiles/common/home/default.nix +++ b/profiles/common/home/default.nix @@ -26,6 +26,7 @@ ./kdeconnect.nix ./mako.nix ./sway.nix + ./gpg-agent.nix ]; nix = { diff --git a/profiles/common/home/gpg-agent.nix b/profiles/common/home/gpg-agent.nix new file mode 100644 index 0000000..b742b35 --- /dev/null +++ b/profiles/common/home/gpg-agent.nix @@ -0,0 +1,15 @@ +{ pkgs, ... }: +{ + services.gpg-agent = { + enable = true; + enableSshSupport = true; + enableExtraSocket = true; + pinentryPackage = pkgs.pinentry.gtk2; + defaultCacheTtl = 600; + maxCacheTtl = 7200; + extraConfig = '' + allow-loopback-pinentry + allow-emacs-pinentry + ''; + }; +} diff --git a/profiles/common/home/sops.nix b/profiles/common/home/sops.nix index 6bc53a0..3918c30 100644 --- a/profiles/common/home/sops.nix +++ b/profiles/common/home/sops.nix @@ -1,6 +1,7 @@ { config, ... }: { sops = { + age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ]; defaultSopsFile = "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml"; validateSopsFiles = false; secrets = { diff --git a/profiles/common/nixos/sops.nix b/profiles/common/nixos/sops.nix index 4308d0f..20e9ce3 100644 --- a/profiles/common/nixos/sops.nix +++ b/profiles/common/nixos/sops.nix @@ -2,6 +2,7 @@ { sops = { + age.sshKeyPaths = [ "${config.users.users.swarsel.home}/.ssh/sops" ]; defaultSopsFile = "${config.users.users.swarsel.home}/.dotfiles/secrets/general/secrets.yaml"; validateSopsFiles = false; diff --git a/profiles/fourside/home.nix b/profiles/fourside/home.nix index 1719d71..a9fea07 100644 --- a/profiles/fourside/home.nix +++ b/profiles/fourside/home.nix @@ -1,22 +1,6 @@ { config, pkgs, lib, ... }: with lib; { - - services.gpg-agent = { - enable = true; - enableSshSupport = true; - enableExtraSocket = true; - pinentryPackage = pkgs.pinentry.gtk2; - defaultCacheTtl = 600; - maxCacheTtl = 7200; - extraConfig = '' - allow-loopback-pinentry - allow-emacs-pinentry - ''; - }; - - sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ]; - # waybar config - TEMPLATE - update for cores and temp programs.waybar.settings.mainBar = { # temperature.hwmon-path = "/sys/devices/pci0000:00/0000:00:18.3/hwmon/hwmon4/temp1_input"; diff --git a/profiles/fourside/nixos.nix b/profiles/fourside/nixos.nix index 0022a6b..7cdeb8f 100644 --- a/profiles/fourside/nixos.nix +++ b/profiles/fourside/nixos.nix @@ -13,7 +13,6 @@ # kernelPackages = pkgs.linuxPackages_latest; }; - sops.age.sshKeyPaths = [ "${config.users.users.swarsel.home}/.ssh/sops" ]; networking = { hostName = "fourside"; # Define your hostname. diff --git a/profiles/threed/home.nix b/profiles/threed/home.nix index 928307a..bfd3d39 100644 --- a/profiles/threed/home.nix +++ b/profiles/threed/home.nix @@ -3,18 +3,6 @@ { - services.gpg-agent = { - enable = true; - enableSshSupport = true; - enableExtraSocket = true; - pinentryPackage = pkgs.pinentry.gtk2; - defaultCacheTtl = 600; - maxCacheTtl = 7200; - extraConfig = '' - allow-loopback-pinentry - allow-emacs-pinentry - ''; - }; home = { diff --git a/profiles/winters/home.nix b/profiles/winters/home.nix index 0b8f6cd..b98dc87 100644 --- a/profiles/winters/home.nix +++ b/profiles/winters/home.nix @@ -3,18 +3,6 @@ { - services.gpg-agent = { - enable = true; - enableSshSupport = true; - enableExtraSocket = true; - pinentryPackage = pkgs.pinentry.gtk2; - defaultCacheTtl = 600; - maxCacheTtl = 7200; - extraConfig = '' - allow-loopback-pinentry - allow-emacs-pinentry - ''; - }; home = { username = "swarsel";