migrate yubikey, sshkey und gpg home-manager

nixos/homes/common/default.nix

@@ -1,4 +1,5 @@
 { lib, ... }:
 {
+  imports = [ ./packages.nix ];
   options.gui.enable = lib.mkEnableOption "should GUI packages be anabled?";
 }

nixos/homes/common/packages.nix

@@ -0,0 +1,13 @@
+{ pkgs, ... }:
+with pkgs;
+{
+  home.packages = [
+    bind.dnsutils
+    nmap
+    hexyl
+
+    units
+
+
+  ];
+}

nixos/homes/palo/default.nix

@@ -4,31 +4,17 @@
     ../common
     ./doom-emacs.nix
     ./git.nix
+    ./gpg.nix
     ./i3.nix
     ./packages
     ./ssh.nix
     ./stylix.nix
     ./vim.nix
+    ./yubikey.nix
   ];
 
   home.stateVersion = "22.11";
 
-  programs.gpg = {
-    enable = true;
-    settings = {
-      auto-key-locate = "local";
-      keyid-format = "long";
-      utf8-strings = "";
-      verbose = "";
-      with-fingerprint = "";
-      keyserver = "keyserver.ubuntu.com";
-      personal-digest-preferences = "SHA512";
-      cert-digest-algo = "SHA512";
-      default-preference-list =
-        "SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed";
-    };
-  };
-
   programs.htop = {
     enable = true;
     settings.highlight_base_name = true;

nixos/homes/palo/gpg.nix

@@ -0,0 +1,28 @@
+{ pkgs, ... }:
+{
+
+  programs.gpg = {
+    enable = true;
+    settings = {
+      auto-key-locate = "local";
+      keyid-format = "long";
+      utf8-strings = "";
+      verbose = "";
+      with-fingerprint = "";
+      keyserver = "keyserver.ubuntu.com";
+      personal-digest-preferences = "SHA512";
+      cert-digest-algo = "SHA512";
+      default-preference-list =
+        "SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed";
+    };
+  };
+
+  services.gpg-agent = {
+    enable = true;
+    enableBashIntegration = true;
+    enableExtraSocket = true;
+    enableSshSupport = true;
+    enableZshIntegration = true;
+    # sshKeys = [];
+  };
+}

nixos/homes/palo/packages/development.nix

@@ -9,6 +9,9 @@ with lib;
 
       home.packages =
         let
+
+
+
           # to make copilot work
           # jetbrains.pycharm-professional
           fhsPyCharm = pkgs.buildFHSUserEnv {
@@ -96,38 +99,56 @@ with lib;
     })
     {
 
-      home.packages = [
+      home.packages =
+        let
+          pandocScript = { inputFormat, outputFormat }:
+            pkgs.writers.writeDashBin "pandoc-from-${inputFormat}-to-${outputFormat}" ''
+              ${pkgs.pandoc}/bin/pandoc \
+                --from ${inputFormat} \
+                --to ${outputFormat} \
+                --standalone \
+                "$@"
+            '';
+        in
+        [
 
-        tmux
+          tmux
 
-        # terminal recorder
-        asciinema
-        asciinema-agg
-        asciinema-scenario
-        termtosvg
+          nethogs
+          netsniff-ng
+          iftop
 
-        # shell
-        gum
-        yq-go
-        gojq
+          # terminal recorder
+          asciinema
+          asciinema-agg
+          asciinema-scenario
+          termtosvg
 
-        # nomad
-        nomad
-        wander
+          # shell
+          gum
+          yq-go
+          gojq
 
-        # terraform
-        unstable.terragrunt
-        unstable.terraform
-        terraform-docs
-        awscli2
+          # nomad
+          nomad
+          wander
 
-        # python
-        python3Full
-        pipenv
+          # terraform
+          unstable.terragrunt
+          unstable.terraform
+          terraform-docs
+          awscli2
 
-        unstable.mdbook
+          # python
+          python3Full
+          pipenv
 
-      ];
+          unstable.mdbook
+
+        ] ++ (map pandocScript (lib.cartesianProductOfSets {
+          inputFormat = [ "man" "markdown" "mediawiki" ];
+          outputFormat = [ "mediawiki" "docbook5" "html5" "man" "jira" "markdown" ];
+        }));
 
     }
   ];

nixos/homes/palo/yubikey.nix

@@ -0,0 +1,4 @@
+{ pkgs, osConfig, ... }:
+{
+  pam.yubico.authorizedYubiKeys.path = toString osConfig.sops.secrets.yubikey_u2fAuthFile.path;
+}

nixos/machines/cream/configuration.nix

@@ -31,6 +31,8 @@
 
   home-manager.users.mainUser.home.sessionPath = [ "$HOME/.timewarrior/scripts" ];
 
+  sops.secrets.yubikey_u2fAuthFile = { };
+
   components.gui.taskwarrior.config = {
     general = {
       targets = [ "terranix" "my_github" ];

nixos/system/desktop/default.nix

@@ -4,7 +4,6 @@
 
     ../all
     ./packages.nix
-    ./size.nix
     ./yubikey.nix
   ];
 

nixos/system/desktop/packages.nix

@@ -53,15 +53,6 @@ let
       mv "$1.backup" "$1"
     '';
 
-  pandocScript = { inputFormat, outputFormat }:
-    pkgs.writers.writeDashBin "pandoc-from-${inputFormat}-to-${outputFormat}" ''
-      ${pkgs.pandoc}/bin/pandoc \
-        --from ${inputFormat} \
-        --to ${outputFormat} \
-        --standalone \
-        "$@"
-    '';
-
   connectToSpeaker = name: id:
     pkgs.writeShellScriptBin "connect-to-speaker-${name}" # sh
       ''
@@ -138,9 +129,9 @@ in
 {
 
   # gnupg setup
-  programs.gnupg.agent.enable = true;
-  programs.gnupg.agent.enableSSHSupport = true;
-  programs.gnupg.agent.enableExtraSocket = true;
+  #programs.gnupg.agent.enable = true;
+  #programs.gnupg.agent.enableSSHSupport = true;
+  #programs.gnupg.agent.enableExtraSocket = true;
 
   environment.systemPackages = with pkgs;
     [
@@ -278,10 +269,6 @@ in
 
       nix-index
 
-      nethogs
-      netsniff-ng
-      iftop
-
       ffmpeg
       (writeShellScriptBin "shrink-exports"
         (fileContents ../../assets/shrink_exports))
@@ -291,12 +278,6 @@ in
       replaceLinks
       youtube-dl
 
-      #cairo
-
-      #w3m
-      #links2
-      #lynx
-
       # temperature
       s-tui
       (pkgs.writers.writeDashBin "temperature" ''
@@ -328,8 +309,5 @@ in
 
       wireshark
 
-    ] ++ (map pandocScript (lib.cartesianProductOfSets {
-      inputFormat = [ "man" "markdown" "mediawiki" ];
-      outputFormat = [ "mediawiki" "docbook5" "html5" "man" "jira" "markdown" ];
-    }));
+    ];
 }

nixos/system/desktop/size.nix

@@ -1,29 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-
-  cfg = config.configuration.desktop;
-
-in
-{
-
-  #options.configuration.desktop = {
-  #  height = mkOption {
-  #    default = 900;
-  #    type = with types; int;
-  #    description = ''
-  #      height of the dektop monitor
-  #    '';
-  #  };
-  #  width = mkOption {
-  #    default = 1600;
-  #    type = with types; int;
-  #    description = ''
-  #      width of the desktop monitor
-  #    '';
-  #  };
-  #};
-
-}

nixos/system/desktop/yubikey.nix

@@ -33,25 +33,23 @@
 
   ];
 
-  # use gpg for ssh
-  # ---------------
-  environment.shellInit = ''
-    export GPG_TTY="$(tty)"
-    gpg-connect-agent /bye
-    export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
-  '';
-  programs = {
-    ssh.startAgent = false;
-    gnupg.agent = {
-      enable = true;
-      enableSSHSupport = true;
-    };
-  };
+  ## managed by home-manager now
+  #environment.shellInit = ''
+  #  export GPG_TTY="$(tty)"
+  #  gpg-connect-agent /bye
+  #  export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
+  #'';
+  #programs = {
+  #  ssh.startAgent = false;
+  #  gnupg.agent = {
+  #    enable = true;
+  #    enableSSHSupport = true;
+  #  };
+  #};
 
-  # use for pam (sudo)
-  # --------------------------
-  security.pam.u2f.enable = true;
-  security.pam.u2f.authFile = toString config.sops.secrets.yubikey_u2fAuthFile.path;
-  sops.secrets.yubikey_u2fAuthFile = { };
+  ## managed by home-manager now
+  #security.pam.u2f.enable = true;
+  #security.pam.u2f.authFile = toString config.sops.secrets.yubikey_u2fAuthFile.path;
+  #sops.secrets.yubikey_u2fAuthFile = { };
 
 }