migrate yubikey, sshkey und gpg home-manager

This commit is contained in:
Ingolf Wagner 2023-12-14 08:21:39 +01:00
parent 9ef699df79
commit b601c55718
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
12 changed files with 116 additions and 115 deletions

View file

@ -1,4 +1,5 @@
{ lib, ... }: { lib, ... }:
{ {
imports = [ ./packages.nix ];
options.gui.enable = lib.mkEnableOption "should GUI packages be anabled?"; options.gui.enable = lib.mkEnableOption "should GUI packages be anabled?";
} }

View file

@ -0,0 +1,13 @@
{ pkgs, ... }:
with pkgs;
{
home.packages = [
bind.dnsutils
nmap
hexyl
units
];
}

View file

@ -4,31 +4,17 @@
../common ../common
./doom-emacs.nix ./doom-emacs.nix
./git.nix ./git.nix
./gpg.nix
./i3.nix ./i3.nix
./packages ./packages
./ssh.nix ./ssh.nix
./stylix.nix ./stylix.nix
./vim.nix ./vim.nix
./yubikey.nix
]; ];
home.stateVersion = "22.11"; home.stateVersion = "22.11";
programs.gpg = {
enable = true;
settings = {
auto-key-locate = "local";
keyid-format = "long";
utf8-strings = "";
verbose = "";
with-fingerprint = "";
keyserver = "keyserver.ubuntu.com";
personal-digest-preferences = "SHA512";
cert-digest-algo = "SHA512";
default-preference-list =
"SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed";
};
};
programs.htop = { programs.htop = {
enable = true; enable = true;
settings.highlight_base_name = true; settings.highlight_base_name = true;

28
nixos/homes/palo/gpg.nix Normal file
View file

@ -0,0 +1,28 @@
{ pkgs, ... }:
{
programs.gpg = {
enable = true;
settings = {
auto-key-locate = "local";
keyid-format = "long";
utf8-strings = "";
verbose = "";
with-fingerprint = "";
keyserver = "keyserver.ubuntu.com";
personal-digest-preferences = "SHA512";
cert-digest-algo = "SHA512";
default-preference-list =
"SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed";
};
};
services.gpg-agent = {
enable = true;
enableBashIntegration = true;
enableExtraSocket = true;
enableSshSupport = true;
enableZshIntegration = true;
# sshKeys = [];
};
}

View file

@ -9,6 +9,9 @@ with lib;
home.packages = home.packages =
let let
# to make copilot work # to make copilot work
# jetbrains.pycharm-professional # jetbrains.pycharm-professional
fhsPyCharm = pkgs.buildFHSUserEnv { fhsPyCharm = pkgs.buildFHSUserEnv {
@ -96,38 +99,56 @@ with lib;
}) })
{ {
home.packages = [ home.packages =
let
pandocScript = { inputFormat, outputFormat }:
pkgs.writers.writeDashBin "pandoc-from-${inputFormat}-to-${outputFormat}" ''
${pkgs.pandoc}/bin/pandoc \
--from ${inputFormat} \
--to ${outputFormat} \
--standalone \
"$@"
'';
in
[
tmux tmux
# terminal recorder nethogs
asciinema netsniff-ng
asciinema-agg iftop
asciinema-scenario
termtosvg
# shell # terminal recorder
gum asciinema
yq-go asciinema-agg
gojq asciinema-scenario
termtosvg
# nomad # shell
nomad gum
wander yq-go
gojq
# terraform # nomad
unstable.terragrunt nomad
unstable.terraform wander
terraform-docs
awscli2
# python # terraform
python3Full unstable.terragrunt
pipenv unstable.terraform
terraform-docs
awscli2
unstable.mdbook # python
python3Full
pipenv
]; unstable.mdbook
] ++ (map pandocScript (lib.cartesianProductOfSets {
inputFormat = [ "man" "markdown" "mediawiki" ];
outputFormat = [ "mediawiki" "docbook5" "html5" "man" "jira" "markdown" ];
}));
} }
]; ];

View file

@ -0,0 +1,4 @@
{ pkgs, osConfig, ... }:
{
pam.yubico.authorizedYubiKeys.path = toString osConfig.sops.secrets.yubikey_u2fAuthFile.path;
}

View file

@ -31,6 +31,8 @@
home-manager.users.mainUser.home.sessionPath = [ "$HOME/.timewarrior/scripts" ]; home-manager.users.mainUser.home.sessionPath = [ "$HOME/.timewarrior/scripts" ];
sops.secrets.yubikey_u2fAuthFile = { };
components.gui.taskwarrior.config = { components.gui.taskwarrior.config = {
general = { general = {
targets = [ "terranix" "my_github" ]; targets = [ "terranix" "my_github" ];

View file

@ -4,7 +4,6 @@
../all ../all
./packages.nix ./packages.nix
./size.nix
./yubikey.nix ./yubikey.nix
]; ];

View file

@ -53,15 +53,6 @@ let
mv "$1.backup" "$1" mv "$1.backup" "$1"
''; '';
pandocScript = { inputFormat, outputFormat }:
pkgs.writers.writeDashBin "pandoc-from-${inputFormat}-to-${outputFormat}" ''
${pkgs.pandoc}/bin/pandoc \
--from ${inputFormat} \
--to ${outputFormat} \
--standalone \
"$@"
'';
connectToSpeaker = name: id: connectToSpeaker = name: id:
pkgs.writeShellScriptBin "connect-to-speaker-${name}" # sh pkgs.writeShellScriptBin "connect-to-speaker-${name}" # sh
'' ''
@ -138,9 +129,9 @@ in
{ {
# gnupg setup # gnupg setup
programs.gnupg.agent.enable = true; #programs.gnupg.agent.enable = true;
programs.gnupg.agent.enableSSHSupport = true; #programs.gnupg.agent.enableSSHSupport = true;
programs.gnupg.agent.enableExtraSocket = true; #programs.gnupg.agent.enableExtraSocket = true;
environment.systemPackages = with pkgs; environment.systemPackages = with pkgs;
[ [
@ -278,10 +269,6 @@ in
nix-index nix-index
nethogs
netsniff-ng
iftop
ffmpeg ffmpeg
(writeShellScriptBin "shrink-exports" (writeShellScriptBin "shrink-exports"
(fileContents ../../assets/shrink_exports)) (fileContents ../../assets/shrink_exports))
@ -291,12 +278,6 @@ in
replaceLinks replaceLinks
youtube-dl youtube-dl
#cairo
#w3m
#links2
#lynx
# temperature # temperature
s-tui s-tui
(pkgs.writers.writeDashBin "temperature" '' (pkgs.writers.writeDashBin "temperature" ''
@ -328,8 +309,5 @@ in
wireshark wireshark
] ++ (map pandocScript (lib.cartesianProductOfSets { ];
inputFormat = [ "man" "markdown" "mediawiki" ];
outputFormat = [ "mediawiki" "docbook5" "html5" "man" "jira" "markdown" ];
}));
} }

View file

@ -1,29 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.configuration.desktop;
in
{
#options.configuration.desktop = {
# height = mkOption {
# default = 900;
# type = with types; int;
# description = ''
# height of the dektop monitor
# '';
# };
# width = mkOption {
# default = 1600;
# type = with types; int;
# description = ''
# width of the desktop monitor
# '';
# };
#};
}

View file

@ -33,25 +33,23 @@
]; ];
# use gpg for ssh ## managed by home-manager now
# --------------- #environment.shellInit = ''
environment.shellInit = '' # export GPG_TTY="$(tty)"
export GPG_TTY="$(tty)" # gpg-connect-agent /bye
gpg-connect-agent /bye # export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh" #'';
''; #programs = {
programs = { # ssh.startAgent = false;
ssh.startAgent = false; # gnupg.agent = {
gnupg.agent = { # enable = true;
enable = true; # enableSSHSupport = true;
enableSSHSupport = true; # };
}; #};
};
# use for pam (sudo) ## managed by home-manager now
# -------------------------- #security.pam.u2f.enable = true;
security.pam.u2f.enable = true; #security.pam.u2f.authFile = toString config.sops.secrets.yubikey_u2fAuthFile.path;
security.pam.u2f.authFile = toString config.sops.secrets.yubikey_u2fAuthFile.path; #sops.secrets.yubikey_u2fAuthFile = { };
sops.secrets.yubikey_u2fAuthFile = { };
} }