diff --git a/hosts/morty/home-config.nix b/hosts/morty/home-config.nix index d8708ff..afb756a 100644 --- a/hosts/morty/home-config.nix +++ b/hosts/morty/home-config.nix @@ -1,7 +1,10 @@ { ... }: { config.modules = { application = { - gnupg.enable = true; + gnupg = { + enable = true; + enableSshSupport = true; + }; zathura.enable = true; foot.enable = true; imv.enable = true; diff --git a/modules/home-manager/application/gnupg/default.nix b/modules/home-manager/application/gnupg/default.nix index 2990e94..53a24f1 100644 --- a/modules/home-manager/application/gnupg/default.nix +++ b/modules/home-manager/application/gnupg/default.nix @@ -12,19 +12,25 @@ in default = true; description = "install password-store"; }; + + enableSshSupport = mkOption { + type = types.bool; + default = false; + description = "enable GnuPG agent SSH support"; + }; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ - # pinentry-gnome - gcr - ]; - + home.packages = with pkgs; [ + # pinentry-gnome + gcr + ]; programs.gpg = { enable = true; scdaemonSettings = { disable-ccid = true; }; + homedir = "${config.xdg.configHome}/gnupg"; }; services.gpg-agent = { @@ -32,10 +38,25 @@ in enableScDaemon = true; enableZshIntegration = true; pinentry.package = pkgs.pinentry-gnome3; + enableSshSupport = cfg.enableSshSupport; + maxCacheTtl = 60 * 60 * 2; + maxCacheTtlSsh = 60 * 60 * 2; + defaultCacheTtl = 60 * 60; + defaultCacheTtlSsh = 60 * 60; + noAllowExternalCache = true; }; + home.sessionVariablesExtra = lib.mkIf cfg.enableSshSupport '' + if [[ -z "''${SSH_AUTH_SOCK}" ]]; then + export SSH_AUTH_SOCK="$(${config.programs.gpg.package}/bin/gpgconf --list-dirs agent-ssh-socket)" + fi + ''; + + services.ssh-agent.enable = if cfg.enableSshSupport then false else true; programs.password-store = { enable = cfg.pass; }; + + home.file.".local/bin/gpg-attach-key".source = ./files/gpg-attach-key.sh; }; } diff --git a/modules/home-manager/application/gnupg/files/gpg-attach-key.sh b/modules/home-manager/application/gnupg/files/gpg-attach-key.sh new file mode 100755 index 0000000..2851e85 --- /dev/null +++ b/modules/home-manager/application/gnupg/files/gpg-attach-key.sh @@ -0,0 +1,137 @@ +#!/usr/bin/env bash + +UUID="1429a4c6-78f5-4f46-98bc-894106b52399" +mountpoint="" + +usage() { + cat <&2 +Attach GPG master key +--- + +$0 [action] [--debug] [--help] + +mount or unmount encrypted device based on UUID and attach GnuPG private keys +to private key directory. Actions can be + + - 'mount' to mount USB device and attach keys + - 'unmount' to remove private keys attached and unmount USB device +EOF +} + +error() { + local message + printf -v message "\e[31mERROR:\e[0m %s\n" "$1" + >&2 printf "%b" "${message}" + show_stack_trace +} + +show_stack_trace() { + if [[ $DEBUG -eq 1 ]]; then + local message + message="└─ \e[1mStack trace\e[0m:\n" + for ((i = 2; i < ${#FUNCNAME[@]} - 1; i++)); do + if [[ $i = $((${#FUNCNAME[@]} - 2)) ]]; then + message="${message} └" + else + message="${message} ├" + fi + message="${message}─ source:\e[3;34m${BASH_SOURCE[$i]}\e[0m" + message="${message} function:\e[3;34m${FUNCNAME[$i]}\e[0m" + message="${message} line:\e[3;34m${BASH_LINENO[$i - 1]}\e[0m\n" + done + >&2 printf "%b" "${message}" + fi +} + +debug() { + local message + if [[ $DEBUG -eq 1 ]]; then + printf -v message "\e[3;34mDEBUG:\e[0m %s\n" "$*" + >&2 printf "%b" "$message" + show_stack_trace + fi +} + +# shellcheck disable=SC2317 +process_args() { + while :; do + case $1 in + -h | --help) + usage + exit 0 + ;; + m | mount) + action="mount" + ;; + u | umount | unmount) + action="unmount" + ;; + -d | --debug) + DEBUG=1 + ;; + *) + break + ;; + esac + shift + done +} + +main() { + if [ ! -L "/dev/disk/by-uuid/${UUID}" ]; then + error "disk with UUID ${UUID} not found" + exit 10 + fi + if [ -z "${GNUPGHOME}" ]; then + error "GNUPGHOME env variable not set, can't determine gnuph home directory" + exit 11 + fi + key_destination="${GNUPGHOME}/private-keys-v1.d" + + case "$action" in + "mount") + debug "Mount encryted key" + if ! udisksctl unlock -b /dev/disk/by-uuid/${UUID}; then + error "Unlock disk ${UUID} failed" + exit 10 + fi + mountpoint=$(udisksctl mount -b /dev/mapper/luks-${UUID} | awk '{print $4}') + + while read -r key_file; do + + debug "Create symlink for ${key_file}" + base=$(basename "$key_file") + + #create symlink to key file if not exist + if [ ! -e "${key_destination}/${base}" ]; then + ln -s "$key_file" "${key_destination}/${base}" + fi + done < <(find "${mountpoint%.}/.gpg_master/" -type f -name "*.key") + ;; + + "unmount") + debug "unmount encrypted key" + while read -r key_file; do + debug "Remove key \`${key_file}\`" + rm "$key_file" + done < <(find "${key_destination}" -type l -name "*.key") + + if ! udisksctl unmount -b /dev/mapper/luks-${UUID} 2 &>/dev/null; then + error "Can't unmount volume \`luks-${UUID}\`" + fi + + if ! udisksctl lock -b /dev/disk/by-uuid/${UUID} 2 &>/dev/null; then + error "Can't lock device \`${UUID}\`" + fi + ;; + *) + error "What do you want, mount or unmount:" + usage + exit 1 + ;; + esac +} + +process_args "$@" +main +exit 0 diff --git a/modules/home-manager/cli/neovim/default.nix b/modules/home-manager/cli/neovim/default.nix index 1932b2e..8d59ea3 100644 --- a/modules/home-manager/cli/neovim/default.nix +++ b/modules/home-manager/cli/neovim/default.nix @@ -15,8 +15,8 @@ let version = "main"; src = builtins.fetchGit { url = "https://github.com/tonychg/nvim-k8s-lsp.git"; - rev = "5e8221cce09cb71b7604c0c7469bf9053dd877ca"; - ref = "feat/add-helm-ls-support"; + rev = "395f6d6b91da55c12b26a2ef1ace7a922a756712"; + ref = "main"; }; }; in @@ -95,6 +95,11 @@ in type = "lua"; config = (builtins.readFile ./files/plugins/conform.lua); } + { + plugin = dropbar-nvim; + type = "lua"; + config = (builtins.readFile ./files/plugins/dropbar.lua); + } { plugin = fzf-lua; type = "lua"; diff --git a/modules/home-manager/cli/neovim/files/plugins/dropbar.lua b/modules/home-manager/cli/neovim/files/plugins/dropbar.lua new file mode 100644 index 0000000..315a2c4 --- /dev/null +++ b/modules/home-manager/cli/neovim/files/plugins/dropbar.lua @@ -0,0 +1 @@ +require("dropbar").setup({}) diff --git a/modules/home-manager/desktop/sway/includes/sway.nix b/modules/home-manager/desktop/sway/includes/sway.nix index b94019e..004322b 100644 --- a/modules/home-manager/desktop/sway/includes/sway.nix +++ b/modules/home-manager/desktop/sway/includes/sway.nix @@ -169,6 +169,20 @@ in app_id = "^.*"; }; } + { + command = "resize set 70ppt 70ppt, border pixel 2"; + criteria = { + title = "^Open .*$"; + }; + }]; + }; + floating = { + border = 2; + titlebar = false; + criteria = [ + { + title = "^Open .*$"; + } ]; }; gaps = { @@ -196,7 +210,6 @@ in default_orientation auto workspace_layout default font pango:Fira Code Nerd Font Mono 10 - default_border pixel 1 title_align right ''; }; diff --git a/nixos/includes/system/sshclient.nix b/nixos/includes/system/sshclient.nix deleted file mode 100644 index 06098ba..0000000 --- a/nixos/includes/system/sshclient.nix +++ /dev/null @@ -1,11 +0,0 @@ -{pkgs, ...}: -{ - environment.systemPackages = with pkgs; [ - lxqt.lxqt-openssh-askpass - ]; - programs.ssh = { - startAgent = false; - enableAskPassword = true; - askPassword = "${pkgs.lxqt.lxqt-openssh-askpass}/bin/lxqt-openssh-askpass"; - }; -} diff --git a/nixos/includes/system/user.nix b/nixos/includes/system/user.nix index b3f2970..a4ef445 100644 --- a/nixos/includes/system/user.nix +++ b/nixos/includes/system/user.nix @@ -1,17 +1,17 @@ -{ config, pkgs, username, ... }: +{ pkgs, username, ... }: { # Services services.pcscd.enable = true; # Programs - programs.ssh.startAgent = true; + programs.ssh.startAgent = false; programs.zsh.enable = true; - # Needed for home-manager systemd service + # Needed for home-manager systemd service programs.dconf.enable = true; - - # Configs + + # Configs fonts.fontconfig.enable = true; - + users.users.${username} = { shell = pkgs.zsh; isNormalUser = true;