diff --git a/flake.lock b/flake.lock index 2c35989..da4e55b 100644 --- a/flake.lock +++ b/flake.lock @@ -43,11 +43,11 @@ ] }, "locked": { - "lastModified": 1744902080, - "narHash": "sha256-px7OEMQYhS9StY3sTYYeM/jJspk6SXgoPU7OmOSx+1c=", + "lastModified": 1748955489, + "narHash": "sha256-OmZXyW2g5qIuo5Te74McwR0TwauCO2sF3/SjGDVuxyg=", "owner": "nix-community", "repo": "home-manager", - "rev": "2c71aae678c03a39c2542e136b87bd040ae1b3cb", + "rev": "bb846c031be68a96466b683be32704ef6e07b159", "type": "github" }, "original": { @@ -79,11 +79,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1744463964, - "narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=", + "lastModified": 1748693115, + "narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650", + "rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc", "type": "github" }, "original": { @@ -94,11 +94,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1744463964, - "narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=", + "lastModified": 1748693115, + "narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650", + "rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc", "type": "github" }, "original": { @@ -115,11 +115,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1744904898, - "narHash": "sha256-wLepe0sdFFgXUOLY2t+GrfjBquiGFgNydQkQYGh6UwQ=", + "lastModified": 1748973087, + "narHash": "sha256-ZN0XKKdCBC9eLeog7qYhfGPbajkPtQPdlxp/dhwONw4=", "owner": "nix-community", "repo": "NUR", - "rev": "9ea0c40c52673079dfe50e82ddbb78679723be05", + "rev": "90add46380908ba4395f5f1dfec84224a3b0d4b9", "type": "github" }, "original": { @@ -144,11 +144,11 @@ ] }, "locked": { - "lastModified": 1744669848, - "narHash": "sha256-pXyanHLUzLNd3MX9vsWG+6Z2hTU8niyphWstYEP3/GU=", + "lastModified": 1747603214, + "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=", "owner": "Mic92", "repo": "sops-nix", - "rev": "61154300d945f0b147b30d24ddcafa159148026a", + "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd", "type": "github" }, "original": { diff --git a/hosts/morty/home-config.nix b/hosts/morty/home-config.nix index d8708ff..afb756a 100644 --- a/hosts/morty/home-config.nix +++ b/hosts/morty/home-config.nix @@ -1,7 +1,10 @@ { ... }: { config.modules = { application = { - gnupg.enable = true; + gnupg = { + enable = true; + enableSshSupport = true; + }; zathura.enable = true; foot.enable = true; imv.enable = true; diff --git a/modules/home-manager/application/gnupg/default.nix b/modules/home-manager/application/gnupg/default.nix index ee7b38f..53a24f1 100644 --- a/modules/home-manager/application/gnupg/default.nix +++ b/modules/home-manager/application/gnupg/default.nix @@ -12,30 +12,51 @@ in default = true; description = "install password-store"; }; + + enableSshSupport = mkOption { + type = types.bool; + default = false; + description = "enable GnuPG agent SSH support"; + }; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ - # pinentry-gnome - pkgs.gcr - ]; - + home.packages = with pkgs; [ + # pinentry-gnome + gcr + ]; programs.gpg = { enable = true; scdaemonSettings = { disable-ccid = true; }; + homedir = "${config.xdg.configHome}/gnupg"; }; services.gpg-agent = { enable = true; enableScDaemon = true; enableZshIntegration = true; - pinentryPackage = pkgs.pinentry-gnome3; + pinentry.package = pkgs.pinentry-gnome3; + enableSshSupport = cfg.enableSshSupport; + maxCacheTtl = 60 * 60 * 2; + maxCacheTtlSsh = 60 * 60 * 2; + defaultCacheTtl = 60 * 60; + defaultCacheTtlSsh = 60 * 60; + noAllowExternalCache = true; }; + home.sessionVariablesExtra = lib.mkIf cfg.enableSshSupport '' + if [[ -z "''${SSH_AUTH_SOCK}" ]]; then + export SSH_AUTH_SOCK="$(${config.programs.gpg.package}/bin/gpgconf --list-dirs agent-ssh-socket)" + fi + ''; + + services.ssh-agent.enable = if cfg.enableSshSupport then false else true; programs.password-store = { enable = cfg.pass; }; + + home.file.".local/bin/gpg-attach-key".source = ./files/gpg-attach-key.sh; }; } diff --git a/modules/home-manager/application/gnupg/files/gpg-attach-key.sh b/modules/home-manager/application/gnupg/files/gpg-attach-key.sh new file mode 100755 index 0000000..2851e85 --- /dev/null +++ b/modules/home-manager/application/gnupg/files/gpg-attach-key.sh @@ -0,0 +1,137 @@ +#!/usr/bin/env bash + +UUID="1429a4c6-78f5-4f46-98bc-894106b52399" +mountpoint="" + +usage() { + cat <&2 +Attach GPG master key +--- + +$0 [action] [--debug] [--help] + +mount or unmount encrypted device based on UUID and attach GnuPG private keys +to private key directory. Actions can be + + - 'mount' to mount USB device and attach keys + - 'unmount' to remove private keys attached and unmount USB device +EOF +} + +error() { + local message + printf -v message "\e[31mERROR:\e[0m %s\n" "$1" + >&2 printf "%b" "${message}" + show_stack_trace +} + +show_stack_trace() { + if [[ $DEBUG -eq 1 ]]; then + local message + message="└─ \e[1mStack trace\e[0m:\n" + for ((i = 2; i < ${#FUNCNAME[@]} - 1; i++)); do + if [[ $i = $((${#FUNCNAME[@]} - 2)) ]]; then + message="${message} └" + else + message="${message} ├" + fi + message="${message}─ source:\e[3;34m${BASH_SOURCE[$i]}\e[0m" + message="${message} function:\e[3;34m${FUNCNAME[$i]}\e[0m" + message="${message} line:\e[3;34m${BASH_LINENO[$i - 1]}\e[0m\n" + done + >&2 printf "%b" "${message}" + fi +} + +debug() { + local message + if [[ $DEBUG -eq 1 ]]; then + printf -v message "\e[3;34mDEBUG:\e[0m %s\n" "$*" + >&2 printf "%b" "$message" + show_stack_trace + fi +} + +# shellcheck disable=SC2317 +process_args() { + while :; do + case $1 in + -h | --help) + usage + exit 0 + ;; + m | mount) + action="mount" + ;; + u | umount | unmount) + action="unmount" + ;; + -d | --debug) + DEBUG=1 + ;; + *) + break + ;; + esac + shift + done +} + +main() { + if [ ! -L "/dev/disk/by-uuid/${UUID}" ]; then + error "disk with UUID ${UUID} not found" + exit 10 + fi + if [ -z "${GNUPGHOME}" ]; then + error "GNUPGHOME env variable not set, can't determine gnuph home directory" + exit 11 + fi + key_destination="${GNUPGHOME}/private-keys-v1.d" + + case "$action" in + "mount") + debug "Mount encryted key" + if ! udisksctl unlock -b /dev/disk/by-uuid/${UUID}; then + error "Unlock disk ${UUID} failed" + exit 10 + fi + mountpoint=$(udisksctl mount -b /dev/mapper/luks-${UUID} | awk '{print $4}') + + while read -r key_file; do + + debug "Create symlink for ${key_file}" + base=$(basename "$key_file") + + #create symlink to key file if not exist + if [ ! -e "${key_destination}/${base}" ]; then + ln -s "$key_file" "${key_destination}/${base}" + fi + done < <(find "${mountpoint%.}/.gpg_master/" -type f -name "*.key") + ;; + + "unmount") + debug "unmount encrypted key" + while read -r key_file; do + debug "Remove key \`${key_file}\`" + rm "$key_file" + done < <(find "${key_destination}" -type l -name "*.key") + + if ! udisksctl unmount -b /dev/mapper/luks-${UUID} 2 &>/dev/null; then + error "Can't unmount volume \`luks-${UUID}\`" + fi + + if ! udisksctl lock -b /dev/disk/by-uuid/${UUID} 2 &>/dev/null; then + error "Can't lock device \`${UUID}\`" + fi + ;; + *) + error "What do you want, mount or unmount:" + usage + exit 1 + ;; + esac +} + +process_args "$@" +main +exit 0 diff --git a/modules/home-manager/cli/neovim/default.nix b/modules/home-manager/cli/neovim/default.nix index 1932b2e..8d59ea3 100644 --- a/modules/home-manager/cli/neovim/default.nix +++ b/modules/home-manager/cli/neovim/default.nix @@ -15,8 +15,8 @@ let version = "main"; src = builtins.fetchGit { url = "https://github.com/tonychg/nvim-k8s-lsp.git"; - rev = "5e8221cce09cb71b7604c0c7469bf9053dd877ca"; - ref = "feat/add-helm-ls-support"; + rev = "395f6d6b91da55c12b26a2ef1ace7a922a756712"; + ref = "main"; }; }; in @@ -95,6 +95,11 @@ in type = "lua"; config = (builtins.readFile ./files/plugins/conform.lua); } + { + plugin = dropbar-nvim; + type = "lua"; + config = (builtins.readFile ./files/plugins/dropbar.lua); + } { plugin = fzf-lua; type = "lua"; diff --git a/modules/home-manager/cli/neovim/files/plugins/dropbar.lua b/modules/home-manager/cli/neovim/files/plugins/dropbar.lua new file mode 100644 index 0000000..315a2c4 --- /dev/null +++ b/modules/home-manager/cli/neovim/files/plugins/dropbar.lua @@ -0,0 +1 @@ +require("dropbar").setup({}) diff --git a/modules/home-manager/cli/vifm/default.nix b/modules/home-manager/cli/vifm/default.nix index 5f4aefa..c499ca6 100644 --- a/modules/home-manager/cli/vifm/default.nix +++ b/modules/home-manager/cli/vifm/default.nix @@ -14,11 +14,11 @@ in poppler_utils # Preview PDF file ]; programs.zsh = { - initExtra = '' + initContent = '' cdv() { cd "$(vifm --choose-dir - "$@")" } - openv() { + openv() { xdg-open "$(vifm --choose-file - "$@")" } diff --git a/modules/home-manager/cli/zsh/default.nix b/modules/home-manager/cli/zsh/default.nix index f8e5977..108dd36 100644 --- a/modules/home-manager/cli/zsh/default.nix +++ b/modules/home-manager/cli/zsh/default.nix @@ -60,7 +60,7 @@ in "\\n" = "fg=#7cafc2"; }; }; - initExtra = '' + initContent = '' # Ctrl + backspace: delete word bindkey -v "^H" backward-kill-word diff --git a/modules/home-manager/desktop/sway/includes/mako.nix b/modules/home-manager/desktop/sway/includes/mako.nix index d3e293e..323e831 100644 --- a/modules/home-manager/desktop/sway/includes/mako.nix +++ b/modules/home-manager/desktop/sway/includes/mako.nix @@ -13,35 +13,36 @@ with lib; }; services.mako = { enable = true; - font = "Fira Code Nerd Font 10"; - backgroundColor = "#353535FF"; - borderColor = "#1CD180"; - progressColor = "over #5566AAFF"; - textColor = "#FDFDFD"; - width = 300; - height = 100; - borderRadius = 0; - borderSize = 2; - icons = true; - maxIconSize = 64; - layer = "overlay"; - anchor = "top-right"; - format = '' - %a\n%s\n%b - ''; - extraConfig = '' - [urgency="high"] - border-color=#F268b3 - - [app-name="cmus"] - border-size=1 - default-timeout=7000 - group-by=app-name - format=%b - - [app-name="cmus" grouped] - format=%b - ''; + settings = { + font = "Fira Code Nerd Font 10"; + backgroundColor = "#353535FF"; + borderColor = "#1CD180"; + progressColor = "over #5566AAFF"; + textColor = "#FDFDFD"; + width = 300; + height = 100; + borderRadius = 0; + borderSize = 2; + icons = true; + maxIconSize = 64; + layer = "overlay"; + anchor = "top-right"; + format = '' + %a\n%s\n%b + ''; + "urgency=high" = { + border-color = "#F268b3"; + }; + "app-name=cmus" = { + border-size = 1; + default-timeout = 7000; + group-by = "app-name"; + format= "%b"; + }; + "app-name=cmus grouped" = { + format = "%b"; + }; + }; }; }; } diff --git a/modules/home-manager/desktop/sway/includes/sway.nix b/modules/home-manager/desktop/sway/includes/sway.nix index b94019e..004322b 100644 --- a/modules/home-manager/desktop/sway/includes/sway.nix +++ b/modules/home-manager/desktop/sway/includes/sway.nix @@ -169,6 +169,20 @@ in app_id = "^.*"; }; } + { + command = "resize set 70ppt 70ppt, border pixel 2"; + criteria = { + title = "^Open .*$"; + }; + }]; + }; + floating = { + border = 2; + titlebar = false; + criteria = [ + { + title = "^Open .*$"; + } ]; }; gaps = { @@ -196,7 +210,6 @@ in default_orientation auto workspace_layout default font pango:Fira Code Nerd Font Mono 10 - default_border pixel 1 title_align right ''; }; diff --git a/nixos/includes/system/sshclient.nix b/nixos/includes/system/sshclient.nix deleted file mode 100644 index 06098ba..0000000 --- a/nixos/includes/system/sshclient.nix +++ /dev/null @@ -1,11 +0,0 @@ -{pkgs, ...}: -{ - environment.systemPackages = with pkgs; [ - lxqt.lxqt-openssh-askpass - ]; - programs.ssh = { - startAgent = false; - enableAskPassword = true; - askPassword = "${pkgs.lxqt.lxqt-openssh-askpass}/bin/lxqt-openssh-askpass"; - }; -} diff --git a/nixos/includes/system/user.nix b/nixos/includes/system/user.nix index b3f2970..a4ef445 100644 --- a/nixos/includes/system/user.nix +++ b/nixos/includes/system/user.nix @@ -1,17 +1,17 @@ -{ config, pkgs, username, ... }: +{ pkgs, username, ... }: { # Services services.pcscd.enable = true; # Programs - programs.ssh.startAgent = true; + programs.ssh.startAgent = false; programs.zsh.enable = true; - # Needed for home-manager systemd service + # Needed for home-manager systemd service programs.dconf.enable = true; - - # Configs + + # Configs fonts.fontconfig.enable = true; - + users.users.${username} = { shell = pkgs.zsh; isNormalUser = true;