From 7a1e126483b93326a703b5fd4360c78eb6b4509e Mon Sep 17 00:00:00 2001 From: Yorick Barbanneau Date: Mon, 19 May 2025 20:47:08 +0200 Subject: [PATCH 01/17] chore: upgrade packages repositories --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 2c35989..da4e55b 100644 --- a/flake.lock +++ b/flake.lock @@ -43,11 +43,11 @@ ] }, "locked": { - "lastModified": 1744902080, - "narHash": "sha256-px7OEMQYhS9StY3sTYYeM/jJspk6SXgoPU7OmOSx+1c=", + "lastModified": 1748955489, + "narHash": "sha256-OmZXyW2g5qIuo5Te74McwR0TwauCO2sF3/SjGDVuxyg=", "owner": "nix-community", "repo": "home-manager", - "rev": "2c71aae678c03a39c2542e136b87bd040ae1b3cb", + "rev": "bb846c031be68a96466b683be32704ef6e07b159", "type": "github" }, "original": { @@ -79,11 +79,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1744463964, - "narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=", + "lastModified": 1748693115, + "narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650", + "rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc", "type": "github" }, "original": { @@ -94,11 +94,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1744463964, - "narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=", + "lastModified": 1748693115, + "narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650", + "rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc", "type": "github" }, "original": { @@ -115,11 +115,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1744904898, - "narHash": "sha256-wLepe0sdFFgXUOLY2t+GrfjBquiGFgNydQkQYGh6UwQ=", + "lastModified": 1748973087, + "narHash": "sha256-ZN0XKKdCBC9eLeog7qYhfGPbajkPtQPdlxp/dhwONw4=", "owner": "nix-community", "repo": "NUR", - "rev": "9ea0c40c52673079dfe50e82ddbb78679723be05", + "rev": "90add46380908ba4395f5f1dfec84224a3b0d4b9", "type": "github" }, "original": { @@ -144,11 +144,11 @@ ] }, "locked": { - "lastModified": 1744669848, - "narHash": "sha256-pXyanHLUzLNd3MX9vsWG+6Z2hTU8niyphWstYEP3/GU=", + "lastModified": 1747603214, + "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=", "owner": "Mic92", "repo": "sops-nix", - "rev": "61154300d945f0b147b30d24ddcafa159148026a", + "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd", "type": "github" }, "original": { From ec5bb7cb70c0b247aabaf3386b55ab9d260f8c6d Mon Sep 17 00:00:00 2001 From: Yorick Barbanneau Date: Mon, 19 May 2025 20:47:38 +0200 Subject: [PATCH 02/17] chore(mako): adapt configugation to upstream changes --- .../desktop/sway/includes/mako.nix | 59 ++++++++++--------- 1 file changed, 30 insertions(+), 29 deletions(-) diff --git a/modules/home-manager/desktop/sway/includes/mako.nix b/modules/home-manager/desktop/sway/includes/mako.nix index d3e293e..323e831 100644 --- a/modules/home-manager/desktop/sway/includes/mako.nix +++ b/modules/home-manager/desktop/sway/includes/mako.nix @@ -13,35 +13,36 @@ with lib; }; services.mako = { enable = true; - font = "Fira Code Nerd Font 10"; - backgroundColor = "#353535FF"; - borderColor = "#1CD180"; - progressColor = "over #5566AAFF"; - textColor = "#FDFDFD"; - width = 300; - height = 100; - borderRadius = 0; - borderSize = 2; - icons = true; - maxIconSize = 64; - layer = "overlay"; - anchor = "top-right"; - format = '' - %a\n%s\n%b - ''; - extraConfig = '' - [urgency="high"] - border-color=#F268b3 - - [app-name="cmus"] - border-size=1 - default-timeout=7000 - group-by=app-name - format=%b - - [app-name="cmus" grouped] - format=%b - ''; + settings = { + font = "Fira Code Nerd Font 10"; + backgroundColor = "#353535FF"; + borderColor = "#1CD180"; + progressColor = "over #5566AAFF"; + textColor = "#FDFDFD"; + width = 300; + height = 100; + borderRadius = 0; + borderSize = 2; + icons = true; + maxIconSize = 64; + layer = "overlay"; + anchor = "top-right"; + format = '' + %a\n%s\n%b + ''; + "urgency=high" = { + border-color = "#F268b3"; + }; + "app-name=cmus" = { + border-size = 1; + default-timeout = 7000; + group-by = "app-name"; + format= "%b"; + }; + "app-name=cmus grouped" = { + format = "%b"; + }; + }; }; }; } From 814d7589b12f0a61fd112e90587f383926ffdfaf Mon Sep 17 00:00:00 2001 From: Yorick Barbanneau Date: Mon, 19 May 2025 20:56:25 +0200 Subject: [PATCH 03/17] chore(zsh): implement upstreamn changes in configuration --- modules/home-manager/cli/vifm/default.nix | 4 ++-- modules/home-manager/cli/zsh/default.nix | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/home-manager/cli/vifm/default.nix b/modules/home-manager/cli/vifm/default.nix index 5f4aefa..c499ca6 100644 --- a/modules/home-manager/cli/vifm/default.nix +++ b/modules/home-manager/cli/vifm/default.nix @@ -14,11 +14,11 @@ in poppler_utils # Preview PDF file ]; programs.zsh = { - initExtra = '' + initContent = '' cdv() { cd "$(vifm --choose-dir - "$@")" } - openv() { + openv() { xdg-open "$(vifm --choose-file - "$@")" } diff --git a/modules/home-manager/cli/zsh/default.nix b/modules/home-manager/cli/zsh/default.nix index f8e5977..108dd36 100644 --- a/modules/home-manager/cli/zsh/default.nix +++ b/modules/home-manager/cli/zsh/default.nix @@ -60,7 +60,7 @@ in "\\n" = "fg=#7cafc2"; }; }; - initExtra = '' + initContent = '' # Ctrl + backspace: delete word bindkey -v "^H" backward-kill-word From 169233de37c327d8ca9d11f18ee45226c7309852 Mon Sep 17 00:00:00 2001 From: Yorick Barbanneau Date: Mon, 19 May 2025 20:56:58 +0200 Subject: [PATCH 04/17] chore(gpg): fix upstream changes in configuration --- modules/home-manager/application/gnupg/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/home-manager/application/gnupg/default.nix b/modules/home-manager/application/gnupg/default.nix index ee7b38f..2990e94 100644 --- a/modules/home-manager/application/gnupg/default.nix +++ b/modules/home-manager/application/gnupg/default.nix @@ -17,7 +17,7 @@ in home.packages = with pkgs; [ # pinentry-gnome - pkgs.gcr + gcr ]; programs.gpg = { @@ -31,7 +31,7 @@ in enable = true; enableScDaemon = true; enableZshIntegration = true; - pinentryPackage = pkgs.pinentry-gnome3; + pinentry.package = pkgs.pinentry-gnome3; }; programs.password-store = { From d7913c1f9b5a5bf1a1bfd8e2c0e268ddeaa48e50 Mon Sep 17 00:00:00 2001 From: Yorick Barbanneau Date: Wed, 18 Jun 2025 23:18:09 +0200 Subject: [PATCH 05/17] feat(neovim): add dropbar plugin --- modules/home-manager/cli/neovim/default.nix | 5 +++++ modules/home-manager/cli/neovim/files/plugins/dropbar.lua | 1 + 2 files changed, 6 insertions(+) create mode 100644 modules/home-manager/cli/neovim/files/plugins/dropbar.lua diff --git a/modules/home-manager/cli/neovim/default.nix b/modules/home-manager/cli/neovim/default.nix index 1932b2e..0b2222a 100644 --- a/modules/home-manager/cli/neovim/default.nix +++ b/modules/home-manager/cli/neovim/default.nix @@ -95,6 +95,11 @@ in type = "lua"; config = (builtins.readFile ./files/plugins/conform.lua); } + { + plugin = dropbar-nvim; + type = "lua"; + config = (builtins.readFile ./files/plugins/dropbar.lua); + } { plugin = fzf-lua; type = "lua"; diff --git a/modules/home-manager/cli/neovim/files/plugins/dropbar.lua b/modules/home-manager/cli/neovim/files/plugins/dropbar.lua new file mode 100644 index 0000000..315a2c4 --- /dev/null +++ b/modules/home-manager/cli/neovim/files/plugins/dropbar.lua @@ -0,0 +1 @@ +require("dropbar").setup({}) From e2bddcf32cde61b143a07cad3ad81e2dd3484318 Mon Sep 17 00:00:00 2001 From: Yorick Barbanneau Date: Wed, 18 Jun 2025 23:27:22 +0200 Subject: [PATCH 06/17] chore(neovim): update k8s-lsp plugin --- modules/home-manager/cli/neovim/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/home-manager/cli/neovim/default.nix b/modules/home-manager/cli/neovim/default.nix index 0b2222a..8d59ea3 100644 --- a/modules/home-manager/cli/neovim/default.nix +++ b/modules/home-manager/cli/neovim/default.nix @@ -15,8 +15,8 @@ let version = "main"; src = builtins.fetchGit { url = "https://github.com/tonychg/nvim-k8s-lsp.git"; - rev = "5e8221cce09cb71b7604c0c7469bf9053dd877ca"; - ref = "feat/add-helm-ls-support"; + rev = "395f6d6b91da55c12b26a2ef1ace7a922a756712"; + ref = "main"; }; }; in From 651f00c45d45d0d8abcf1f6096d5b7664f6b6144 Mon Sep 17 00:00:00 2001 From: Yorick Barbanneau Date: Mon, 19 May 2025 20:47:08 +0200 Subject: [PATCH 07/17] chore: upgrade packages repositories --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 2c35989..da4e55b 100644 --- a/flake.lock +++ b/flake.lock @@ -43,11 +43,11 @@ ] }, "locked": { - "lastModified": 1744902080, - "narHash": "sha256-px7OEMQYhS9StY3sTYYeM/jJspk6SXgoPU7OmOSx+1c=", + "lastModified": 1748955489, + "narHash": "sha256-OmZXyW2g5qIuo5Te74McwR0TwauCO2sF3/SjGDVuxyg=", "owner": "nix-community", "repo": "home-manager", - "rev": "2c71aae678c03a39c2542e136b87bd040ae1b3cb", + "rev": "bb846c031be68a96466b683be32704ef6e07b159", "type": "github" }, "original": { @@ -79,11 +79,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1744463964, - "narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=", + "lastModified": 1748693115, + "narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650", + "rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc", "type": "github" }, "original": { @@ -94,11 +94,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1744463964, - "narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=", + "lastModified": 1748693115, + "narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650", + "rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc", "type": "github" }, "original": { @@ -115,11 +115,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1744904898, - "narHash": "sha256-wLepe0sdFFgXUOLY2t+GrfjBquiGFgNydQkQYGh6UwQ=", + "lastModified": 1748973087, + "narHash": "sha256-ZN0XKKdCBC9eLeog7qYhfGPbajkPtQPdlxp/dhwONw4=", "owner": "nix-community", "repo": "NUR", - "rev": "9ea0c40c52673079dfe50e82ddbb78679723be05", + "rev": "90add46380908ba4395f5f1dfec84224a3b0d4b9", "type": "github" }, "original": { @@ -144,11 +144,11 @@ ] }, "locked": { - "lastModified": 1744669848, - "narHash": "sha256-pXyanHLUzLNd3MX9vsWG+6Z2hTU8niyphWstYEP3/GU=", + "lastModified": 1747603214, + "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=", "owner": "Mic92", "repo": "sops-nix", - "rev": "61154300d945f0b147b30d24ddcafa159148026a", + "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd", "type": "github" }, "original": { From 4728addcb08490c8be734fd0cc47c63acefbb08c Mon Sep 17 00:00:00 2001 From: Yorick Barbanneau Date: Mon, 19 May 2025 20:47:38 +0200 Subject: [PATCH 08/17] chore(mako): adapt configugation to upstream changes --- .../desktop/sway/includes/mako.nix | 59 ++++++++++--------- 1 file changed, 30 insertions(+), 29 deletions(-) diff --git a/modules/home-manager/desktop/sway/includes/mako.nix b/modules/home-manager/desktop/sway/includes/mako.nix index d3e293e..323e831 100644 --- a/modules/home-manager/desktop/sway/includes/mako.nix +++ b/modules/home-manager/desktop/sway/includes/mako.nix @@ -13,35 +13,36 @@ with lib; }; services.mako = { enable = true; - font = "Fira Code Nerd Font 10"; - backgroundColor = "#353535FF"; - borderColor = "#1CD180"; - progressColor = "over #5566AAFF"; - textColor = "#FDFDFD"; - width = 300; - height = 100; - borderRadius = 0; - borderSize = 2; - icons = true; - maxIconSize = 64; - layer = "overlay"; - anchor = "top-right"; - format = '' - %a\n%s\n%b - ''; - extraConfig = '' - [urgency="high"] - border-color=#F268b3 - - [app-name="cmus"] - border-size=1 - default-timeout=7000 - group-by=app-name - format=%b - - [app-name="cmus" grouped] - format=%b - ''; + settings = { + font = "Fira Code Nerd Font 10"; + backgroundColor = "#353535FF"; + borderColor = "#1CD180"; + progressColor = "over #5566AAFF"; + textColor = "#FDFDFD"; + width = 300; + height = 100; + borderRadius = 0; + borderSize = 2; + icons = true; + maxIconSize = 64; + layer = "overlay"; + anchor = "top-right"; + format = '' + %a\n%s\n%b + ''; + "urgency=high" = { + border-color = "#F268b3"; + }; + "app-name=cmus" = { + border-size = 1; + default-timeout = 7000; + group-by = "app-name"; + format= "%b"; + }; + "app-name=cmus grouped" = { + format = "%b"; + }; + }; }; }; } From 9154cf5b43d9e4f308dfceb10c356a57ef500528 Mon Sep 17 00:00:00 2001 From: Yorick Barbanneau Date: Mon, 19 May 2025 20:56:25 +0200 Subject: [PATCH 09/17] chore(zsh): implement upstreamn changes in configuration --- modules/home-manager/cli/vifm/default.nix | 4 ++-- modules/home-manager/cli/zsh/default.nix | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/home-manager/cli/vifm/default.nix b/modules/home-manager/cli/vifm/default.nix index 5f4aefa..c499ca6 100644 --- a/modules/home-manager/cli/vifm/default.nix +++ b/modules/home-manager/cli/vifm/default.nix @@ -14,11 +14,11 @@ in poppler_utils # Preview PDF file ]; programs.zsh = { - initExtra = '' + initContent = '' cdv() { cd "$(vifm --choose-dir - "$@")" } - openv() { + openv() { xdg-open "$(vifm --choose-file - "$@")" } diff --git a/modules/home-manager/cli/zsh/default.nix b/modules/home-manager/cli/zsh/default.nix index f8e5977..108dd36 100644 --- a/modules/home-manager/cli/zsh/default.nix +++ b/modules/home-manager/cli/zsh/default.nix @@ -60,7 +60,7 @@ in "\\n" = "fg=#7cafc2"; }; }; - initExtra = '' + initContent = '' # Ctrl + backspace: delete word bindkey -v "^H" backward-kill-word From b4c25d749793e0f4d94b7e98ebaadbca219ed5fa Mon Sep 17 00:00:00 2001 From: Yorick Barbanneau Date: Mon, 19 May 2025 20:56:58 +0200 Subject: [PATCH 10/17] chore(gpg): fix upstream changes in configuration --- modules/home-manager/application/gnupg/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/home-manager/application/gnupg/default.nix b/modules/home-manager/application/gnupg/default.nix index ee7b38f..2990e94 100644 --- a/modules/home-manager/application/gnupg/default.nix +++ b/modules/home-manager/application/gnupg/default.nix @@ -17,7 +17,7 @@ in home.packages = with pkgs; [ # pinentry-gnome - pkgs.gcr + gcr ]; programs.gpg = { @@ -31,7 +31,7 @@ in enable = true; enableScDaemon = true; enableZshIntegration = true; - pinentryPackage = pkgs.pinentry-gnome3; + pinentry.package = pkgs.pinentry-gnome3; }; programs.password-store = { From 141df5608d1bff76abba18e11984e7dad47d78e8 Mon Sep 17 00:00:00 2001 From: Yorick Barbanneau Date: Fri, 4 Apr 2025 23:56:13 +0200 Subject: [PATCH 11/17] feat(gnupg): allow gpg as ssh-agent Deactivate regular ssh-agent in NixOS confifurations --- .../application/gnupg/default.nix | 25 ++++++++++++++----- nixos/includes/system/sshclient.nix | 11 -------- nixos/includes/system/user.nix | 12 ++++----- 3 files changed, 25 insertions(+), 23 deletions(-) delete mode 100644 nixos/includes/system/sshclient.nix diff --git a/modules/home-manager/application/gnupg/default.nix b/modules/home-manager/application/gnupg/default.nix index 2990e94..156e1bb 100644 --- a/modules/home-manager/application/gnupg/default.nix +++ b/modules/home-manager/application/gnupg/default.nix @@ -12,14 +12,19 @@ in default = true; description = "install password-store"; }; + + enableSshSupport = mkOption { + type = types.bool; + default = false; + description = "enable GnuPG agent SSH support"; + }; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ - # pinentry-gnome - gcr - ]; - + home.packages = with pkgs; [ + # pinentry-gnome + gcr + ]; programs.gpg = { enable = true; scdaemonSettings = { @@ -31,9 +36,17 @@ in enable = true; enableScDaemon = true; enableZshIntegration = true; - pinentry.package = pkgs.pinentry-gnome3; + pinentryPackage = pkgs.pinentry-gnome3; + enableSshSupport = cfg.enableSshSupport; }; + home.sessionVariablesExtra = lib.mkIf cfg.enableSshSupport '' + if [[ -z "''${SSH_AUTH_SOCK}" ]]; then + export SSH_AUTH_SOCK="$(${config.programs.gpg.package}/bin/gpgconf --list-dirs agent-ssh-socket)" + fi + ''; + + services.ssh-agent.enable = if cfg.enableSshSupport then false else true; programs.password-store = { enable = cfg.pass; }; diff --git a/nixos/includes/system/sshclient.nix b/nixos/includes/system/sshclient.nix deleted file mode 100644 index 06098ba..0000000 --- a/nixos/includes/system/sshclient.nix +++ /dev/null @@ -1,11 +0,0 @@ -{pkgs, ...}: -{ - environment.systemPackages = with pkgs; [ - lxqt.lxqt-openssh-askpass - ]; - programs.ssh = { - startAgent = false; - enableAskPassword = true; - askPassword = "${pkgs.lxqt.lxqt-openssh-askpass}/bin/lxqt-openssh-askpass"; - }; -} diff --git a/nixos/includes/system/user.nix b/nixos/includes/system/user.nix index b3f2970..a4ef445 100644 --- a/nixos/includes/system/user.nix +++ b/nixos/includes/system/user.nix @@ -1,17 +1,17 @@ -{ config, pkgs, username, ... }: +{ pkgs, username, ... }: { # Services services.pcscd.enable = true; # Programs - programs.ssh.startAgent = true; + programs.ssh.startAgent = false; programs.zsh.enable = true; - # Needed for home-manager systemd service + # Needed for home-manager systemd service programs.dconf.enable = true; - - # Configs + + # Configs fonts.fontconfig.enable = true; - + users.users.${username} = { shell = pkgs.zsh; isNormalUser = true; From 1dd60c22917fae5d705c61fac12235abd09d0485 Mon Sep 17 00:00:00 2001 From: Yorick Barbanneau Date: Fri, 4 Apr 2025 23:57:37 +0200 Subject: [PATCH 12/17] feat(morty): activate gpg ssh-agent --- hosts/morty/home-config.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/hosts/morty/home-config.nix b/hosts/morty/home-config.nix index d8708ff..afb756a 100644 --- a/hosts/morty/home-config.nix +++ b/hosts/morty/home-config.nix @@ -1,7 +1,10 @@ { ... }: { config.modules = { application = { - gnupg.enable = true; + gnupg = { + enable = true; + enableSshSupport = true; + }; zathura.enable = true; foot.enable = true; imv.enable = true; From 3328f4a4f52e979f6276964b1462ff57012ddb3b Mon Sep 17 00:00:00 2001 From: Yorick Barbanneau Date: Fri, 4 Apr 2025 23:59:02 +0200 Subject: [PATCH 13/17] fix(sway): rework theme for gpg pinentry --- .../home-manager/desktop/sway/includes/sway.nix | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/modules/home-manager/desktop/sway/includes/sway.nix b/modules/home-manager/desktop/sway/includes/sway.nix index b94019e..e50acc2 100644 --- a/modules/home-manager/desktop/sway/includes/sway.nix +++ b/modules/home-manager/desktop/sway/includes/sway.nix @@ -169,7 +169,18 @@ in app_id = "^.*"; }; } - ]; + { + command = "border pixel 1"; + criteria = { + app_id = "gcr-prompter"; + }; + } + { + command = "floating enable, resize set 70ppt 70ppt, border pixel 1"; + criteria = { + title = "^Open .*$"; + }; + }]; }; gaps = { smartGaps = true; @@ -196,7 +207,6 @@ in default_orientation auto workspace_layout default font pango:Fira Code Nerd Font Mono 10 - default_border pixel 1 title_align right ''; }; From e376634d061856db8def14e308452aaaaf59e49d Mon Sep 17 00:00:00 2001 From: Yorick Barbanneau Date: Mon, 7 Apr 2025 00:14:39 +0200 Subject: [PATCH 14/17] chore(gnupg): change gnupg home directory --- modules/home-manager/application/gnupg/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home-manager/application/gnupg/default.nix b/modules/home-manager/application/gnupg/default.nix index 156e1bb..c746a8a 100644 --- a/modules/home-manager/application/gnupg/default.nix +++ b/modules/home-manager/application/gnupg/default.nix @@ -30,6 +30,7 @@ in scdaemonSettings = { disable-ccid = true; }; + homedir = "${config.xdg.configHome}/gnupg"; }; services.gpg-agent = { From 031be01d709eb4535d4f6a67176f550372631d24 Mon Sep 17 00:00:00 2001 From: Yorick Barbanneau Date: Mon, 7 Apr 2025 00:32:56 +0200 Subject: [PATCH 15/17] chore(gnupg): add script to manage GPG master key from USB drive --- .../application/gnupg/default.nix | 2 + .../application/gnupg/files/gpg-attach-key.sh | 137 ++++++++++++++++++ 2 files changed, 139 insertions(+) create mode 100755 modules/home-manager/application/gnupg/files/gpg-attach-key.sh diff --git a/modules/home-manager/application/gnupg/default.nix b/modules/home-manager/application/gnupg/default.nix index c746a8a..77f341d 100644 --- a/modules/home-manager/application/gnupg/default.nix +++ b/modules/home-manager/application/gnupg/default.nix @@ -51,5 +51,7 @@ in programs.password-store = { enable = cfg.pass; }; + + home.file.".local/bin/gpg-attach-key".source = ./files/gpg-attach-key.sh; }; } diff --git a/modules/home-manager/application/gnupg/files/gpg-attach-key.sh b/modules/home-manager/application/gnupg/files/gpg-attach-key.sh new file mode 100755 index 0000000..2851e85 --- /dev/null +++ b/modules/home-manager/application/gnupg/files/gpg-attach-key.sh @@ -0,0 +1,137 @@ +#!/usr/bin/env bash + +UUID="1429a4c6-78f5-4f46-98bc-894106b52399" +mountpoint="" + +usage() { + cat <&2 +Attach GPG master key +--- + +$0 [action] [--debug] [--help] + +mount or unmount encrypted device based on UUID and attach GnuPG private keys +to private key directory. Actions can be + + - 'mount' to mount USB device and attach keys + - 'unmount' to remove private keys attached and unmount USB device +EOF +} + +error() { + local message + printf -v message "\e[31mERROR:\e[0m %s\n" "$1" + >&2 printf "%b" "${message}" + show_stack_trace +} + +show_stack_trace() { + if [[ $DEBUG -eq 1 ]]; then + local message + message="└─ \e[1mStack trace\e[0m:\n" + for ((i = 2; i < ${#FUNCNAME[@]} - 1; i++)); do + if [[ $i = $((${#FUNCNAME[@]} - 2)) ]]; then + message="${message} └" + else + message="${message} ├" + fi + message="${message}─ source:\e[3;34m${BASH_SOURCE[$i]}\e[0m" + message="${message} function:\e[3;34m${FUNCNAME[$i]}\e[0m" + message="${message} line:\e[3;34m${BASH_LINENO[$i - 1]}\e[0m\n" + done + >&2 printf "%b" "${message}" + fi +} + +debug() { + local message + if [[ $DEBUG -eq 1 ]]; then + printf -v message "\e[3;34mDEBUG:\e[0m %s\n" "$*" + >&2 printf "%b" "$message" + show_stack_trace + fi +} + +# shellcheck disable=SC2317 +process_args() { + while :; do + case $1 in + -h | --help) + usage + exit 0 + ;; + m | mount) + action="mount" + ;; + u | umount | unmount) + action="unmount" + ;; + -d | --debug) + DEBUG=1 + ;; + *) + break + ;; + esac + shift + done +} + +main() { + if [ ! -L "/dev/disk/by-uuid/${UUID}" ]; then + error "disk with UUID ${UUID} not found" + exit 10 + fi + if [ -z "${GNUPGHOME}" ]; then + error "GNUPGHOME env variable not set, can't determine gnuph home directory" + exit 11 + fi + key_destination="${GNUPGHOME}/private-keys-v1.d" + + case "$action" in + "mount") + debug "Mount encryted key" + if ! udisksctl unlock -b /dev/disk/by-uuid/${UUID}; then + error "Unlock disk ${UUID} failed" + exit 10 + fi + mountpoint=$(udisksctl mount -b /dev/mapper/luks-${UUID} | awk '{print $4}') + + while read -r key_file; do + + debug "Create symlink for ${key_file}" + base=$(basename "$key_file") + + #create symlink to key file if not exist + if [ ! -e "${key_destination}/${base}" ]; then + ln -s "$key_file" "${key_destination}/${base}" + fi + done < <(find "${mountpoint%.}/.gpg_master/" -type f -name "*.key") + ;; + + "unmount") + debug "unmount encrypted key" + while read -r key_file; do + debug "Remove key \`${key_file}\`" + rm "$key_file" + done < <(find "${key_destination}" -type l -name "*.key") + + if ! udisksctl unmount -b /dev/mapper/luks-${UUID} 2 &>/dev/null; then + error "Can't unmount volume \`luks-${UUID}\`" + fi + + if ! udisksctl lock -b /dev/disk/by-uuid/${UUID} 2 &>/dev/null; then + error "Can't lock device \`${UUID}\`" + fi + ;; + *) + error "What do you want, mount or unmount:" + usage + exit 1 + ;; + esac +} + +process_args "$@" +main +exit 0 From 85dbefc18e832d78e62ddb1e4807cb0e867c2487 Mon Sep 17 00:00:00 2001 From: Yorick Barbanneau Date: Wed, 9 Apr 2025 19:40:30 +0200 Subject: [PATCH 16/17] feat(home-manager): configure gpg-agent --- modules/home-manager/application/gnupg/default.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/home-manager/application/gnupg/default.nix b/modules/home-manager/application/gnupg/default.nix index 77f341d..53a24f1 100644 --- a/modules/home-manager/application/gnupg/default.nix +++ b/modules/home-manager/application/gnupg/default.nix @@ -37,8 +37,13 @@ in enable = true; enableScDaemon = true; enableZshIntegration = true; - pinentryPackage = pkgs.pinentry-gnome3; + pinentry.package = pkgs.pinentry-gnome3; enableSshSupport = cfg.enableSshSupport; + maxCacheTtl = 60 * 60 * 2; + maxCacheTtlSsh = 60 * 60 * 2; + defaultCacheTtl = 60 * 60; + defaultCacheTtlSsh = 60 * 60; + noAllowExternalCache = true; }; home.sessionVariablesExtra = lib.mkIf cfg.enableSshSupport '' From 957afa66d05910a038633876244e2773167d13f7 Mon Sep 17 00:00:00 2001 From: Yorick Barbanneau Date: Wed, 9 Apr 2025 19:42:51 +0200 Subject: [PATCH 17/17] chore(home-manager): rework floating windows management --- .../home-manager/desktop/sway/includes/sway.nix | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/modules/home-manager/desktop/sway/includes/sway.nix b/modules/home-manager/desktop/sway/includes/sway.nix index e50acc2..004322b 100644 --- a/modules/home-manager/desktop/sway/includes/sway.nix +++ b/modules/home-manager/desktop/sway/includes/sway.nix @@ -170,18 +170,21 @@ in }; } { - command = "border pixel 1"; - criteria = { - app_id = "gcr-prompter"; - }; - } - { - command = "floating enable, resize set 70ppt 70ppt, border pixel 1"; + command = "resize set 70ppt 70ppt, border pixel 2"; criteria = { title = "^Open .*$"; }; }]; }; + floating = { + border = 2; + titlebar = false; + criteria = [ + { + title = "^Open .*$"; + } + ]; + }; gaps = { smartGaps = true; smartBorders = "on";