ephase/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: ephase:e2bddcf32cde61b143a07cad3ad81e2dd3484318
Branches Tags
ephase:main
ephase:chore/upgrade
..
compare: ephase:957afa66d05910a038633876244e2773167d13f7
Branches Tags
ephase:main
ephase:chore/upgrade

11 commits
e2bddcf32c ... 957afa66d0

Author SHA1 Message Date
Yorick Barbanneau
957afa66d0 chore(home-manager): rework floating windows management 2025-06-18 23:32:31 +02:00
Yorick Barbanneau
85dbefc18e feat(home-manager): configure gpg-agent 2025-06-18 23:32:31 +02:00
Yorick Barbanneau
031be01d70 chore(gnupg): add script to manage GPG master key from USB drive 2025-06-18 23:32:30 +02:00
Yorick Barbanneau
e376634d06 chore(gnupg): change gnupg home directory 2025-06-18 23:32:30 +02:00
Yorick Barbanneau
3328f4a4f5 fix(sway): rework theme for gpg pinentry 2025-06-18 23:32:30 +02:00
Yorick Barbanneau
1dd60c2291 feat(morty): activate gpg ssh-agent 2025-06-18 23:32:30 +02:00
Yorick Barbanneau
141df5608d feat(gnupg): allow gpg as ssh-agent 
Deactivate regular ssh-agent in NixOS confifurations
 2025-06-18 23:32:30 +02:00
Yorick Barbanneau
b4c25d7497 chore(gpg): fix upstream changes in configuration 2025-06-18 23:32:30 +02:00
Yorick Barbanneau
9154cf5b43 chore(zsh): implement upstreamn changes in configuration 2025-06-18 23:32:30 +02:00
Yorick Barbanneau
4728addcb0 chore(mako): adapt configugation to upstream changes 2025-06-18 23:32:30 +02:00
Yorick Barbanneau
651f00c45d chore: upgrade packages repositories 2025-06-18 23:32:30 +02:00
10 changed files with 236 additions and 72 deletions
Download patch file Download diff file Expand all files Collapse all files

30
flake.lock generated
View file

@ -43,11 +43,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1744902080, "lastModified": 1748955489,
"narHash": "sha256-px7OEMQYhS9StY3sTYYeM/jJspk6SXgoPU7OmOSx+1c=", "narHash": "sha256-OmZXyW2g5qIuo5Te74McwR0TwauCO2sF3/SjGDVuxyg=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "2c71aae678c03a39c2542e136b87bd040ae1b3cb", "rev": "bb846c031be68a96466b683be32704ef6e07b159",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -79,11 +79,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1744463964, "lastModified": 1748693115,
"narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=", "narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650", "rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -94,11 +94,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1744463964, "lastModified": 1748693115,
"narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=", "narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650", "rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -115,11 +115,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1744904898, "lastModified": 1748973087,
"narHash": "sha256-wLepe0sdFFgXUOLY2t+GrfjBquiGFgNydQkQYGh6UwQ=", "narHash": "sha256-ZN0XKKdCBC9eLeog7qYhfGPbajkPtQPdlxp/dhwONw4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "9ea0c40c52673079dfe50e82ddbb78679723be05", "rev": "90add46380908ba4395f5f1dfec84224a3b0d4b9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -144,11 +144,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1744669848, "lastModified": 1747603214,
"narHash": "sha256-pXyanHLUzLNd3MX9vsWG+6Z2hTU8niyphWstYEP3/GU=", "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "61154300d945f0b147b30d24ddcafa159148026a", "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd",
"type": "github" "type": "github"
}, },
"original": { "original": {

5
hosts/morty/home-config.nix
View file

@ -1,7 +1,10 @@
{ ... }: { { ... }: {
config.modules = { config.modules = {
application = { application = {
gnupg.enable = true; gnupg = {
enable = true;
enableSshSupport = true;
};
zathura.enable = true; zathura.enable = true;
foot.enable = true; foot.enable = true;
imv.enable = true; imv.enable = true;

27
modules/home-manager/application/gnupg/default.nix
View file

@ -12,30 +12,51 @@ in
default = true; default = true;
description = "install password-store"; description = "install password-store";
}; };
enableSshSupport = mkOption {
type = types.bool;
default = false;
description = "enable GnuPG agent SSH support";
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.packages = with pkgs; [ home.packages = with pkgs; [
# pinentry-gnome # pinentry-gnome
pkgs.gcr gcr
]; ];
programs.gpg = { programs.gpg = {
enable = true; enable = true;
scdaemonSettings = { scdaemonSettings = {
disable-ccid = true; disable-ccid = true;
}; };
homedir = "${config.xdg.configHome}/gnupg";
}; };
services.gpg-agent = { services.gpg-agent = {
enable = true; enable = true;
enableScDaemon = true; enableScDaemon = true;
enableZshIntegration = true; enableZshIntegration = true;
pinentryPackage = pkgs.pinentry-gnome3; pinentry.package = pkgs.pinentry-gnome3;
enableSshSupport = cfg.enableSshSupport;
maxCacheTtl = 60 * 60 * 2;
maxCacheTtlSsh = 60 * 60 * 2;
defaultCacheTtl = 60 * 60;
defaultCacheTtlSsh = 60 * 60;
noAllowExternalCache = true;
}; };
home.sessionVariablesExtra = lib.mkIf cfg.enableSshSupport ''
if [[ -z "''${SSH_AUTH_SOCK}" ]]; then
export SSH_AUTH_SOCK="$(${config.programs.gpg.package}/bin/gpgconf --list-dirs agent-ssh-socket)"
fi
'';
services.ssh-agent.enable = if cfg.enableSshSupport then false else true;
programs.password-store = { programs.password-store = {
enable = cfg.pass; enable = cfg.pass;
}; };
home.file.".local/bin/gpg-attach-key".source = ./files/gpg-attach-key.sh;
}; };
} }

137
modules/home-manager/application/gnupg/files/gpg-attach-key.sh Executable file
View file

@ -0,0 +1,137 @@
#!/usr/bin/env bash
UUID="1429a4c6-78f5-4f46-98bc-894106b52399"
mountpoint=""
usage() {
cat <<EOF >&2
Attach GPG master key
---
$0 [action] [--debug] [--help]
mount or unmount encrypted device based on UUID and attach GnuPG private keys
to private key directory. Actions can be
- 'mount' to mount USB device and attach keys
- 'unmount' to remove private keys attached and unmount USB device
EOF
}
error() {
local message
printf -v message "\e[31mERROR:\e[0m %s\n" "$1"
>&2 printf "%b" "${message}"
show_stack_trace
}
show_stack_trace() {
if [[ $DEBUG -eq 1 ]]; then
local message
message="└─ \e[1mStack trace\e[0m:\n"
for ((i = 2; i < ${#FUNCNAME[@]} - 1; i++)); do
if [[ $i = $((${#FUNCNAME[@]} - 2)) ]]; then
message="${message}"
else
message="${message}"
fi
message="${message}─ source:\e[3;34m${BASH_SOURCE[$i]}\e[0m"
message="${message} function:\e[3;34m${FUNCNAME[$i]}\e[0m"
message="${message} line:\e[3;34m${BASH_LINENO[$i - 1]}\e[0m\n"
done
>&2 printf "%b" "${message}"
fi
}
debug() {
local message
if [[ $DEBUG -eq 1 ]]; then
printf -v message "\e[3;34mDEBUG:\e[0m %s\n" "$*"
>&2 printf "%b" "$message"
show_stack_trace
fi
}
# shellcheck disable=SC2317
process_args() {
while :; do
case $1 in
-h | --help)
usage
exit 0
;;
m | mount)
action="mount"
;;
u | umount | unmount)
action="unmount"
;;
-d | --debug)
DEBUG=1
;;
*)
break
;;
esac
shift
done
}
main() {
if [ ! -L "/dev/disk/by-uuid/${UUID}" ]; then
error "disk with UUID ${UUID} not found"
exit 10
fi
if [ -z "${GNUPGHOME}" ]; then
error "GNUPGHOME env variable not set, can't determine gnuph home directory"
exit 11
fi
key_destination="${GNUPGHOME}/private-keys-v1.d"
case "$action" in
"mount")
debug "Mount encryted key"
if ! udisksctl unlock -b /dev/disk/by-uuid/${UUID}; then
error "Unlock disk ${UUID} failed"
exit 10
fi
mountpoint=$(udisksctl mount -b /dev/mapper/luks-${UUID} | awk '{print $4}')
while read -r key_file; do
debug "Create symlink for ${key_file}"
base=$(basename "$key_file")
#create symlink to key file if not exist
if [ ! -e "${key_destination}/${base}" ]; then
ln -s "$key_file" "${key_destination}/${base}"
fi
done < <(find "${mountpoint%.}/.gpg_master/" -type f -name "*.key")
;;
"unmount")
debug "unmount encrypted key"
while read -r key_file; do
debug "Remove key \`${key_file}\`"
rm "$key_file"
done < <(find "${key_destination}" -type l -name "*.key")
if ! udisksctl unmount -b /dev/mapper/luks-${UUID} 2 &>/dev/null; then
error "Can't unmount volume \`luks-${UUID}\`"
fi
if ! udisksctl lock -b /dev/disk/by-uuid/${UUID} 2 &>/dev/null; then
error "Can't lock device \`${UUID}\`"
fi
;;
*)
error "What do you want, mount or unmount:"
usage
exit 1
;;
esac
}
process_args "$@"
main
exit 0

2
modules/home-manager/cli/vifm/default.nix
View file

@ -14,7 +14,7 @@ in
poppler_utils # Preview PDF file poppler_utils # Preview PDF file
]; ];
programs.zsh = { programs.zsh = {
initExtra = '' initContent = ''
cdv() { cdv() {
cd "$(vifm --choose-dir - "$@")" cd "$(vifm --choose-dir - "$@")"
} }

2
modules/home-manager/cli/zsh/default.nix
View file

@ -60,7 +60,7 @@ in
"\\n" = "fg=#7cafc2"; "\\n" = "fg=#7cafc2";
}; };
}; };
initExtra = '' initContent = ''
# Ctrl + backspace: delete word # Ctrl + backspace: delete word
bindkey -v "^H" backward-kill-word bindkey -v "^H" backward-kill-word

27
modules/home-manager/desktop/sway/includes/mako.nix
View file

@ -13,6 +13,7 @@ with lib;
}; };
services.mako = { services.mako = {
enable = true; enable = true;
settings = {
font = "Fira Code Nerd Font 10"; font = "Fira Code Nerd Font 10";
backgroundColor = "#353535FF"; backgroundColor = "#353535FF";
borderColor = "#1CD180"; borderColor = "#1CD180";
@ -29,19 +30,19 @@ with lib;
format = '' format = ''
<span font_scale='small-caps'>%a</span>\n<b>%s</b>\n%b <span font_scale='small-caps'>%a</span>\n<b>%s</b>\n%b
''; '';
extraConfig = '' "urgency=high" = {
[urgency="high"] border-color = "#F268b3";
border-color=#F268b3 };
"app-name=cmus" = {
[app-name="cmus"] border-size = 1;
border-size=1 default-timeout = 7000;
default-timeout=7000 group-by = "app-name";
group-by=app-name format= "%b";
format=%b };
"app-name=cmus grouped" = {
[app-name="cmus" grouped] format = "%b";
format=%b };
''; };
}; };
}; };
} }

15
modules/home-manager/desktop/sway/includes/sway.nix
View file

@ -169,6 +169,20 @@ in
app_id = "^.*"; app_id = "^.*";
}; };
} }
{
command = "resize set 70ppt 70ppt, border pixel 2";
criteria = {
title = "^Open .*$";
};
}];
};
floating = {
border = 2;
titlebar = false;
criteria = [
{
title = "^Open .*$";
}
]; ];
}; };
gaps = { gaps = {
@ -196,7 +210,6 @@ in
default_orientation auto default_orientation auto
workspace_layout default workspace_layout default
font pango:Fira Code Nerd Font Mono 10 font pango:Fira Code Nerd Font Mono 10
default_border pixel 1
title_align right title_align right
''; '';
}; };

11
nixos/includes/system/sshclient.nix
View file

@ -1,11 +0,0 @@
{pkgs, ...}:
{
environment.systemPackages = with pkgs; [
lxqt.lxqt-openssh-askpass
];
programs.ssh = {
startAgent = false;
enableAskPassword = true;
askPassword = "${pkgs.lxqt.lxqt-openssh-askpass}/bin/lxqt-openssh-askpass";
};
}

4
nixos/includes/system/user.nix
View file

@ -1,10 +1,10 @@
{ config, pkgs, username, ... }: { pkgs, username, ... }:
{ {
# Services # Services
services.pcscd.enable = true; services.pcscd.enable = true;
# Programs # Programs
programs.ssh.startAgent = true; programs.ssh.startAgent = false;
programs.zsh.enable = true; programs.zsh.enable = true;
# Needed for home-manager systemd service # Needed for home-manager systemd service
programs.dconf.enable = true; programs.dconf.enable = true;