diff --git a/flake.lock b/flake.lock index 8f7367e..c51e8e4 100644 --- a/flake.lock +++ b/flake.lock @@ -511,11 +511,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1755532677, - "narHash": "sha256-kufX5RjMXg+Vu++JKCuMGsO2xTx9gN9YGCnRNcmthCM=", + "lastModified": 1756726520, + "narHash": "sha256-3HYpc5YQTrshyksigLMCsyZhvu7ghy38etfCUUtE4Hw=", "ref": "refs/heads/main", - "rev": "646c6d87251e4562aa7b416c438225718746bb8e", - "revCount": 34, + "rev": "52906e7d78b7b4b74e8c1898924d7dc7fa3b4ab7", + "revCount": 36, "type": "git", "url": "ssh://git@karaolidis.com/karaolidis/nix-secrets.git" }, diff --git a/hosts/common/configs/system/nix/default.nix b/hosts/common/configs/system/nix/default.nix index d132b12..eaab480 100644 --- a/hosts/common/configs/system/nix/default.nix +++ b/hosts/common/configs/system/nix/default.nix @@ -1,16 +1,12 @@ { config, inputs, ... }: { sops = { - secrets = { - "git/credentials/github.com/public/username".sopsFile = - "${inputs.secrets}/domains/personal/secrets.yaml"; - "git/credentials/github.com/public/password".sopsFile = - "${inputs.secrets}/domains/personal/secrets.yaml"; - }; + secrets."git/credentials/github.com/tokens/public".sopsFile = + "${inputs.secrets}/domains/personal/secrets.yaml"; templates.nix-access-tokens = { content = '' - access-tokens = github.com=${config.sops.placeholder."git/credentials/github.com/public/password"} + access-tokens = github.com=${config.sops.placeholder."git/credentials/github.com/tokens/public"} ''; group = "users"; }; diff --git a/hosts/common/configs/user/console/git/default.nix b/hosts/common/configs/user/console/git/default.nix index 40fce21..54aafee 100644 --- a/hosts/common/configs/user/console/git/default.nix +++ b/hosts/common/configs/user/console/git/default.nix @@ -41,5 +41,41 @@ in ); }; }; + + home = { + packages = with pkgs; [ + (pkgs.writeShellApplication { + name = "gh"; + runtimeInputs = with pkgs; [ gh ]; + text = builtins.readFile ./gh.sh; + }) + (pkgs.writeShellApplication { + name = "glab"; + runtimeInputs = with pkgs; [ glab ]; + text = builtins.readFile ./glab.sh; + }) + (pkgs.writeShellApplication { + name = "tea"; + runtimeInputs = with pkgs; [ tea ]; + text = builtins.readFile ./tea.sh; + }) + ]; + + sessionVariables = { + GITEA_HOST = "git.karaolidis.com"; + GITEA_SSH_HOST = "karaolidis.com"; + }; + }; + + xdg.configFile = { + "gh/config.yml".source = (pkgs.formats.yaml { }).generate "config.yml" { + version = 1; + git_protocol = "ssh"; + }; + + "glab-cli/config.yml".source = (pkgs.formats.yaml { }).generate "config.yml" { + git_protocol = "ssh"; + }; + }; }; } diff --git a/hosts/common/configs/user/console/git/gh.sh b/hosts/common/configs/user/console/git/gh.sh new file mode 100644 index 0000000..7399515 --- /dev/null +++ b/hosts/common/configs/user/console/git/gh.sh @@ -0,0 +1,8 @@ +# shellcheck shell=bash + +GH_HOST="${GH_HOST:-github.com}" + +GH_TOKEN=$(sed -n "s#https://[^:]*:\([^@]*\)@${GH_HOST}#\1#p" "$HOME/.config/git/credentials") +export GH_TOKEN + +exec gh "$@" diff --git a/hosts/common/configs/user/console/git/glab.sh b/hosts/common/configs/user/console/git/glab.sh new file mode 100644 index 0000000..0b9819c --- /dev/null +++ b/hosts/common/configs/user/console/git/glab.sh @@ -0,0 +1,8 @@ +# shellcheck shell=bash + +GITLAB_HOST="${GITLAB_HOST:-gitlab.com}" + +GITLAB_TOKEN=$(sed -n "s#https://[^:]*:\([^@]*\)@${GITLAB_HOST}#\1#p" "$HOME/.config/git/credentials") +export GITLAB_TOKEN + +exec glab "$@" diff --git a/hosts/common/configs/user/console/git/tea.sh b/hosts/common/configs/user/console/git/tea.sh new file mode 100644 index 0000000..128367d --- /dev/null +++ b/hosts/common/configs/user/console/git/tea.sh @@ -0,0 +1,13 @@ +# shellcheck shell=bash + +GITEA_HOST="${GITEA_HOST:-gitea.com}" +GITEA_SSH_HOST="${GITEA_SSH_HOST:-gitea.com}" + +GITEA_TOKEN=$(sed -n "s#https://[^:]*:\([^@]*\)@${GITEA_HOST}#\1#p" "$HOME/.config/git/credentials") +GITEA_INSTANCE_URL="https://${GITEA_HOST}" +GITEA_INSTANCE_SSH_HOST="$GITEA_SSH_HOST" +export GITEA_TOKEN +export GITEA_INSTANCE_URL +export GITEA_INSTANCE_SSH_HOST + +exec tea "$@" diff --git a/hosts/common/configs/user/console/gpg-agent/default.nix b/hosts/common/configs/user/console/gpg-agent/default.nix index 00c7497..a279842 100644 --- a/hosts/common/configs/user/console/gpg-agent/default.nix +++ b/hosts/common/configs/user/console/gpg-agent/default.nix @@ -20,6 +20,10 @@ enable = true; defaultCacheTtl = 31536000; maxCacheTtl = 31536000; + pinentry = { + package = pkgs.pinentry-all; + program = "pinentry-tty"; + }; }; systemd.user = { diff --git a/hosts/elara/users/nikara/configs/console/ssh/default.nix b/hosts/elara/users/nikara/configs/console/ssh/default.nix index 371da28..b6d758e 100644 --- a/hosts/elara/users/nikara/configs/console/ssh/default.nix +++ b/hosts/elara/users/nikara/configs/console/ssh/default.nix @@ -46,35 +46,71 @@ in key = "ssh/rsa/pass"; }; - "git/credentials/personal/git.karaolidis.com/admin/username" = { + "git/credentials/personal/git.karaolidis.com/username" = { sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; - key = "git/credentials/git.karaolidis.com/admin/username"; + key = "git/credentials/git.karaolidis.com/username"; }; - "git/credentials/personal/git.karaolidis.com/admin/password" = { + "git/credentials/personal/git.karaolidis.com/tokens/admin" = { sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; - key = "git/credentials/git.karaolidis.com/admin/password"; + key = "git/credentials/git.karaolidis.com/tokens/admin"; }; - "git/credentials/sas/github.com/admin/username" = { + "git/credentials/sas/github.com/username" = { sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml"; - key = "git/credentials/github.com/admin/username"; + key = "git/credentials/github.com/username"; }; - "git/credentials/sas/github.com/admin/password" = { + "git/credentials/sas/github.com/tokens/admin" = { sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml"; - key = "git/credentials/github.com/admin/password"; + key = "git/credentials/github.com/tokens/admin"; + }; + + "git/credentials/personal/github.com/username" = { + sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; + key = "git/credentials/github.com/username"; + }; + + "git/credentials/personal/github.com/tokens/admin" = { + sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; + key = "git/credentials/github.com/tokens/admin"; + }; + + "git/credentials/personal/gitlab.com/username" = { + sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; + key = "git/credentials/gitlab.com/username"; + }; + + "git/credentials/personal/gitlab.com/tokens/admin" = { + sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; + key = "git/credentials/gitlab.com/tokens/admin"; + }; + + "git/credentials/personal/gitea.com/username" = { + sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; + key = "git/credentials/gitea.com/username"; + }; + + "git/credentials/personal/gitea.com/tokens/admin" = { + sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; + key = "git/credentials/gitea.com/tokens/admin"; }; }; templates."git/credentials" = { content = '' - https://${hmConfig.sops.placeholder."git/credentials/personal/git.karaolidis.com/admin/username"}:${ - hmConfig.sops.placeholder."git/credentials/personal/git.karaolidis.com/admin/password" + https://${hmConfig.sops.placeholder."git/credentials/personal/git.karaolidis.com/username"}:${ + hmConfig.sops.placeholder."git/credentials/personal/git.karaolidis.com/tokens/admin" }@git.karaolidis.com - https://${hmConfig.sops.placeholder."git/credentials/sas/github.com/admin/username"}:${ - hmConfig.sops.placeholder."git/credentials/sas/github.com/admin/password" + https://${hmConfig.sops.placeholder."git/credentials/sas/github.com/username"}:${ + hmConfig.sops.placeholder."git/credentials/sas/github.com/tokens/admin" }@github.com + https://${hmConfig.sops.placeholder."git/credentials/personal/gitlab.com/username"}:${ + hmConfig.sops.placeholder."git/credentials/personal/gitlab.com/tokens/admin" + }@gitlab.com + https://${hmConfig.sops.placeholder."git/credentials/personal/gitea.com/username"}:${ + hmConfig.sops.placeholder."git/credentials/personal/gitea.com/tokens/admin" + }@gitea.com ''; path = "${home}/.config/git/credentials"; }; @@ -109,6 +145,13 @@ in userKnownHostsFile = builtins.toString pkgs.sshKnownHosts.gitlab; }; + "gitea.com" = { + hostname = "gitea.com"; + user = "git"; + identityFile = "${home}/.ssh/ssh_personal_ed25519_key"; + userKnownHostsFile = builtins.toString pkgs.sshKnownHosts.gitea; + }; + "github.sas.com" = { hostname = "github.com"; user = "git"; diff --git a/hosts/himalia/users/nick/configs/console/ssh/default.nix b/hosts/himalia/users/nick/configs/console/ssh/default.nix index 838bc58..6605b75 100644 --- a/hosts/himalia/users/nick/configs/console/ssh/default.nix +++ b/hosts/himalia/users/nick/configs/console/ssh/default.nix @@ -19,18 +19,42 @@ in "ssh/pass".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; - "git/credentials/git.karaolidis.com/admin/username".sopsFile = + "git/credentials/git.karaolidis.com/username".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; - "git/credentials/git.karaolidis.com/admin/password".sopsFile = + "git/credentials/git.karaolidis.com/tokens/admin".sopsFile = + "${inputs.secrets}/domains/personal/secrets.yaml"; + + "git/credentials/github.com/username".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; + + "git/credentials/github.com/tokens/admin".sopsFile = + "${inputs.secrets}/domains/personal/secrets.yaml"; + + "git/credentials/gitlab.com/username".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; + + "git/credentials/gitlab.com/tokens/admin".sopsFile = + "${inputs.secrets}/domains/personal/secrets.yaml"; + + "git/credentials/gitea.com/username".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; + + "git/credentials/gitea.com/tokens/admin".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; }; templates."git/credentials" = { content = '' - https://${hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/admin/username"}:${ - hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/admin/password" + https://${hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/username"}:${ + hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/tokens/admin" }@git.karaolidis.com + https://${hmConfig.sops.placeholder."git/credentials/github.com/username"}:${ + hmConfig.sops.placeholder."git/credentials/github.com/tokens/admin" + }@github.com + https://${hmConfig.sops.placeholder."git/credentials/gitlab.com/username"}:${ + hmConfig.sops.placeholder."git/credentials/gitlab.com/tokens/admin" + }@gitlab.com + https://${hmConfig.sops.placeholder."git/credentials/gitea.com/username"}:${ + hmConfig.sops.placeholder."git/credentials/gitea.com/tokens/admin" + }@gitea.com ''; path = "${home}/.config/git/credentials"; }; @@ -64,6 +88,13 @@ in identityFile = "${home}/.ssh/ssh_personal_ed25519_key"; userKnownHostsFile = builtins.toString pkgs.sshKnownHosts.gitlab; }; + + "gitea.com" = { + hostname = "gitea.com"; + user = "git"; + identityFile = "${home}/.ssh/ssh_personal_ed25519_key"; + userKnownHostsFile = builtins.toString pkgs.sshKnownHosts.gitea; + }; }; clipbook.bookmarks."SSH Key Passphrase".source = hmConfig.sops.secrets."ssh/pass".path; diff --git a/hosts/installer/users/nick/configs/console/ssh/default.nix b/hosts/installer/users/nick/configs/console/ssh/default.nix index 6f2a0b3..4bdc287 100644 --- a/hosts/installer/users/nick/configs/console/ssh/default.nix +++ b/hosts/installer/users/nick/configs/console/ssh/default.nix @@ -19,18 +19,42 @@ in "ssh/pass".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; - "git/credentials/git.karaolidis.com/admin/username".sopsFile = + "git/credentials/git.karaolidis.com/username".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; - "git/credentials/git.karaolidis.com/admin/password".sopsFile = + "git/credentials/git.karaolidis.com/tokens/admin".sopsFile = + "${inputs.secrets}/domains/personal/secrets.yaml"; + + "git/credentials/github.com/username".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; + + "git/credentials/github.com/tokens/admin".sopsFile = + "${inputs.secrets}/domains/personal/secrets.yaml"; + + "git/credentials/gitlab.com/username".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; + + "git/credentials/gitlab.com/tokens/admin".sopsFile = + "${inputs.secrets}/domains/personal/secrets.yaml"; + + "git/credentials/gitea.com/username".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; + + "git/credentials/gitea.com/tokens/admin".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; }; templates."git/credentials" = { content = '' - https://${hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/admin/username"}:${ - hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/admin/password" + https://${hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/username"}:${ + hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/tokens/admin" }@git.karaolidis.com + https://${hmConfig.sops.placeholder."git/credentials/github.com/username"}:${ + hmConfig.sops.placeholder."git/credentials/github.com/tokens/admin" + }@github.com + https://${hmConfig.sops.placeholder."git/credentials/gitlab.com/username"}:${ + hmConfig.sops.placeholder."git/credentials/gitlab.com/tokens/admin" + }@gitlab.com + https://${hmConfig.sops.placeholder."git/credentials/gitea.com/username"}:${ + hmConfig.sops.placeholder."git/credentials/gitea.com/tokens/admin" + }@gitea.com ''; path = "${home}/.config/git/credentials"; }; @@ -63,6 +87,13 @@ in identityFile = "${home}/.ssh/ssh_personal_ed25519_key"; userKnownHostsFile = builtins.toString pkgs.sshKnownHosts.gitlab; }; + + "gitea.com" = { + hostname = "gitea.com"; + user = "git"; + identityFile = "${home}/.ssh/ssh_personal_ed25519_key"; + userKnownHostsFile = builtins.toString pkgs.sshKnownHosts.gitea; + }; }; }; } diff --git a/overlays/default.nix b/overlays/default.nix index 2d15c8a..c70e9d5 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -5,6 +5,7 @@ final: prev: hyprland = import ./hyprland final prev; mpv = import ./mpv final prev; spicetify-cli = import ./spicetify-cli final prev; + tea = import ./tea final prev; telepresence = import ./telepresence final prev; } // (import ../packages { pkgs = final; }) @@ -81,6 +82,7 @@ final: prev: }; sshKnownHosts = prev.sshKnownHosts or { } // { + gitea = final.ssh-known-hosts-gitea; github = final.ssh-known-hosts-github; gitlab = final.ssh-known-hosts-gitlab; }; diff --git a/overlays/tea/default.nix b/overlays/tea/default.nix new file mode 100644 index 0000000..5dabc75 --- /dev/null +++ b/overlays/tea/default.nix @@ -0,0 +1,10 @@ +final: prev: +prev.tea.overrideAttrs (oldAttrs: { + patches = oldAttrs.patches or [ ] ++ [ + (builtins.fetchurl { + url = "https://gitea.com/gitea/tea/pulls/639.patch"; + sha256 = "sha256:0c5gpi6aajd3h0wp7lrvj5qk9wsqhgbap7ijvl0x117v0g8mgzvs"; + }) + ./instance-ssh-host-env.patch + ]; +}) diff --git a/overlays/tea/instance-ssh-host-env.patch b/overlays/tea/instance-ssh-host-env.patch new file mode 100644 index 0000000..91629df --- /dev/null +++ b/overlays/tea/instance-ssh-host-env.patch @@ -0,0 +1,174 @@ +diff --git a/modules/config/login.go b/modules/config/login.go +index 3b77fb9..94de9cd 100644 +--- a/modules/config/login.go ++++ b/modules/config/login.go +@@ -13,6 +13,7 @@ import ( + "net/http/cookiejar" + "net/url" + "os" ++ "strconv" + "strings" + "time" + +@@ -200,6 +201,63 @@ func UpdateLogin(login *Login) error { + return saveConfig() + } + ++// CreateLoginFromEnvVars returns a login based on environment variables, or nil if no login can be created ++func CreateLoginFromEnvVars() (*Login, error) { ++ var token string ++ ++ giteaToken := os.Getenv("GITEA_TOKEN") ++ githubToken := os.Getenv("GH_TOKEN") ++ giteaInstanceURL := os.Getenv("GITEA_INSTANCE_URL") ++ instanceInsecure := os.Getenv("GITEA_INSTANCE_INSECURE") ++ giteaInstanceSSHHost := os.Getenv("GITEA_INSTANCE_SSH_HOST") ++ insecure := false ++ if len(instanceInsecure) > 0 { ++ insecure, _ = strconv.ParseBool(instanceInsecure) ++ } ++ ++ // if no tokens are set, or no instance url for gitea fail fast ++ if len(giteaInstanceURL) == 0 || (len(giteaToken) == 0 && len(githubToken) == 0) { ++ return nil, nil ++ } ++ ++ token = giteaToken ++ if len(giteaToken) == 0 { ++ token = githubToken ++ } ++ ++ login := &Login{ ++ Name: "GITEA_LOGIN_VIA_ENV", ++ URL: giteaInstanceURL, ++ Token: token, ++ SSHHost: giteaInstanceSSHHost, ++ Insecure: insecure, ++ SSHKey: "", ++ SSHCertPrincipal: "", ++ SSHKeyFingerprint: "", ++ SSHAgent: false, ++ VersionCheck: true, ++ Created: time.Now().Unix(), ++ } ++ ++ client := login.Client() ++ u, _, err := client.GetMyUserInfo() ++ if err != nil { ++ return nil, fmt.Errorf("failed to validate token: %s", err) ++ } ++ ++ login.User = u.UserName ++ ++ if login.SSHHost == "" { ++ parsedURL, err := url.Parse(giteaInstanceURL) ++ if err != nil { ++ return nil, err ++ } ++ login.SSHHost = parsedURL.Host ++ } ++ ++ return login, nil ++} ++ + // Client returns a client to operate Gitea API. You may provide additional modifiers + // for the client like gitea.SetBasicAuth() for customization + func (l *Login) Client(options ...gitea.ClientOption) *gitea.Client { +diff --git a/modules/context/context.go b/modules/context/context.go +index aec5592..636eeec 100644 +--- a/modules/context/context.go ++++ b/modules/context/context.go +@@ -9,9 +9,7 @@ import ( + "log" + "os" + "path" +- "strconv" + "strings" +- "time" + + "code.gitea.io/tea/modules/config" + "code.gitea.io/tea/modules/git" +@@ -108,16 +106,6 @@ func InitCommand(cmd *cli.Command) *TeaContext { + c.RepoSlug = repoFlag + } + +- // override config user with env variable +- envLogin := GetLoginByEnvVar() +- if envLogin != nil { +- _, err := utils.ValidateAuthenticationMethod(envLogin.URL, envLogin.Token, "", "", false, "", "") +- if err != nil { +- log.Fatal(err.Error()) +- } +- c.Login = envLogin +- } +- + // override login from flag, or use default login if repo based detection failed + if len(loginFlag) != 0 { + c.Login = config.GetLoginByName(loginFlag) +@@ -196,10 +184,25 @@ func contextFromLocalRepo(repoPath, remoteValue string) (*git.TeaRepo, *config.L + return repo, nil, "", fmt.Errorf("Remote '%s' not found in this Git repository", remoteValue) + } + ++ envLogin, err := config.CreateLoginFromEnvVars() ++ if err != nil { ++ log.Fatal(err.Error()) ++ } ++ + logins, err := config.GetLogins() + if err != nil { + return repo, nil, "", err + } ++ ++ if envLogin != nil { ++ _, err := utils.ValidateAuthenticationMethod(envLogin.URL, envLogin.Token, "", "", false, "", "") ++ if err != nil { ++ log.Fatal(err.Error()) ++ } ++ ++ logins = append([]config.Login{*envLogin}, logins...) ++ } ++ + for _, l := range logins { + sshHost := l.GetSSHHost() + for _, u := range remoteConfig.URLs { +@@ -223,40 +226,3 @@ func contextFromLocalRepo(repoPath, remoteValue string) (*git.TeaRepo, *config.L + + return repo, nil, "", errNotAGiteaRepo + } +- +-// GetLoginByEnvVar returns a login based on environment variables, or nil if no login can be created +-func GetLoginByEnvVar() *config.Login { +- var token string +- +- giteaToken := os.Getenv("GITEA_TOKEN") +- githubToken := os.Getenv("GH_TOKEN") +- giteaInstanceURL := os.Getenv("GITEA_INSTANCE_URL") +- instanceInsecure := os.Getenv("GITEA_INSTANCE_INSECURE") +- insecure := false +- if len(instanceInsecure) > 0 { +- insecure, _ = strconv.ParseBool(instanceInsecure) +- } +- +- // if no tokens are set, or no instance url for gitea fail fast +- if len(giteaInstanceURL) == 0 || (len(giteaToken) == 0 && len(githubToken) == 0) { +- return nil +- } +- +- token = giteaToken +- if len(giteaToken) == 0 { +- token = githubToken +- } +- +- return &config.Login{ +- Name: "GITEA_LOGIN_VIA_ENV", +- URL: giteaInstanceURL, +- Token: token, +- Insecure: insecure, +- SSHKey: "", +- SSHCertPrincipal: "", +- SSHKeyFingerprint: "", +- SSHAgent: false, +- Created: time.Now().Unix(), +- VersionCheck: false, +- } +-} diff --git a/packages/default.nix b/packages/default.nix index 03343a9..846cfaf 100644 --- a/packages/default.nix +++ b/packages/default.nix @@ -86,6 +86,7 @@ shlink = import ./shlink { inherit pkgs; }; shlink-web-client = import ./shlink-web-client { inherit pkgs; }; + ssh-known-hosts-gitea = import ./ssh/known-hosts/gitea { inherit pkgs; }; ssh-known-hosts-github = import ./ssh/known-hosts/github { inherit pkgs; }; ssh-known-hosts-gitlab = import ./ssh/known-hosts/gitlab { inherit pkgs; }; diff --git a/packages/ssh/known-hosts/gitea/default.nix b/packages/ssh/known-hosts/gitea/default.nix new file mode 100644 index 0000000..34f9011 --- /dev/null +++ b/packages/ssh/known-hosts/gitea/default.nix @@ -0,0 +1,16 @@ +{ pkgs, ... }: +pkgs.stdenv.mkDerivation { + pname = "ssh-known-hosts-gitea"; + version = "0-unstable-2025-09-01"; + + src = pkgs.lib.fetchers.sshKnownHosts { + host = "gitea.com"; + hash = "sha256-xibPjdZdkUSQS+YLfVsanFfAEnKfAPxgRAz138sNJ6c="; + }; + + phases = [ "installPhase" ]; + + installPhase = '' + cp $src $out + ''; +} diff --git a/submodules/secrets b/submodules/secrets index 646c6d8..52906e7 160000 --- a/submodules/secrets +++ b/submodules/secrets @@ -1 +1 @@ -Subproject commit 646c6d87251e4562aa7b416c438225718746bb8e +Subproject commit 52906e7d78b7b4b74e8c1898924d7dc7fa3b4ab7