karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add git and gpg configs

Browse Source 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
Nick Karaolidis
2024-06-19 17:49:37 +03:00
parent e8cbbe07b2
commit 8a6045d6ce
4 changed files with 76 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
users/common/configs/git/default.nix
View File

@@ -1,6 +1,23 @@
{ pkgs, ... }:
{ {
programs.git = { programs.git = {
enable = true; enable = true;
lfs.enable = true; lfs.enable = true;
signing = {
signByDefault = true;
key = null;
};
extraConfig.credential.helper = "store";
hooks = {
commit-msg = pkgs.writeScript "git-commit-msg" ''
#!${pkgs.runtimeShell}
git interpret-trailers --if-exists doNothing --trailer \
"Signed-off-by: $(git config user.name) <$(git config user.email)>" \
--in-place "$1"
'';
};
}; };
} }

45
users/common/configs/gpg-agent/default.nix Normal file
View File

@@ -0,0 +1,45 @@
{ pkgs, ... }:
{
services.gpg-agent = {
enable = true;
defaultCacheTtl = 31536000;
maxCacheTtl = 31536000;
};
systemd.user.services.gpg-agent-import = {
Unit = {
Description = "Auto-import GPG keys";
After = [ "gpg-agent.socket" "sops-nix.service" ];
};
Service = {
Type = "oneshot";
ExecStart = pkgs.writeScript "import-gpg-keys" ''
#!${pkgs.runtimeShell}
find "$HOME"/.gnupg -type f -exec chmod 600 {} \;
find "$HOME"/.gnupg -type d -exec chmod 700 {} \;
for keyfile in "$HOME"/.config/sops-nix/secrets/gpg-agent/*.key; do
passfile="''${keyfile%.key}.pass"
if [ -f "$passfile" ]; then
gpg --batch --yes --pinentry-mode loopback --passphrase-file "$passfile" --import "$keyfile"
else
gpg --batch --yes --import "$keyfile"
fi
gpg --with-colons --import-options show-only --import "$keyfile" | grep '^fpr' | cut -d: -f10 | while read -r KEY_ID; do
echo "$KEY_ID:6:" >> "$HOME"/.gnupg/otrust.txt
done
done
gpg --import-ownertrust "$HOME"/.gnupg/otrust.txt
rm "$HOME"/.gnupg/otrust.txt
'';
};
Install = { WantedBy = [ "default.target" ]; };
};
}

6
users/common/default.nix
View File

@@ -15,7 +15,10 @@ in
dconf.enable = true; dconf.enable = true;
}; };
environment.sessionVariables.NIXOS_OZONE_WL = "1"; environment.sessionVariables = {
NIXOS_OZONE_WL = "1";
SOPS_AGE_KEY_FILE = "$HOME/.config/sops-nix/key.txt";
};
home-manager = { home-manager = {
extraSpecialArgs = { inherit inputs; }; extraSpecialArgs = { inherit inputs; };
@@ -33,6 +36,7 @@ in
./configs/neovim ./configs/neovim
./configs/kitty ./configs/kitty
./configs/firefox ./configs/firefox
./configs/gpg-agent
]; ];
home = { home = {

9
users/nick/default.nix
View File

@@ -9,6 +9,15 @@
neededForUsers = true; neededForUsers = true;
}; };
home-manager.users.nick.sops = {
defaultSopsFile = ./secrets/secrets.yaml;
secrets = {
"git" = { path = "/home/nick/.git-credentials"; };
"gpg-agent/pgp.key" = { };
"gpg-agent/pgp.pass" = { };
};
};
users.users.nick = { users.users.nick = {
isNormalUser = true; isNormalUser = true;
home = "/home/nick"; home = "/home/nick";