diff --git a/hosts/common/configs/system/nix/default.nix b/hosts/common/configs/system/nix/default.nix index 18a3c78..32d1120 100644 --- a/hosts/common/configs/system/nix/default.nix +++ b/hosts/common/configs/system/nix/default.nix @@ -1,11 +1,16 @@ { config, inputs, ... }: { sops = { - secrets."nix/accessTokens/github.com".sopsFile = ../../../../../secrets/personal/secrets.yaml; + secrets = { + "git/credentials/github.com/public/username".sopsFile = + ../../../../../secrets/personal/secrets.yaml; + "git/credentials/github.com/public/password".sopsFile = + ../../../../../secrets/personal/secrets.yaml; + }; templates."nix-access-tokens" = { content = '' - access-tokens = github.com=${config.sops.placeholder."nix/accessTokens/github.com"} + access-tokens = github.com=${config.sops.placeholder."git/credentials/github.com/public/password"} ''; group = "users"; }; diff --git a/hosts/eirene/users/nick/configs/console/git/default.nix b/hosts/eirene/users/nick/configs/console/git/default.nix index 9ba4d3f..814f17c 100644 --- a/hosts/eirene/users/nick/configs/console/git/default.nix +++ b/hosts/eirene/users/nick/configs/console/git/default.nix @@ -17,16 +17,16 @@ in home-manager.users.${user} = { sops = { secrets = { - "git/credentials/git.karaolidis.com/username".sopsFile = + "git/credentials/git.karaolidis.com/admin/username".sopsFile = ../../../../../../../secrets/personal/secrets.yaml; - "git/credentials/git.karaolidis.com/password".sopsFile = + "git/credentials/git.karaolidis.com/admin/password".sopsFile = ../../../../../../../secrets/personal/secrets.yaml; }; templates."git/credentials" = { content = '' - https://${hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/username"}:${ - hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/password" + https://${hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/admin/username"}:${ + hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/admin/password" }@git.karaolidis.com ''; path = "${home}/.config/git/credentials"; diff --git a/hosts/eirene/users/nick/configs/console/gpg/default.nix b/hosts/eirene/users/nick/configs/console/gpg/default.nix new file mode 100644 index 0000000..240ff8c --- /dev/null +++ b/hosts/eirene/users/nick/configs/console/gpg/default.nix @@ -0,0 +1,18 @@ +{ + user ? throw "user argument is required", + home ? throw "home argument is required", +}: +{ config, ... }: +let + hmConfig = config.home-manager.users.${user}; +in +{ + home-manager.users.${user} = { + sops.secrets = { + "gpg/key".sopsFile = ../../../../../../../secrets/personal/secrets.yaml; + "gpg/pass".sopsFile = ../../../../../../../secrets/personal/secrets.yaml; + }; + + programs.clipbook.bookmarks."GPG Passphrase".source = hmConfig.sops.secrets."gpg/pass".path; + }; +} diff --git a/hosts/eirene/users/nick/configs/console/ssh/default.nix b/hosts/eirene/users/nick/configs/console/ssh/default.nix new file mode 100644 index 0000000..0c5000a --- /dev/null +++ b/hosts/eirene/users/nick/configs/console/ssh/default.nix @@ -0,0 +1,22 @@ +{ + user ? throw "user argument is required", + home ? throw "home argument is required", +}: +{ config, ... }: +let + hmConfig = config.home-manager.users.${user}; +in +{ + home-manager.users.${user} = { + sops.secrets = { + "ssh/key" = { + sopsFile = ../../../../../../../secrets/personal/secrets.yaml; + path = "${home}/.ssh/ssh_personal_ed25519_key"; + }; + + "ssh/pass".sopsFile = ../../../../../../../secrets/personal/secrets.yaml; + }; + + programs.clipbook.bookmarks."SSH Key Passphrase".source = hmConfig.sops.secrets."ssh/pass".path; + }; +} diff --git a/hosts/eirene/users/nick/configs/gui/theme/default.nix b/hosts/eirene/users/nick/configs/gui/theme/default.nix new file mode 100644 index 0000000..0107e4b --- /dev/null +++ b/hosts/eirene/users/nick/configs/gui/theme/default.nix @@ -0,0 +1,8 @@ +{ + user ? throw "user argument is required", + home ? throw "home argument is required", +}: +{ ... }: +{ + home-manager.users.${user}.theme.wallpaper = ../../../../../../../static/wallpapers/clouds.png; +} diff --git a/hosts/eirene/users/nick/default.nix b/hosts/eirene/users/nick/default.nix index 806c793..4b440c6 100644 --- a/hosts/eirene/users/nick/default.nix +++ b/hosts/eirene/users/nick/default.nix @@ -4,8 +4,6 @@ let # FIXME: https://github.com/NixOS/nixpkgs/issues/305643 user = "nick"; home = "/home/nick"; - - hmConfig = config.home-manager.users.${user}; in { imports = [ @@ -82,9 +80,12 @@ in (import ../../../common/configs/user/gui/xdg { inherit user home; }) (import ./configs/console/git { inherit user home; }) + (import ./configs/console/gpg { inherit user home; }) + (import ./configs/console/ssh { inherit user home; }) (import ./configs/console/syncthing { inherit user home; }) (import ./configs/gui/obsidian { inherit user home; }) + (import ./configs/gui/theme { inherit user home; }) (import ./configs/gui/vscode { inherit user home; }) ]; @@ -109,30 +110,8 @@ in services.getty.autologinUser = user; - home-manager.users.${user} = { - home = { - username = user; - homeDirectory = home; - }; - - sops.secrets = { - "ssh/key" = { - sopsFile = ../../../../secrets/personal/secrets.yaml; - path = "${home}/.ssh/ssh_personal_ed25519_key"; - }; - - "ssh/pass".sopsFile = ../../../../secrets/personal/secrets.yaml; - - "gpg/key".sopsFile = ../../../../secrets/personal/secrets.yaml; - - "gpg/pass".sopsFile = ../../../../secrets/personal/secrets.yaml; - }; - - programs.clipbook.bookmarks = { - "SSH Key Passphrase".source = hmConfig.sops.secrets."ssh/pass".path; - "GPG Passphrase".source = hmConfig.sops.secrets."gpg/pass".path; - }; - - theme.wallpaper = ../../../../static/wallpapers/clouds.png; + home-manager.users.${user}.home = { + username = user; + homeDirectory = home; }; } diff --git a/hosts/elara/users/nikara/configs/console/git/default.nix b/hosts/elara/users/nikara/configs/console/git/default.nix index 879f5fd..d3163e4 100644 --- a/hosts/elara/users/nikara/configs/console/git/default.nix +++ b/hosts/elara/users/nikara/configs/console/git/default.nix @@ -18,17 +18,35 @@ in home-manager.users.${user} = { sops = { secrets = { - "git/credentials/git.karaolidis.com/username".sopsFile = - ../../../../../../../secrets/personal/secrets.yaml; - "git/credentials/git.karaolidis.com/password".sopsFile = - ../../../../../../../secrets/personal/secrets.yaml; + "git/credentials/personal/git.karaolidis.com/admin/username" = { + sopsFile = ../../../../../../../secrets/personal/secrets.yaml; + key = "git/credentials/git.karaolidis.com/admin/username"; + }; + + "git/credentials/personal/git.karaolidis.com/admin/password" = { + sopsFile = ../../../../../../../secrets/personal/secrets.yaml; + key = "git/credentials/git.karaolidis.com/admin/password"; + }; + + "git/credentials/sas/github.com/admin/username" = { + sopsFile = ../../../../../../../secrets/sas/secrets.yaml; + key = "git/credentials/github.com/admin/username"; + }; + + "git/credentials/sas/github.com/admin/password" = { + sopsFile = ../../../../../../../secrets/sas/secrets.yaml; + key = "git/credentials/github.com/admin/password"; + }; }; templates."git/credentials" = { content = '' - https://${hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/username"}:${ - hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/password" + https://${hmConfig.sops.placeholder."git/credentials/personal/git.karaolidis.com/admin/username"}:${ + hmConfig.sops.placeholder."git/credentials/personal/git.karaolidis.com/admin/password" }@git.karaolidis.com + https://${hmConfig.sops.placeholder."git/credentials/sas/github.com/admin/username"}:${ + hmConfig.sops.placeholder."git/credentials/sas/github.com/admin/password" + }@github.com ''; path = "${home}/.config/git/credentials"; }; diff --git a/hosts/elara/users/nikara/configs/console/gpg/default.nix b/hosts/elara/users/nikara/configs/console/gpg/default.nix new file mode 100644 index 0000000..e0f69ea --- /dev/null +++ b/hosts/elara/users/nikara/configs/console/gpg/default.nix @@ -0,0 +1,38 @@ +{ + user ? throw "user argument is required", + home ? throw "home argument is required", +}: +{ config, ... }: +let + hmConfig = config.home-manager.users.${user}; +in +{ + home-manager.users.${user} = { + sops.secrets = { + "gpg/personal/key" = { + sopsFile = ../../../../../../../secrets/personal/secrets.yaml; + key = "gpg/key"; + }; + + "gpg/personal/pass" = { + sopsFile = ../../../../../../../secrets/personal/secrets.yaml; + key = "gpg/pass"; + }; + + "gpg/sas/key" = { + sopsFile = ../../../../../../../secrets/sas/secrets.yaml; + key = "gpg/key"; + }; + + "gpg/sas/pass" = { + sopsFile = ../../../../../../../secrets/sas/secrets.yaml; + key = "gpg/pass"; + }; + }; + + programs.clipbook.bookmarks = { + "Personal GPG Passphrase".source = hmConfig.sops.secrets."gpg/personal/pass".path; + "SAS GPG Passphrase".source = hmConfig.sops.secrets."gpg/sas/pass".path; + }; + }; +} diff --git a/hosts/elara/users/nikara/configs/console/sas/default.nix b/hosts/elara/users/nikara/configs/console/sas/default.nix new file mode 100644 index 0000000..73f3472 --- /dev/null +++ b/hosts/elara/users/nikara/configs/console/sas/default.nix @@ -0,0 +1,11 @@ +{ + user ? throw "user argument is required", + home ? throw "home argument is required", +}: +{ ... }: +{ + home-manager.users.${user}.sops.secrets = { + "artifactory/cdp/user".sopsFile = ../../../../../../../secrets/sas/secrets.yaml; + "artifactory/cdp/password".sopsFile = ../../../../../../../secrets/sas/secrets.yaml; + }; +} diff --git a/hosts/elara/users/nikara/configs/console/ssh/default.nix b/hosts/elara/users/nikara/configs/console/ssh/default.nix index 32df15f..cc8243f 100644 --- a/hosts/elara/users/nikara/configs/console/ssh/default.nix +++ b/hosts/elara/users/nikara/configs/console/ssh/default.nix @@ -2,20 +2,59 @@ user ? throw "user argument is required", home ? throw "home argument is required", }: -{ inputs, system, ... }: +{ + config, + inputs, + system, + ... +}: let + hmConfig = config.home-manager.users.${user}; selfPkgs = inputs.self.packages.${system}; in { - home-manager.users.${user}.programs.ssh = { - matchBlocks = { - "cldlgn.fyi.sas.com" = { - inherit user; - hostname = "cldlgn.fyi.sas.com"; - identityFile = "${home}/.ssh/ssh_sas_ed25519_key"; + home-manager.users.${user} = { + sops.secrets = { + "ssh/personal/key" = { + sopsFile = ../../../../../../../secrets/personal/secrets.yaml; + key = "ssh/key"; + path = "${home}/.ssh/ssh_personal_ed25519_key"; + }; + + "ssh/personal/pass" = { + sopsFile = ../../../../../../../secrets/personal/secrets.yaml; + key = "ssh/pass"; + }; + + "ssh/sas/key" = { + sopsFile = ../../../../../../../secrets/sas/secrets.yaml; + key = "ssh/key"; + path = "${home}/.ssh/ssh_sas_ed25519_key"; + }; + + "ssh/sas/pass" = { + sopsFile = ../../../../../../../secrets/sas/secrets.yaml; + key = "ssh/pass"; }; }; - userKnownHostsFiles = with selfPkgs; [ ssh-known-hosts-sas-cldlgn ]; + programs = { + ssh = { + matchBlocks = { + "cldlgn.fyi.sas.com" = { + inherit user; + hostname = "cldlgn.fyi.sas.com"; + identityFile = "${home}/.ssh/ssh_sas_ed25519_key"; + }; + }; + + userKnownHostsFiles = with selfPkgs; [ ssh-known-hosts-sas-cldlgn ]; + }; + + clipbook.bookmarks = { + "Personal SSH Key Passphrase".source = hmConfig.sops.secrets."ssh/personal/pass".path; + "SAS SSH Key Passphrase".source = hmConfig.sops.secrets."ssh/sas/pass".path; + }; + }; }; } diff --git a/hosts/elara/users/nikara/configs/gui/theme/default.nix b/hosts/elara/users/nikara/configs/gui/theme/default.nix new file mode 100644 index 0000000..c912b77 --- /dev/null +++ b/hosts/elara/users/nikara/configs/gui/theme/default.nix @@ -0,0 +1,8 @@ +{ + user ? throw "user argument is required", + home ? throw "home argument is required", +}: +{ ... }: +{ + home-manager.users.${user}.theme.wallpaper = ../../../../../../../static/wallpapers/snow.jpg; +} diff --git a/hosts/elara/users/nikara/default.nix b/hosts/elara/users/nikara/default.nix index ea35319..825d481 100644 --- a/hosts/elara/users/nikara/default.nix +++ b/hosts/elara/users/nikara/default.nix @@ -4,8 +4,6 @@ let # FIXME: https://github.com/NixOS/nixpkgs/issues/305643 user = "nikara"; home = "/home/nikara"; - - hmConfig = config.home-manager.users.${user}; in { imports = [ @@ -77,14 +75,17 @@ in (import ./configs/console/c { inherit user home; }) (import ./configs/console/git { inherit user home; }) (import ./configs/console/go { inherit user home; }) + (import ./configs/console/gpg { inherit user home; }) (import ./configs/console/gradle { inherit user home; }) (import ./configs/console/java { inherit user home; }) (import ./configs/console/kubernetes { inherit user home; }) (import ./configs/console/podman { inherit user home; }) + (import ./configs/console/sas { inherit user home; }) (import ./configs/console/ssh { inherit user home; }) (import ./configs/console/viya4-orders-cli { inherit user home; }) (import ./configs/gui/obsidian { inherit user home; }) + (import ./configs/gui/theme { inherit user home; }) (import ./configs/gui/vscode { inherit user home; }) ]; @@ -109,68 +110,8 @@ in services.getty.autologinUser = user; - home-manager.users.${user} = { - home = { - username = user; - homeDirectory = home; - }; - - sops.secrets = { - # Personal - "ssh/personal/key" = { - sopsFile = ../../../../secrets/personal/secrets.yaml; - key = "ssh/key"; - path = "${home}/.ssh/ssh_personal_ed25519_key"; - }; - - "ssh/personal/pass" = { - sopsFile = ../../../../secrets/personal/secrets.yaml; - key = "ssh/pass"; - }; - - "gpg/personal/key" = { - sopsFile = ../../../../secrets/personal/secrets.yaml; - key = "gpg/key"; - }; - - "gpg/personal/pass" = { - sopsFile = ../../../../secrets/personal/secrets.yaml; - key = "gpg/pass"; - }; - - # SAS - "ssh/sas/key" = { - sopsFile = ../../../../secrets/sas/secrets.yaml; - key = "ssh/key"; - path = "${home}/.ssh/ssh_sas_ed25519_key"; - }; - - "ssh/sas/pass" = { - sopsFile = ../../../../secrets/sas/secrets.yaml; - key = "ssh/pass"; - }; - - "gpg/sas/key" = { - sopsFile = ../../../../secrets/sas/secrets.yaml; - key = "gpg/key"; - }; - - "gpg/sas/pass" = { - sopsFile = ../../../../secrets/sas/secrets.yaml; - key = "gpg/pass"; - }; - - "artifactory/cdp/user".sopsFile = ../../../../secrets/sas/secrets.yaml; - "artifactory/cdp/password".sopsFile = ../../../../secrets/sas/secrets.yaml; - }; - - programs.clipbook.bookmarks = { - "Personal SSH Key Passphrase".source = hmConfig.sops.secrets."ssh/personal/pass".path; - "Personal GPG Passphrase".source = hmConfig.sops.secrets."gpg/personal/pass".path; - "SAS SSH Key Passphrase".source = hmConfig.sops.secrets."ssh/sas/pass".path; - "SAS GPG Passphrase".source = hmConfig.sops.secrets."gpg/sas/pass".path; - }; - - theme.wallpaper = ../../../../static/wallpapers/snow.jpg; + home-manager.users.${user}.home = { + username = user; + homeDirectory = home; }; } diff --git a/hosts/installer/users/nick/configs/console/git/default.nix b/hosts/installer/users/nick/configs/console/git/default.nix index 9ba4d3f..814f17c 100644 --- a/hosts/installer/users/nick/configs/console/git/default.nix +++ b/hosts/installer/users/nick/configs/console/git/default.nix @@ -17,16 +17,16 @@ in home-manager.users.${user} = { sops = { secrets = { - "git/credentials/git.karaolidis.com/username".sopsFile = + "git/credentials/git.karaolidis.com/admin/username".sopsFile = ../../../../../../../secrets/personal/secrets.yaml; - "git/credentials/git.karaolidis.com/password".sopsFile = + "git/credentials/git.karaolidis.com/admin/password".sopsFile = ../../../../../../../secrets/personal/secrets.yaml; }; templates."git/credentials" = { content = '' - https://${hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/username"}:${ - hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/password" + https://${hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/admin/username"}:${ + hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/admin/password" }@git.karaolidis.com ''; path = "${home}/.config/git/credentials"; diff --git a/hosts/installer/users/nick/configs/console/gpg/default.nix b/hosts/installer/users/nick/configs/console/gpg/default.nix new file mode 100644 index 0000000..abea0f3 --- /dev/null +++ b/hosts/installer/users/nick/configs/console/gpg/default.nix @@ -0,0 +1,11 @@ +{ + user ? throw "user argument is required", + home ? throw "home argument is required", +}: +{ ... }: +{ + home-manager.users.${user}.sops.secrets = { + "gpg/key".sopsFile = ../../../../../../../secrets/personal/secrets.yaml; + "gpg/pass".sopsFile = ../../../../../../../secrets/personal/secrets.yaml; + }; +} diff --git a/hosts/installer/users/nick/configs/console/ssh/default.nix b/hosts/installer/users/nick/configs/console/ssh/default.nix new file mode 100644 index 0000000..a609011 --- /dev/null +++ b/hosts/installer/users/nick/configs/console/ssh/default.nix @@ -0,0 +1,16 @@ +{ + user ? throw "user argument is required", + home ? throw "home argument is required", +}: +{ ... }: +{ + home-manager.users.${user}.sops.secrets = { + "ssh/key" = { + sopsFile = ../../../../../../../secrets/personal/secrets.yaml; + path = "${home}/.ssh/ssh_personal_ed25519_key"; + }; + + "ssh/pass".sopsFile = ../../../../../../../secrets/personal/secrets.yaml; + + }; +} diff --git a/hosts/installer/users/nick/default.nix b/hosts/installer/users/nick/default.nix index cec159e..19ecfd1 100644 --- a/hosts/installer/users/nick/default.nix +++ b/hosts/installer/users/nick/default.nix @@ -33,6 +33,8 @@ in (import ../../../common/configs/user/console/zsh { inherit user home; }) (import ./configs/console/git { inherit user home; }) + (import ./configs/console/gpg { inherit user home; }) + (import ./configs/console/ssh { inherit user home; }) ]; # echo "password" | mkpasswd -s @@ -56,23 +58,8 @@ in services.getty.autologinUser = user; - home-manager.users.${user} = { - home = { - username = user; - homeDirectory = home; - }; - - sops.secrets = { - "ssh/key" = { - sopsFile = ../../../../secrets/personal/secrets.yaml; - path = "${home}/.ssh/ssh_personal_ed25519_key"; - }; - - "ssh/pass".sopsFile = ../../../../secrets/personal/secrets.yaml; - - "gpg/key".sopsFile = ../../../../secrets/personal/secrets.yaml; - - "gpg/pass".sopsFile = ../../../../secrets/personal/secrets.yaml; - }; + home-manager.users.${user}.home = { + username = user; + homeDirectory = home; }; }