diff --git a/flake.lock b/flake.lock index bfb495a..32ff42a 100644 --- a/flake.lock +++ b/flake.lock @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1740348184, - "narHash": "sha256-NnMzG2GYQJRrFTjvZBkaIE41EBekaMfIWiiEvxhvUTU=", + "lastModified": 1740485474, + "narHash": "sha256-g3f5UTD/VEZoSrvwXy1aW/3470Gz/M6vkucM+5f0ZkU=", "owner": "karaolidis", "repo": "home-manager", - "rev": "6db31ab82b2b0d6bad4691a238073401120f673c", + "rev": "c4ace2196b7df8f582e624b2b54ec5a7ab353549", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 5bef032..1d02054 100644 --- a/flake.nix +++ b/flake.nix @@ -168,7 +168,9 @@ in { devShells = import ./hosts/common/shells { inherit pkgs; }; - packages = import ./packages { inherit pkgs; }; + lib = import ./lib { inherit pkgs; }; + packages = import ./packages { inherit pkgs inputs system; }; + formatter = treefmt.config.build.wrapper; checks.formatting = treefmt.config.build.check self; } diff --git a/hosts/common/configs/user/console/ssh/default.nix b/hosts/common/configs/user/console/ssh/default.nix index d40ead2..c9ca991 100644 --- a/hosts/common/configs/user/console/ssh/default.nix +++ b/hosts/common/configs/user/console/ssh/default.nix @@ -4,14 +4,5 @@ }: { ... }: { - environment.persistence."/persist"."${home}/.ssh/known_hosts" = { }; - - home-manager.users.${user} = { - programs.ssh = { - enable = true; - userKnownHostsFile = "${home}/.ssh/known_hosts/default"; - }; - - systemd.user.tmpfiles.rules = [ "d ${home}/.ssh/known_hosts 0755 ${user} users" ]; - }; + home-manager.users.${user}.programs.ssh.enable = true; } diff --git a/hosts/common/configs/user/gui/spicetify/default.nix b/hosts/common/configs/user/gui/spicetify/default.nix index 8d6bbb9..2f4a53c 100644 --- a/hosts/common/configs/user/gui/spicetify/default.nix +++ b/hosts/common/configs/user/gui/spicetify/default.nix @@ -10,6 +10,7 @@ ... }: let + selfLib = inputs.self.lib.${system}; hmConfig = config.home-manager.users.${user}; in { @@ -64,7 +65,7 @@ in "spotify/prefs.init" = { source = ./config/prefs; onChange = '' - ${config.lib.runtime.merge.keyValue} "${home}/.config/spotify/prefs.init" "${home}/.config/spotify/prefs" + ${selfLib.runtime.merge.keyValue} "${home}/.config/spotify/prefs.init" "${home}/.config/spotify/prefs" ''; }; @@ -72,7 +73,7 @@ in source = ./config/prefs-user; onChange = '' user = $(cat "${hmConfig.sops.secrets."spotify/username".path}") - ${config.lib.runtime.merge.keyValue} "${home}/.config/spotify/prefs-user.init" "${home}/.config/spotify/Users/''${user}-user/prefs" + ${selfLib.runtime.merge.keyValue} "${home}/.config/spotify/prefs-user.init" "${home}/.config/spotify/Users/''${user}-user/prefs" ''; }; }; diff --git a/hosts/eirene/default.nix b/hosts/eirene/default.nix index b3c91ca..a479728 100644 --- a/hosts/eirene/default.nix +++ b/hosts/eirene/default.nix @@ -1,8 +1,6 @@ { inputs, ... }: { imports = [ - ../../lib - inputs.disko.nixosModules.disko ./format.nix diff --git a/hosts/eirene/users/nick/configs/console/git/default.nix b/hosts/eirene/users/nick/configs/console/git/default.nix index 052a8b0..7633348 100644 --- a/hosts/eirene/users/nick/configs/console/git/default.nix +++ b/hosts/eirene/users/nick/configs/console/git/default.nix @@ -2,7 +2,15 @@ user ? throw "user argument is required", home ? throw "home argument is required", }: -{ ... }: +{ + inputs, + lib, + system, + ... +}: +let + selfPkgs = inputs.self.packages.${system}; +in { home-manager.users.${user} = { sops.secrets = { @@ -17,12 +25,16 @@ }; }; - programs.ssh.matchBlocks = { - "github.com" = { - hostname = "github.com"; - user = "git"; - identityFile = "${home}/.ssh/ssh_personal_ed25519_key"; + programs.ssh = { + matchBlocks = { + "github.com" = { + hostname = "github.com"; + user = "git"; + identityFile = "${home}/.ssh/ssh_personal_ed25519_key"; + }; }; + + userKnownHostsFiles = with selfPkgs; [ ssh-known-hosts-github ]; }; }; } diff --git a/hosts/elara/configs/git/default.nix b/hosts/elara/configs/git/default.nix index a7a2013..894ee2a 100644 --- a/hosts/elara/configs/git/default.nix +++ b/hosts/elara/configs/git/default.nix @@ -1,4 +1,7 @@ -{ ... }: +{ inputs, system, ... }: +let + selfPkgs = inputs.self.packages.${system}; +in { sops.secrets."ssh/sas/key" = { sopsFile = ../../../../secrets/sas/secrets.yaml; @@ -6,15 +9,22 @@ path = "/root/.ssh/ssh_sas_ed25519_key"; }; - programs.ssh.extraConfig = '' - Host github.com - User git - HostName github.com - IdentityFile /root/.ssh/ssh_sas_ed25519_key + programs.ssh = { + extraConfig = '' + Host github.com + User git + HostName github.com + IdentityFile /root/.ssh/ssh_sas_ed25519_key - Host gitlab.sas.com - User git - HostName gitlab.sas.com - IdentityFile /root/.ssh/ssh_sas_ed25519_key - ''; + Host gitlab.sas.com + User git + HostName gitlab.sas.com + IdentityFile /root/.ssh/ssh_sas_ed25519_key + ''; + + knownHostsFiles = with selfPkgs; [ + ssh-known-hosts-github + ssh-known-hosts-sas-gitlab + ]; + }; } diff --git a/hosts/elara/default.nix b/hosts/elara/default.nix index 4295e2c..4ccb030 100644 --- a/hosts/elara/default.nix +++ b/hosts/elara/default.nix @@ -1,8 +1,6 @@ { config, inputs, ... }: { imports = [ - ../../lib - inputs.disko.nixosModules.disko ./format.nix diff --git a/hosts/elara/users/nikara/configs/console/git/default.nix b/hosts/elara/users/nikara/configs/console/git/default.nix index 157d65f..00c368c 100644 --- a/hosts/elara/users/nikara/configs/console/git/default.nix +++ b/hosts/elara/users/nikara/configs/console/git/default.nix @@ -2,7 +2,16 @@ user ? throw "user argument is required", home ? throw "home argument is required", }: -{ lib, pkgs, ... }: +{ + inputs, + lib, + system, + pkgs, + ... +}: +let + selfPkgs = inputs.self.packages.${system}; +in { home-manager.users.${user} = { sops.secrets = { @@ -26,28 +35,36 @@ } ); - ssh.matchBlocks = { - "github.com" = { - hostname = "github.com"; - user = "git"; - identityFile = [ - "${home}/.ssh/ssh_sas_ed25519_key" - "${home}/.ssh/ssh_personal_ed25519_key" - ]; + ssh = { + matchBlocks = { + "github.com" = { + hostname = "github.com"; + user = "git"; + identityFile = [ + "${home}/.ssh/ssh_sas_ed25519_key" + "${home}/.ssh/ssh_personal_ed25519_key" + ]; + }; + + "gitlab.sas.com" = { + hostname = "gitlab.sas.com"; + user = "git"; + identityFile = "${home}/.ssh/ssh_sas_ed25519_key"; + }; + + "gerrit-svi.unx.sas.com" = { + hostname = "gerrit-svi.unx.sas.com"; + user = "nikara"; + port = 29418; + identityFile = "${home}/.ssh/ssh_sas_ed25519_key"; + }; }; - "gitlab.sas.com" = { - hostname = "gitlab.sas.com"; - user = "git"; - identityFile = "${home}/.ssh/ssh_sas_ed25519_key"; - }; - - "gerrit-svi.unx.sas.com" = { - hostname = "gerrit-svi.unx.sas.com"; - user = "nikara"; - port = 29418; - identityFile = "${home}/.ssh/ssh_sas_ed25519_key"; - }; + userKnownHostsFiles = with selfPkgs; [ + ssh-known-hosts-github + ssh-known-hosts-sas-gitlab + ssh-known-hosts-sas-gerrit + ]; }; }; }; diff --git a/hosts/elara/users/nikara/configs/console/ssh/default.nix b/hosts/elara/users/nikara/configs/console/ssh/default.nix index 08cf691..32df15f 100644 --- a/hosts/elara/users/nikara/configs/console/ssh/default.nix +++ b/hosts/elara/users/nikara/configs/console/ssh/default.nix @@ -2,13 +2,20 @@ user ? throw "user argument is required", home ? throw "home argument is required", }: -{ ... }: +{ inputs, system, ... }: +let + selfPkgs = inputs.self.packages.${system}; +in { - home-manager.users.${user}.programs.ssh.matchBlocks = { - "cldlgn.fyi.sas.com" = { - inherit user; - hostname = "cldlgn.fyi.sas.com"; - identityFile = "${home}/.ssh/ssh_sas_ed25519_key"; + home-manager.users.${user}.programs.ssh = { + matchBlocks = { + "cldlgn.fyi.sas.com" = { + inherit user; + hostname = "cldlgn.fyi.sas.com"; + identityFile = "${home}/.ssh/ssh_sas_ed25519_key"; + }; }; + + userKnownHostsFiles = with selfPkgs; [ ssh-known-hosts-sas-cldlgn ]; }; } diff --git a/hosts/installer/default.nix b/hosts/installer/default.nix index 0e4be27..c4dbd8f 100644 --- a/hosts/installer/default.nix +++ b/hosts/installer/default.nix @@ -1,8 +1,6 @@ { config, inputs, ... }: { imports = [ - ../../lib - inputs.disko.nixosModules.disko ./format.nix diff --git a/hosts/installer/users/nick/configs/console/git/default.nix b/hosts/installer/users/nick/configs/console/git/default.nix index 052a8b0..7633348 100644 --- a/hosts/installer/users/nick/configs/console/git/default.nix +++ b/hosts/installer/users/nick/configs/console/git/default.nix @@ -2,7 +2,15 @@ user ? throw "user argument is required", home ? throw "home argument is required", }: -{ ... }: +{ + inputs, + lib, + system, + ... +}: +let + selfPkgs = inputs.self.packages.${system}; +in { home-manager.users.${user} = { sops.secrets = { @@ -17,12 +25,16 @@ }; }; - programs.ssh.matchBlocks = { - "github.com" = { - hostname = "github.com"; - user = "git"; - identityFile = "${home}/.ssh/ssh_personal_ed25519_key"; + programs.ssh = { + matchBlocks = { + "github.com" = { + hostname = "github.com"; + user = "git"; + identityFile = "${home}/.ssh/ssh_personal_ed25519_key"; + }; }; + + userKnownHostsFiles = with selfPkgs; [ ssh-known-hosts-github ]; }; }; } diff --git a/lib/default.nix b/lib/default.nix index 5162a4c..8f17b57 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,6 +1,5 @@ { pkgs, ... }: { - lib = { - runtime = import ./runtime { inherit pkgs; }; - }; + fetchers = import ./fetchers { inherit pkgs; }; + runtime = import ./runtime { inherit pkgs; }; } diff --git a/lib/fetchers/default.nix b/lib/fetchers/default.nix new file mode 100644 index 0000000..2b9448f --- /dev/null +++ b/lib/fetchers/default.nix @@ -0,0 +1,4 @@ +{ pkgs, ... }: +{ + sshKnownHosts = import ./sshKnownHosts { inherit pkgs; }; +} diff --git a/lib/fetchers/sshKnownHosts/default.nix b/lib/fetchers/sshKnownHosts/default.nix new file mode 100644 index 0000000..d111d4d --- /dev/null +++ b/lib/fetchers/sshKnownHosts/default.nix @@ -0,0 +1,33 @@ +{ pkgs, ... }: +pkgs.lib.fetchers.withNormalizedHash { } ( + { + host, + name ? "ssh-known-hosts-${host}", + outputHash, + outputHashAlgo, + port ? 22, + keyTypes ? [ + "rsa" + "ecdsa" + "ed25519" + ], + }: + let + keyTypeArgs = pkgs.lib.concatStringsSep "," keyTypes; + in + pkgs.runCommand name + { + inherit outputHash outputHashAlgo; + outputHashMode = "flat"; + preferLocalBuild = true; + + nativeBuildInputs = with pkgs; [ + openssh + gnugrep + coreutils + ]; + } + '' + ssh-keyscan -p ${toString port} -t ${keyTypeArgs} ${host} | grep -v '^#' | sort > $out + '' +) diff --git a/lib/scripts/add-host.sh b/lib/scripts/add-host.sh index d4758c0..1cfdf3b 100755 --- a/lib/scripts/add-host.sh +++ b/lib/scripts/add-host.sh @@ -148,8 +148,6 @@ cat < "./hosts/$host/default.nix" { inputs, ... }: { imports = [ - ../../lib - inputs.disko.nixosModules.disko ./format.nix diff --git a/packages/default.nix b/packages/default.nix index f696691..57a0cbc 100644 --- a/packages/default.nix +++ b/packages/default.nix @@ -1,4 +1,9 @@ -{ pkgs, ... }: +{ + pkgs, + inputs, + system, + ... +}: { darktable-ghost-cms-publish = import ./darktable/ghost-cms-publish { inherit pkgs; }; darktable-hald-clut = import ./darktable/hald-clut { inherit pkgs; }; @@ -22,7 +27,13 @@ obsidian-theme-minimal = import ./obsidian/themes/minimal { inherit pkgs; }; + ssh-known-hosts-github = import ./ssh/known-hosts/github { inherit pkgs inputs system; }; + # SAS + ssh-known-hosts-sas-cldlgn = import ./ssh/known-hosts/sas/cldlgn { inherit pkgs inputs system; }; + ssh-known-hosts-sas-gerrit = import ./ssh/known-hosts/sas/gerrit { inherit pkgs inputs system; }; + ssh-known-hosts-sas-gitlab = import ./ssh/known-hosts/sas/gitlab { inherit pkgs inputs system; }; + viya4-ark = import ./sas/viya4-ark { inherit pkgs; }; viya4-orders-cli = import ./sas/viya4-orders-cli { inherit pkgs; }; diff --git a/packages/ssh/known-hosts/github/default.nix b/packages/ssh/known-hosts/github/default.nix new file mode 100644 index 0000000..bd82c29 --- /dev/null +++ b/packages/ssh/known-hosts/github/default.nix @@ -0,0 +1,22 @@ +{ + pkgs, + inputs, + system, + ... +}: +# AUTO-UPDATE: echo "Warning: Package using custom fetcher cannot be automatically updated." >&2 +pkgs.stdenv.mkDerivation rec { + pname = "ssh-known-hosts-github"; + version = "0-unstable-2025-02-25"; + + src = inputs.self.lib.${system}.fetchers.sshKnownHosts { + host = "github.com"; + hash = "sha256-wkNdynz7rhZvfXSAXDpQ2sk40afKAPeYHQ8Ei44CICI="; + }; + + phases = [ "installPhase" ]; + + installPhase = '' + cp $src $out + ''; +} diff --git a/packages/ssh/known-hosts/sas/cldlgn/default.nix b/packages/ssh/known-hosts/sas/cldlgn/default.nix new file mode 100644 index 0000000..2bff325 --- /dev/null +++ b/packages/ssh/known-hosts/sas/cldlgn/default.nix @@ -0,0 +1,22 @@ +{ + pkgs, + inputs, + system, + ... +}: +# AUTO-UPDATE: echo "Warning: Package using custom fetcher cannot be automatically updated." >&2 +pkgs.stdenv.mkDerivation rec { + pname = "ssh-known-hosts-sas-cldlgn"; + version = "0-unstable-2025-02-25"; + + src = inputs.self.lib.${system}.fetchers.sshKnownHosts { + host = "cldlgn.fyi.sas.com"; + hash = "sha256-HymFic00RROW1tC4sQe5QdDM7D8IDeTdKe8rWU6xhZM="; + }; + + phases = [ "installPhase" ]; + + installPhase = '' + cp $src $out + ''; +} diff --git a/packages/ssh/known-hosts/sas/gerrit/default.nix b/packages/ssh/known-hosts/sas/gerrit/default.nix new file mode 100644 index 0000000..ca4eab5 --- /dev/null +++ b/packages/ssh/known-hosts/sas/gerrit/default.nix @@ -0,0 +1,22 @@ +{ + pkgs, + inputs, + system, + ... +}: +# AUTO-UPDATE: echo "Warning: Package using custom fetcher cannot be automatically updated." >&2 +pkgs.stdenv.mkDerivation rec { + pname = "ssh-known-hosts-sas-gerrit"; + version = "0-unstable-2025-02-25"; + + src = inputs.self.lib.${system}.fetchers.sshKnownHosts { + host = "gerrit-svi.unx.sas.com"; + hash = "sha256-+lvC19RyBWFhEwEdXIb/xwEyGuKnatkgOsmhAc583kA="; + }; + + phases = [ "installPhase" ]; + + installPhase = '' + cp $src $out + ''; +} diff --git a/packages/ssh/known-hosts/sas/gitlab/default.nix b/packages/ssh/known-hosts/sas/gitlab/default.nix new file mode 100644 index 0000000..9af67e0 --- /dev/null +++ b/packages/ssh/known-hosts/sas/gitlab/default.nix @@ -0,0 +1,22 @@ +{ + pkgs, + inputs, + system, + ... +}: +# AUTO-UPDATE: echo "Warning: Package using custom fetcher cannot be automatically updated." >&2 +pkgs.stdenv.mkDerivation rec { + pname = "ssh-known-hosts-sas-gitlab"; + version = "0-unstable-2025-02-25"; + + src = inputs.self.lib.${system}.fetchers.sshKnownHosts { + host = "gitlab.sas.com"; + hash = "sha256-gJGM6bG+u+XS2UdyYtK7MXP2r8w3tX/1kJmsDpyFKWI="; + }; + + phases = [ "installPhase" ]; + + installPhase = '' + cp $src $out + ''; +} diff --git a/submodules/home-manager b/submodules/home-manager index 6db31ab..c4ace21 160000 --- a/submodules/home-manager +++ b/submodules/home-manager @@ -1 +1 @@ -Subproject commit 6db31ab82b2b0d6bad4691a238073401120f673c +Subproject commit c4ace2196b7df8f582e624b2b54ec5a7ab353549