diff --git a/flake.lock b/flake.lock index ed90e4a..f474e42 100644 --- a/flake.lock +++ b/flake.lock @@ -23,11 +23,11 @@ "arkenfox-userjs": { "flake": false, "locked": { - "lastModified": 1665257885, - "narHash": "sha256-4PNnCRLomAd5OdN4UEbsVSm8eNuteZHKaUqRVvIBvN8=", + "lastModified": 1668350246, + "narHash": "sha256-yBHOofhwXRDzuv/PeZ4J7LME42wt5Hb2+5LDd0aliYE=", "owner": "arkenfox", "repo": "user.js", - "rev": "f4187632faef76df4de0cbb0cdc7199f22fadd76", + "rev": "365e76bc9f2c9bf30509ce5f1aec6627ad84c84b", "type": "github" }, "original": { @@ -83,11 +83,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1663284638, - "narHash": "sha256-rXAX14yB8v9BOG4ZsdGEedpZAnNqhQ4DtjQwzFX/TLY=", + "lastModified": 1666010793, + "narHash": "sha256-6zhTpR0cfaHrupOXRZAdCzLAGINgsB6h3HQnj7+qHWs=", "owner": "nix-community", "repo": "comma", - "rev": "c83ff3839983b3cb8deb407ff618ca12179de588", + "rev": "691120d169189f3a9cb29b1c72bcd521ac372b2b", "type": "github" }, "original": { @@ -120,11 +120,11 @@ ] }, "locked": { - "lastModified": 1665920565, - "narHash": "sha256-0z3Ibp4aJdwU3t0KjECJUjQoReqoZj3MILmcyN4lZu0=", + "lastModified": 1668392064, + "narHash": "sha256-9uK2WsZNBJgEEY3xkRPYUrVaQf5izYDd742pAT/LuFc=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "33ce8dabfd3dc4968bae24126766e60d67b39dbb", + "rev": "6cee62d984b76a01998ec7961277f650574aef61", "type": "github" }, "original": { @@ -151,11 +151,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1659877975, - "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "owner": "numtide", "repo": "flake-utils", - "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", "type": "github" }, "original": { @@ -181,11 +181,11 @@ }, "flake-utils_3": { "locked": { - "lastModified": 1644229661, - "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=", + "lastModified": 1667077288, + "narHash": "sha256-bdC8sFNDpT0HK74u9fUkpbf1MEzVYJ+ka7NXCdgBoaA=", "owner": "numtide", "repo": "flake-utils", - "rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797", + "rev": "6ee9ebb6b1ee695d2cacc4faa053a7b9baa76817", "type": "github" }, "original": { @@ -233,11 +233,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1665863351, - "narHash": "sha256-u8YWmHBTXWvQPBfKOrPWFVjvqhJ+5hUk3/29eR7APko=", + "lastModified": 1668332334, + "narHash": "sha256-YT1qcE/MCqBO1Bi/Yr6GcFpNKsvmzrBKh8juyXDbxQc=", "owner": "nix-community", "repo": "home-manager", - "rev": "2ecb3ea990cf737cfb42d8cd805fa86347c1afaf", + "rev": "bc90de24d898655542589237cc0a6ada7564cb6c", "type": "github" }, "original": { @@ -268,11 +268,11 @@ }, "master": { "locked": { - "lastModified": 1665915750, - "narHash": "sha256-KfuxHgwccTW/BmPbZFzC5KjrqWTjPj5Ev6Yscm0FP1w=", + "lastModified": 1668405764, + "narHash": "sha256-EjVfda5aRl5Co9ugTfOP/FAH+QmZBkt8SN0uOposzTg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e569855125fa58194f26577b4e3761e88216eab3", + "rev": "4f34f4a8633e1f63c1c18c370d63589527f4afd5", "type": "github" }, "original": { @@ -321,11 +321,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1665830552, - "narHash": "sha256-qel2bZ9TqfW8WzWCWdjuCy4bVFhhGsEeqFv/bj1ka2s=", + "lastModified": 1668266328, + "narHash": "sha256-+nAW+XR8nswyEnt5IkQlkrz9erTcQWBVLkhtNHxckFw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "26b7e6ab6a864c3e7e077bcb27a49f0480b9894a", + "rev": "5ca8e2e9e1fa5e66a749b39261ad6bd0e07bc87f", "type": "github" }, "original": { @@ -337,11 +337,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1645655918, - "narHash": "sha256-ZfbEFRW7o237+A1P7eTKhXje435FCAoe0blj2n20Was=", - "owner": "nixos", + "lastModified": 1667292599, + "narHash": "sha256-7ISOUI1aj6UKMPIL+wwthENL22L3+A9V+jS8Is3QsRo=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "77a7a4197740213879b9a1d2e1788c6c8ade4274", + "rev": "ef2f213d9659a274985778bff4ca322f3ef3ac68", "type": "github" }, "original": { @@ -380,11 +380,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1665584211, - "narHash": "sha256-Qc9zn43UjLpP823BP416hAsoaXugwWw+nKPVqsNhqdY=", + "lastModified": 1667992213, + "narHash": "sha256-8Ens8ozllvlaFMCZBxg6S7oUyynYx2v7yleC5M0jJsE=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "94b0f300dd9a23d4e851aa2a947a1511d3410e2d", + "rev": "ebcbfe09d2bd6d15f68de3a0ebb1e4dcb5cd324b", "type": "github" }, "original": { @@ -414,11 +414,11 @@ }, "stable": { "locked": { - "lastModified": 1665763903, - "narHash": "sha256-znGWY4x688cZ3Ii01qLnhl+mSKpQ9iCufGxfdV6oBOc=", + "lastModified": 1668281765, + "narHash": "sha256-6Tuj9CZ9HacMk7FJ8sF9XSVTBnUhVzlSY40Jo1krIaQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "78a37aa630faa41944060a966607d4f1128ea94b", + "rev": "c5091eec689acc45d4d818109236da31d3685ca2", "type": "github" }, "original": { @@ -445,11 +445,11 @@ }, "utils_2": { "locked": { - "lastModified": 1659877975, - "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "owner": "numtide", "repo": "flake-utils", - "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", "type": "github" }, "original": { diff --git a/modules/profiles/desktop.nix b/modules/profiles/desktop.nix index d8b8e12..7e08788 100644 --- a/modules/profiles/desktop.nix +++ b/modules/profiles/desktop.nix @@ -81,6 +81,10 @@ with lib; { logseq.enable = true; python.enable = true; rofi.enable = true; + ssh = { + enable = true; + includeSecrets = [ ../../secrets/ssh-home.age ]; + }; spotify.enable = true; thunar.enable = true; zathura.enable = true; @@ -106,7 +110,7 @@ with lib; { # ripping abcde handbrake - picard + stable.picard # HACK to fix broken picard 2.8.3 # other anki diff --git a/modules/programs/bspwm/sxhkdrc b/modules/programs/bspwm/sxhkdrc index 52f51f3..1f25526 100755 --- a/modules/programs/bspwm/sxhkdrc +++ b/modules/programs/bspwm/sxhkdrc @@ -30,7 +30,7 @@ alt + shift + c alt + {t,shift + t,s,f} bspc node -t {tiled,pseudo_tiled,floating,fullscreen} -# switch layout +# switch window layout alt + space bsp-layout next --layouts wide,tall,tiled @@ -107,6 +107,10 @@ super + h super + s share +# switch keyboard layout +super + l + setxkbmap -query | grep -Eq "layout:\s+de" && setxkbmap us && dunstify "Layout US"|| (setxkbmap de && dunstify "Layout DE") + # Apps # start firefox super + {_,shift} + f diff --git a/modules/programs/default.nix b/modules/programs/default.nix index 02ef7d9..82e2dd4 100644 --- a/modules/programs/default.nix +++ b/modules/programs/default.nix @@ -25,6 +25,7 @@ ./python.nix ./rofi ./spotify.nix + ./ssh.nix ./sway.nix ./thunar.nix ./vim.nix diff --git a/modules/programs/kitty.nix b/modules/programs/kitty.nix index 8ab1958..76c4a10 100644 --- a/modules/programs/kitty.nix +++ b/modules/programs/kitty.nix @@ -12,7 +12,7 @@ in options.my.programs.kitty.enable = mkEnableOption "kitty"; config = mkIf cfg.enable { - my.shell.aliases.ssh = "kitty +kitten ssh"; + my.shell.aliases.ssh = "TERM=xterm-256color command ssh"; home-manager.users.moritz = { programs.kitty = { enable = true; @@ -32,11 +32,6 @@ in size = 10; }; }; - xdg.configFile."kitty/ssh.conf" = { - text = '' - env TERM=xterm-color - ''; - }; }; }; } diff --git a/modules/programs/ssh.nix b/modules/programs/ssh.nix new file mode 100644 index 0000000..2c484ae --- /dev/null +++ b/modules/programs/ssh.nix @@ -0,0 +1,39 @@ +{ config +, lib +, pkgs +, ... +}: + +with lib; +let + cfg = config.my.programs.ssh; + + baseName = path: removeSuffix ".age" (baseNameOf path); +in +{ + options.my.programs.ssh = { + enable = mkEnableOption "ssh"; + includeSecrets = mkOption { + default = [ ]; + type = with types; listOf path; + }; + }; + + config = + mkIf cfg.enable + { + age.secrets = listToAttrs (map + (path: { + name = baseName path; + value = { + file = path; + owner = "1000"; + }; + }) + cfg.includeSecrets); + home-manager.users.moritz.programs.ssh = { + enable = true; + includes = map (path: "/run/agenix/" + baseName path) cfg.includeSecrets; + }; + }; +} diff --git a/overlays/default.nix b/overlays/default.nix index dc2ac76..d29fe96 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -1,7 +1,7 @@ { inputs }: final: prev: { inherit (inputs.comma.packages."${prev.system}") comma; nixpkgs-review-checks = inputs.nixpkgs-review-checks.defaultPackage."${prev.system}"; - kdeconnect = prev.plasma5Packages.kdeconnect-kde; + openssl = final.master.openssl_3; # HACK to fix openssl CVE-2022-3786 and CVE-2022-3602 agenix = inputs.agenix.defaultPackage."${prev.system}"; master = import inputs.master { inherit (prev) system; diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 90e1b43..0862e22 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -11,10 +11,11 @@ let all = users ++ hosts; in { + "github.age".publicKeys = all; + "home-vpn-password.age".publicKeys = all; + "home-vpn.age".publicKeys = all; "nordvpn.age".publicKeys = all; "spotifyd.age".publicKeys = all; - "home-vpn.age".publicKeys = all; - "home-vpn-password.age".publicKeys = all; - "github.age".publicKeys = all; + "ssh-home.age".publicKeys = all; "uni-vpn.age".publicKeys = all; } diff --git a/secrets/ssh-home.age b/secrets/ssh-home.age new file mode 100644 index 0000000..29c1542 --- /dev/null +++ b/secrets/ssh-home.age @@ -0,0 +1,17 @@ +age-encryption.org/v1 +-> ssh-ed25519 CjuqfA wMWvHzKojsGU5q8ElLz2IiwI0NvWZN6rPLL8nvIu9xE +n0FjkxhJTOaG7RF6MEzaAz9ZWiP1trQHdNiaPCc5aCo +-> ssh-ed25519 QRYDmg ChVNe6JXbocNnJnO0Y7XVrW0Tic5V5aIWuxGiG6pXnw +FIDIKw6K0Y+WY5GJV262KTayMwxPCCBXMqXXMQruCPI +-> ssh-ed25519 wG6LYg X/hbVXUoJNAkrgGz5MtyMjYRtBkF+FERXsRg1t8lFio +x7zWga14+MZKbTQxRhoQjeBvuQOoG/uF6ZOW2XSgm/g +-> ssh-ed25519 ZYd7Zg 2ONwuLBf5b3SrCdH+8ZiebO7KBqfKjan1Sw+LX/oTQ4 +bk6LwwvZ/i5UCxUakWA9J4MUT+3ENWMGAZyXpHRFMNI +-> ssh-ed25519 as9VYQ H2i5xdWKf96tzdmTOZ0PHZciuZgSHSYTNxbvcQ3PzDs +LRwILXh0IzTJrXJf2xa97m8cBV6KuvjDPWdeNTRZNdw +-> G(S/7!"#-grease 0y 81:sY?B +r6URopooo8jE5fqfSgjBHWrwDVMa0IwklhiWXsbMzgzBhac8DSDiGMEfXxKAFDFV +GTFSR0sZoA +--- QLqXqFiqJnIc1aMFvU0Giexu9m6E2ESU6kVpiu/vD5I +9v.}rcdnqü7 |nA4H̿P4~ +8m%꥟p'di97>rx\KüeaxD7CtGlsEvŔIc |Cw6G%,%yT᭵8 \ No newline at end of file