Daholli/nixos-config
1
0
Fork 0
Code Issues 5 Pull requests Actions Packages Releases Activity

#6 trying to sign commits

Browse source
This commit is contained in:
Christoph Hollizeck 2024-04-07 16:12:04 +02:00
parent 4892136fd3
commit a35938a428
No known key found for this signature in database
GPG key ID: A8185688CDE3921F
7 changed files with 117 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
flake.lock
View file

@ -359,6 +359,22 @@
"type": "github" "type": "github"
} }
}, },
"gpg-base-conf": {
"flake": false,
"locked": {
"lastModified": 1711321488,
"narHash": "sha256-UoPY3pr1EkQj0vTJdHtwG8UBEmsN5AVutYzZ/3R4t28=",
"owner": "drduh",
"repo": "config",
"rev": "3b1bd3925b3440f55902e0a386155c55fc97d147",
"type": "github"
},
"original": {
"owner": "drduh",
"repo": "config",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -599,6 +615,7 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"gpg-base-conf": "gpg-base-conf",
"home-manager": "home-manager", "home-manager": "home-manager",
"nix-ld": "nix-ld", "nix-ld": "nix-ld",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",

6
flake.nix
View file

@ -35,6 +35,12 @@
url = "github:Mic92/nix-ld"; url = "github:Mic92/nix-ld";
inputs.nixpkgs.follows = "unstable"; inputs.nixpkgs.follows = "unstable";
}; };
# GPG default configuration
gpg-base-conf = {
url = "github:drduh/config";
flake = false;
};
}; };
outputs = outputs =

9
modules/home/tools/git/default.nix
View file

@ -16,6 +16,8 @@ in
enable = mkBoolOpt true "Enable Git (Default true)"; enable = mkBoolOpt true "Enable Git (Default true)";
userName = mkOpt types.str user.fullName "The name to configure git with."; userName = mkOpt types.str user.fullName "The name to configure git with.";
userEmail = mkOpt types.str user.email "The email to configure git with."; userEmail = mkOpt types.str user.email "The email to configure git with.";
signingKey = mkOpt types.str "A8185688CDE3921F" "The key ID to sign commits with.";
signByDefault = mkOpt types.bool true "Whether to sign commits by default.";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -23,6 +25,10 @@ in
enable = true; enable = true;
inherit (cfg) userName userEmail; inherit (cfg) userName userEmail;
lfs = enabled; lfs = enabled;
signing = {
key = cfg.signingKey;
inherit (cfg) signByDefault;
};
extraConfig = { extraConfig = {
init = { init = {
defaultBranch = "main"; defaultBranch = "main";
@ -33,6 +39,9 @@ in
push = { push = {
autoSetupRemote = true; autoSetupRemote = true;
}; };
safe = {
directory = "${user.home}/projects/config";
};
}; };
}; };
}; };

56
modules/nixos/security/gpg/default.nix Normal file
View file

@ -0,0 +1,56 @@
{
options,
config,
pkgs,
lib,
inputs,
...
}:
with lib;
with lib.wyrdgard;
let
cfg = config.wyrdgard.security.gpg;
gpgConf = "${inputs.gpg-base-conf}/gpg.conf";
gpgAgentConf = ''
enable-ssh-support
default-cache-ttl 60
max-cache-ttl 120
pinentry-program ${pkgs.pinentry-qt}/bin/pinentry-qt
'';
in
{
options.wyrdgard.security.gpg = with types; {
enable = mkBoolOpt false "Wether or not to enable GPG.";
agentTimeout = mkOpt int 5 "The amount of time to wait before continuing with shell init.";
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [
paperkey
gnupg
pinentry-curses
pinentry-qt
];
programs = {
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
enableExtraSocket = true;
};
};
wyrdgard = {
home.file = {
".gnupg/.keep".text = "";
".gnupg/gpg.conf".source = gpgConf;
".gnupg/gpg-agent.conf".text = gpgAgentConf;
};
};
};
}

4
modules/nixos/submodules/basics/default.nix
View file

@ -50,6 +50,10 @@ in
time = enabled; time = enabled;
xkb = enabled; xkb = enabled;
}; };
security = {
gpg = enabled;
};
}; };
}; };
} }

2
modules/nixos/submodules/graphical-interface/default.nix
View file

@ -16,6 +16,8 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [ ];
services.xserver = { services.xserver = {
enable = true; enable = true;
displayManager.sddm = { displayManager.sddm = {

34
modules/nixos/tools/git/default.nix
View file

@ -10,12 +10,14 @@ with lib.wyrdgard;
let let
cfg = config.wyrdgard.tools.git; cfg = config.wyrdgard.tools.git;
user = config.wyrdgard.user; user = config.wyrdgard.user;
gpg = config.wyrdgard.security.gpg;
in in
{ {
options.wyrdgard.tools.git = with types; { options.wyrdgard.tools.git = with types; {
enable = mkBoolOpt true "Wether or not to enable git (Default enabled)"; enable = mkBoolOpt true "Wether or not to enable git (Default enabled)";
userName = mkOpt types.str user.fullName "The name to use git with"; userName = mkOpt types.str user.fullName "The name to use git with";
userEmail = mkOpt types.str user.email "The email to use git with"; userEmail = mkOpt types.str user.email "The email to use git with";
signingKey = mkOpt types.str "A8185688CDE3921F" "The key ID to sign commits with.";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -24,18 +26,28 @@ in
gitAndTools.gh gitAndTools.gh
]; ];
programs.git = { wyrdgard.home.extraOptions = {
enable = true; programs.git = {
lfs.enable = true; enable = true;
config = { inherit (cfg) userName userEmail;
init = { lfs.enable = true;
defaultBranch = "main"; signing = {
key = cfg.signingKey;
signByDefault = mkIf gpg.enable true;
}; };
pull = { extraConfig = {
rebase = false; init = {
}; defaultBranch = "main";
push = { };
autoSetupRemote = true; pull = {
rebase = false;
};
push = {
autoSetupRemote = true;
};
safe = {
directory = "${config.users.users.${user.name}.home}/projects/config";
};
}; };
}; };
}; };