mirror of
https://github.com/nmasur/dotfiles
synced 2025-04-23 12:12:24 +00:00
Compare commits
3 Commits
a3dcca556f
...
e90c6b1724
| Author | SHA1 | Date | |
|---|---|---|---|
|
e90c6b1724 | ||
|
|
2722a8bf61 | ||
|
|
3e8b14d671 |
@ -1,9 +0,0 @@
|
|||||||
{ pkgs, ... }:
|
|
||||||
{
|
|
||||||
|
|
||||||
# TODO: just replace with packages instead of apps
|
|
||||||
|
|
||||||
type = "app";
|
|
||||||
|
|
||||||
program = "${pkgs.nmasur.loadkey}/bin/loadkey";
|
|
||||||
}
|
|
||||||
@ -1,27 +0,0 @@
|
|||||||
{ pkgs, ... }:
|
|
||||||
{
|
|
||||||
|
|
||||||
# nix run github:nmasur/dotfiles#reencrypt-secrets ./private
|
|
||||||
|
|
||||||
type = "app";
|
|
||||||
|
|
||||||
program = builtins.toString (
|
|
||||||
pkgs.writeShellScript "reencrypt-secrets" ''
|
|
||||||
if [ $# -eq 0 ]; then
|
|
||||||
echo "Must provide directory to reencrypt."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
encrypted=$1
|
|
||||||
for encryptedfile in ''${1}/*; do
|
|
||||||
tmpfile=$(mktemp)
|
|
||||||
echo "Decrypting ''${encryptedfile}..."
|
|
||||||
${pkgs.age}/bin/age --decrypt \
|
|
||||||
--identity ~/.ssh/id_ed25519 $encryptedfile > $tmpfile
|
|
||||||
echo "Encrypting ''${encryptedfile}..."
|
|
||||||
${pkgs.age}/bin/age --encrypt --armor --recipients-file ${builtins.toString ../misc/public-keys} $tmpfile > $encryptedfile
|
|
||||||
rm $tmpfile
|
|
||||||
done
|
|
||||||
echo "Finished."
|
|
||||||
''
|
|
||||||
);
|
|
||||||
}
|
|
||||||
16
flake.nix
16
flake.nix
@ -447,14 +447,14 @@
|
|||||||
|
|
||||||
packages = mypackages;
|
packages = mypackages;
|
||||||
|
|
||||||
# Programs that can be run by calling this flake
|
# # Programs that can be run by calling this flake
|
||||||
apps = forAllSystems (
|
# apps = forAllSystems (
|
||||||
system:
|
# system:
|
||||||
let
|
# let
|
||||||
pkgs = import nixpkgs { inherit system overlays; };
|
# pkgs = import nixpkgs { inherit system overlays; };
|
||||||
in
|
# in
|
||||||
import ./apps { inherit pkgs; }
|
# import ./apps { inherit pkgs; }
|
||||||
);
|
# );
|
||||||
|
|
||||||
# Development environments
|
# Development environments
|
||||||
devShells = forAllSystems (
|
devShells = forAllSystems (
|
||||||
|
|||||||
@ -27,6 +27,7 @@ rec {
|
|||||||
nmasur.profiles = {
|
nmasur.profiles = {
|
||||||
common.enable = true;
|
common.enable = true;
|
||||||
linux-base.enable = true;
|
linux-base.enable = true;
|
||||||
|
power-user.enable = true;
|
||||||
};
|
};
|
||||||
home.stateVersion = "23.05";
|
home.stateVersion = "23.05";
|
||||||
};
|
};
|
||||||
|
|||||||
21
pkgs/tools/misc/reencrypt-secrets/package.nix
Normal file
21
pkgs/tools/misc/reencrypt-secrets/package.nix
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
# nix run github:nmasur/dotfiles#reencrypt-secrets ./private
|
||||||
|
|
||||||
|
pkgs.writeShellScriptBin "reencrypt-secrets" ''
|
||||||
|
if [ $# -eq 0 ]; then
|
||||||
|
echo "Must provide directory to reencrypt."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
encrypted=$1
|
||||||
|
find "''${1}" -type f -name "*.age" | while IFS= read -r encryptedfile; do
|
||||||
|
tmpfile=$(mktemp)
|
||||||
|
echo "Decrypting ''${encryptedfile}..."
|
||||||
|
${pkgs.age}/bin/age --decrypt \
|
||||||
|
--identity ~/.ssh/id_ed25519 $encryptedfile > $tmpfile
|
||||||
|
echo "Encrypting ''${encryptedfile}..."
|
||||||
|
${pkgs.age}/bin/age --encrypt --armor --recipients-file ${builtins.toString ../../../../misc/public-keys} $tmpfile > $encryptedfile
|
||||||
|
rm $tmpfile
|
||||||
|
done
|
||||||
|
echo "Finished."
|
||||||
|
''
|
||||||
@ -40,6 +40,9 @@ in
|
|||||||
description = "Evaluate a bash-like environment variables file";
|
description = "Evaluate a bash-like environment variables file";
|
||||||
body = ''set -gx (cat $argv | tr "=" " " | string split ' ')'';
|
body = ''set -gx (cat $argv | tr "=" " " | string split ' ')'';
|
||||||
};
|
};
|
||||||
|
fish_user_key_bindings = {
|
||||||
|
body = cfg.fish_user_key_bindings;
|
||||||
|
};
|
||||||
ip = {
|
ip = {
|
||||||
body = lib.getExe pkgs.nmasur.ip-check;
|
body = lib.getExe pkgs.nmasur.ip-check;
|
||||||
};
|
};
|
||||||
|
|||||||
@ -40,6 +40,12 @@ in
|
|||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
|
|
||||||
|
# Trust users for messing with Nix stuff
|
||||||
|
trusted-users = [
|
||||||
|
"root"
|
||||||
|
"@wheel"
|
||||||
|
];
|
||||||
|
|
||||||
# Add community Cachix to binary cache
|
# Add community Cachix to binary cache
|
||||||
# Don't use at work because blocked by corporate firewall
|
# Don't use at work because blocked by corporate firewall
|
||||||
builders-use-substitutes = true;
|
builders-use-substitutes = true;
|
||||||
|
|||||||
@ -28,13 +28,16 @@ in
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
programs.fish.enable = lib.mkDefault config.home-manager.users.${username}.programs.fish.enable;
|
||||||
|
|
||||||
|
|
||||||
# Allows us to declaritively set password
|
# Allows us to declaritively set password
|
||||||
users.mutableUsers = lib.mkDefault false;
|
users.mutableUsers = lib.mkDefault false;
|
||||||
|
|
||||||
# Define a user account. Don't forget to set a password with ‘passwd’.
|
# Define a user account. Don't forget to set a password with ‘passwd’.
|
||||||
users.users.${username} = {
|
users.users.${username} = {
|
||||||
# Use fish by default if enabled in home-manager
|
# Use fish by default if enabled in home-manager
|
||||||
shell = lib.mkIf (config.home-manager.users.${username}.programs.fish.enable) pkgs.fish;
|
shell = lib.mkIf (config.programs.fish.enable) pkgs.fish;
|
||||||
|
|
||||||
# Create a home directory for human user
|
# Create a home directory for human user
|
||||||
isNormalUser = lib.mkDefault true;
|
isNormalUser = lib.mkDefault true;
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user