mirror of
https://github.com/nmasur/dotfiles
synced 2025-04-24 05:42:25 +00:00
Compare commits
No commits in common. "e90c6b17246babf0da7a7925efe1087025008626" and "a3dcca556f8d612ac57a7a0ebdb33b4e7e244b10" have entirely different histories.
e90c6b1724
...
a3dcca556f
9
apps/loadkey.nix
Normal file
9
apps/loadkey.nix
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
{ pkgs, ... }:
|
||||||
|
{
|
||||||
|
|
||||||
|
# TODO: just replace with packages instead of apps
|
||||||
|
|
||||||
|
type = "app";
|
||||||
|
|
||||||
|
program = "${pkgs.nmasur.loadkey}/bin/loadkey";
|
||||||
|
}
|
||||||
27
apps/reencrypt-secrets.nix
Normal file
27
apps/reencrypt-secrets.nix
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
{ pkgs, ... }:
|
||||||
|
{
|
||||||
|
|
||||||
|
# nix run github:nmasur/dotfiles#reencrypt-secrets ./private
|
||||||
|
|
||||||
|
type = "app";
|
||||||
|
|
||||||
|
program = builtins.toString (
|
||||||
|
pkgs.writeShellScript "reencrypt-secrets" ''
|
||||||
|
if [ $# -eq 0 ]; then
|
||||||
|
echo "Must provide directory to reencrypt."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
encrypted=$1
|
||||||
|
for encryptedfile in ''${1}/*; do
|
||||||
|
tmpfile=$(mktemp)
|
||||||
|
echo "Decrypting ''${encryptedfile}..."
|
||||||
|
${pkgs.age}/bin/age --decrypt \
|
||||||
|
--identity ~/.ssh/id_ed25519 $encryptedfile > $tmpfile
|
||||||
|
echo "Encrypting ''${encryptedfile}..."
|
||||||
|
${pkgs.age}/bin/age --encrypt --armor --recipients-file ${builtins.toString ../misc/public-keys} $tmpfile > $encryptedfile
|
||||||
|
rm $tmpfile
|
||||||
|
done
|
||||||
|
echo "Finished."
|
||||||
|
''
|
||||||
|
);
|
||||||
|
}
|
||||||
16
flake.nix
16
flake.nix
@ -447,14 +447,14 @@
|
|||||||
|
|
||||||
packages = mypackages;
|
packages = mypackages;
|
||||||
|
|
||||||
# # Programs that can be run by calling this flake
|
# Programs that can be run by calling this flake
|
||||||
# apps = forAllSystems (
|
apps = forAllSystems (
|
||||||
# system:
|
system:
|
||||||
# let
|
let
|
||||||
# pkgs = import nixpkgs { inherit system overlays; };
|
pkgs = import nixpkgs { inherit system overlays; };
|
||||||
# in
|
in
|
||||||
# import ./apps { inherit pkgs; }
|
import ./apps { inherit pkgs; }
|
||||||
# );
|
);
|
||||||
|
|
||||||
# Development environments
|
# Development environments
|
||||||
devShells = forAllSystems (
|
devShells = forAllSystems (
|
||||||
|
|||||||
@ -27,7 +27,6 @@ rec {
|
|||||||
nmasur.profiles = {
|
nmasur.profiles = {
|
||||||
common.enable = true;
|
common.enable = true;
|
||||||
linux-base.enable = true;
|
linux-base.enable = true;
|
||||||
power-user.enable = true;
|
|
||||||
};
|
};
|
||||||
home.stateVersion = "23.05";
|
home.stateVersion = "23.05";
|
||||||
};
|
};
|
||||||
|
|||||||
@ -1,21 +0,0 @@
|
|||||||
{ pkgs, ... }:
|
|
||||||
|
|
||||||
# nix run github:nmasur/dotfiles#reencrypt-secrets ./private
|
|
||||||
|
|
||||||
pkgs.writeShellScriptBin "reencrypt-secrets" ''
|
|
||||||
if [ $# -eq 0 ]; then
|
|
||||||
echo "Must provide directory to reencrypt."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
encrypted=$1
|
|
||||||
find "''${1}" -type f -name "*.age" | while IFS= read -r encryptedfile; do
|
|
||||||
tmpfile=$(mktemp)
|
|
||||||
echo "Decrypting ''${encryptedfile}..."
|
|
||||||
${pkgs.age}/bin/age --decrypt \
|
|
||||||
--identity ~/.ssh/id_ed25519 $encryptedfile > $tmpfile
|
|
||||||
echo "Encrypting ''${encryptedfile}..."
|
|
||||||
${pkgs.age}/bin/age --encrypt --armor --recipients-file ${builtins.toString ../../../../misc/public-keys} $tmpfile > $encryptedfile
|
|
||||||
rm $tmpfile
|
|
||||||
done
|
|
||||||
echo "Finished."
|
|
||||||
''
|
|
||||||
@ -40,9 +40,6 @@ in
|
|||||||
description = "Evaluate a bash-like environment variables file";
|
description = "Evaluate a bash-like environment variables file";
|
||||||
body = ''set -gx (cat $argv | tr "=" " " | string split ' ')'';
|
body = ''set -gx (cat $argv | tr "=" " " | string split ' ')'';
|
||||||
};
|
};
|
||||||
fish_user_key_bindings = {
|
|
||||||
body = cfg.fish_user_key_bindings;
|
|
||||||
};
|
|
||||||
ip = {
|
ip = {
|
||||||
body = lib.getExe pkgs.nmasur.ip-check;
|
body = lib.getExe pkgs.nmasur.ip-check;
|
||||||
};
|
};
|
||||||
|
|||||||
@ -40,12 +40,6 @@ in
|
|||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
|
|
||||||
# Trust users for messing with Nix stuff
|
|
||||||
trusted-users = [
|
|
||||||
"root"
|
|
||||||
"@wheel"
|
|
||||||
];
|
|
||||||
|
|
||||||
# Add community Cachix to binary cache
|
# Add community Cachix to binary cache
|
||||||
# Don't use at work because blocked by corporate firewall
|
# Don't use at work because blocked by corporate firewall
|
||||||
builders-use-substitutes = true;
|
builders-use-substitutes = true;
|
||||||
|
|||||||
@ -28,16 +28,13 @@ in
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
programs.fish.enable = lib.mkDefault config.home-manager.users.${username}.programs.fish.enable;
|
|
||||||
|
|
||||||
|
|
||||||
# Allows us to declaritively set password
|
# Allows us to declaritively set password
|
||||||
users.mutableUsers = lib.mkDefault false;
|
users.mutableUsers = lib.mkDefault false;
|
||||||
|
|
||||||
# Define a user account. Don't forget to set a password with ‘passwd’.
|
# Define a user account. Don't forget to set a password with ‘passwd’.
|
||||||
users.users.${username} = {
|
users.users.${username} = {
|
||||||
# Use fish by default if enabled in home-manager
|
# Use fish by default if enabled in home-manager
|
||||||
shell = lib.mkIf (config.programs.fish.enable) pkgs.fish;
|
shell = lib.mkIf (config.home-manager.users.${username}.programs.fish.enable) pkgs.fish;
|
||||||
|
|
||||||
# Create a home directory for human user
|
# Create a home directory for human user
|
||||||
isNormalUser = lib.mkDefault true;
|
isNormalUser = lib.mkDefault true;
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user