Compare commits
6 commits
459ecf9c60
...
b4f73c5d93
Author | SHA1 | Date | |
---|---|---|---|
b4f73c5d93 | |||
249ea2632d | |||
e48c086eb6 | |||
3b6838cb08 | |||
5f9d82aa02 | |||
4123b40932 |
11 changed files with 175 additions and 3 deletions
|
@ -65,3 +65,8 @@ creation_rules:
|
||||||
- age:
|
- age:
|
||||||
- *base
|
- *base
|
||||||
- *darkkirb
|
- *darkkirb
|
||||||
|
- path_regex: services/desktop/gpg/privkey.yaml
|
||||||
|
key_groups:
|
||||||
|
- age:
|
||||||
|
- *base
|
||||||
|
- *darkkirb
|
|
@ -100,7 +100,7 @@ with lib;
|
||||||
{
|
{
|
||||||
name = "home-manager-${name}";
|
name = "home-manager-${name}";
|
||||||
value = {
|
value = {
|
||||||
wantedBy = mkForce [
|
wantedBy = [
|
||||||
"user@${toString cfg.uid}.service"
|
"user@${toString cfg.uid}.service"
|
||||||
];
|
];
|
||||||
after = [
|
after = [
|
||||||
|
|
|
@ -40,7 +40,7 @@ with lib;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
#config.nix.auto-update.enable = mkDefault config.nix.enable;
|
config.nix.auto-update.enable = mkDefault config.nix.enable;
|
||||||
config.nix.auto-update.reboot = mkDefault true;
|
config.nix.auto-update.reboot = mkDefault true;
|
||||||
config.systemd.services.nixos-upgrade = mkIf config.nix.enable {
|
config.systemd.services.nixos-upgrade = mkIf config.nix.enable {
|
||||||
description = "NixOS Upgrade";
|
description = "NixOS Upgrade";
|
||||||
|
|
|
@ -18,6 +18,7 @@
|
||||||
"build-rainbow-resort"
|
"build-rainbow-resort"
|
||||||
"build-aarch64"
|
"build-aarch64"
|
||||||
"build-riscv"
|
"build-riscv"
|
||||||
|
"rainbow-resort.int.chir.rs"
|
||||||
]
|
]
|
||||||
{
|
{
|
||||||
identityFile =
|
identityFile =
|
||||||
|
@ -26,6 +27,23 @@
|
||||||
else
|
else
|
||||||
config.sops.secrets.".ssh/id_ed25519_sk".path;
|
config.sops.secrets.".ssh/id_ed25519_sk".path;
|
||||||
};
|
};
|
||||||
|
matchBlocks."rainbow-resort.int.chir.rs" = {
|
||||||
|
forwardAgent = true;
|
||||||
|
remoteForwards = [
|
||||||
|
{
|
||||||
|
bind.address = "/%d/.local/state/gnupg/S.gpg-agent";
|
||||||
|
host.address = "/%d/.local/state/gnupg/S.gpg-agent.extra";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
bind.address = "/%d/.local/state/waypipe/server.sock";
|
||||||
|
host.address = "/%d/.local/state/waypipe/client.sock";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
forwardX11 = true;
|
||||||
|
forwardX11Trusted = true;
|
||||||
|
setEnv.WAYLAND_DISPLAY = "wayland-waypipe";
|
||||||
|
extraOptions.StreamLocalBindUnlink = "yes";
|
||||||
|
};
|
||||||
enable = true;
|
enable = true;
|
||||||
};
|
};
|
||||||
sops.secrets = lib.mkIf (config.home.username != "root") {
|
sops.secrets = lib.mkIf (config.home.username != "root") {
|
||||||
|
|
|
@ -3,5 +3,6 @@
|
||||||
imports = [
|
imports = [
|
||||||
./kdeconnect.nix
|
./kdeconnect.nix
|
||||||
./gpg
|
./gpg
|
||||||
|
./waypipe.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,9 @@
|
||||||
{ config, pkgs, ... }:
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
{
|
{
|
||||||
programs.gpg = {
|
programs.gpg = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -6,10 +11,43 @@
|
||||||
mutableKeys = false;
|
mutableKeys = false;
|
||||||
mutableTrust = false;
|
mutableTrust = false;
|
||||||
scdaemonSettings.disable-ccid = true;
|
scdaemonSettings.disable-ccid = true;
|
||||||
|
publicKeys = [
|
||||||
|
{
|
||||||
|
source = ./keys/0xB4E3D4801C49EC5E.asc;
|
||||||
|
trust = "ultimate";
|
||||||
|
}
|
||||||
|
];
|
||||||
};
|
};
|
||||||
services.gpg-agent = {
|
services.gpg-agent = {
|
||||||
enable = true;
|
enable = true;
|
||||||
enableSshSupport = true;
|
enableSshSupport = true;
|
||||||
pinentryPackage = pkgs.pinentry-qt;
|
pinentryPackage = pkgs.pinentry-qt;
|
||||||
|
enableExtraSocket = true;
|
||||||
|
};
|
||||||
|
sops.secrets."pgp/0xB4E3D4801C49EC5E.asc".sopsFile = ./privkey.yaml;
|
||||||
|
home.activation.import-gpg-privkey =
|
||||||
|
lib.hm.dag.entryAfter
|
||||||
|
[
|
||||||
|
"writeBoundary"
|
||||||
|
"sops-nix"
|
||||||
|
"importGpgKeys"
|
||||||
|
]
|
||||||
|
''
|
||||||
|
run env GNUPGHOME=${config.programs.gpg.homedir} ${config.programs.gpg.package}/bin/gpg --import ${
|
||||||
|
config.sops.secrets."pgp/0xB4E3D4801C49EC5E.asc".path
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
programs.fish.loginShellInit = "gpgconf --launch gpg-agent";
|
||||||
|
systemd.user.services.link-gnupg-sockets = {
|
||||||
|
Unit = {
|
||||||
|
Description = "link gnupg sockets from /run to /home";
|
||||||
|
};
|
||||||
|
Service = {
|
||||||
|
Type = "oneshot";
|
||||||
|
ExecStart = "${pkgs.coreutils}/bin/ln -Tfs /run/user/%U/gnupg %h/.local/state/gnupg";
|
||||||
|
ExecStop = "${pkgs.coreutils}/bin/rm $HOME/.local/state/gnupg";
|
||||||
|
RemainAfterExit = true;
|
||||||
|
};
|
||||||
|
Install.WantedBy = [ "default.target" ];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
48
services/desktop/gpg/keys/0xB4E3D4801C49EC5E.asc
Normal file
48
services/desktop/gpg/keys/0xB4E3D4801C49EC5E.asc
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
|
||||||
|
mDMEYfph3hYJKwYBBAHaRw8BAQdAWYTcPt/iW5HydB1kBRgUk9yDIvp6iwYu8zVB
|
||||||
|
yRsLPEi0JUNoYXJsb3R0ZSDwn6adIERlbGVuayA8bG90dGVAY2hpci5ycz6IzwQT
|
||||||
|
FgoAdwIbAQQLCQgHBBUKCQgFFgIDAQACHgUCF4ACGQEWIQTvXzZ6leC/pjkC2Gq0
|
||||||
|
49SAHEnsXgUCZElLLz0UgAAAAAAQACRwcm9vZkBhcmlhZG5lLmlkaHR0cHM6Ly9h
|
||||||
|
a2tvLmNoaXIucnMvdXNlcnMvY2hhcmxvdHRlAAoJELTj1IAcSexexHYA/2t1Rgmb
|
||||||
|
NXXBO+pmwII+EDIsOe1ZGI5lY1i6fXgq5c5iAQC2HqBXBv/E0ZJkQwaXLM3s+axP
|
||||||
|
o38TImzETJKT3Ja/D4kCMwQQAQoAHRYhBCBtpeHaCQS27kkWujzvXdqRWuywBQJh
|
||||||
|
+mNQAAoJEDzvXdqRWuywotIP/3jCrxmP1q65BSx305uHGpt0Yn9X01xq0OBCCbBg
|
||||||
|
8GRfdCYCFi1QzNcZwcrNZm71TR4gr5r0ZdZECHtm8AQe3nMtD9MJhsnku8qrMIwl
|
||||||
|
Y/HFgtZcQToMQgd3tDciMnBLLQhsNsW2gePN/REgHbq0VRNQX4UvwN9u+4Odp+W6
|
||||||
|
aOuG4mx/t0SHPvftsLn7DTP0/tIHQT6iWtIqfqtWtuxL7SLrzKzRWuNmYGKwgx7g
|
||||||
|
cmg4aBEBBpTQxx8aokPtcV90GTx6oU4gKaZsDuHkHERKggJZqZJNpuiJio45yvOC
|
||||||
|
Ht/7UwpSJI/WL4bvN8S9ecSRGiweillZlk/fQe9Rmok7NOsn2lA0Jpvj5UngqiSe
|
||||||
|
dqKfcDcgNRPXoc6aZYZV97Vddttploa93MG50DGjEUERX9vxwU0YcxmmvfNoH07M
|
||||||
|
Exp2eGlNImCGnlTyP7CLHnhfb9GeH63dKCkmYNNzP9p0f/HDPzSWCCFCGXz915nn
|
||||||
|
ZiJag/4bu4j+iDkXb0qYWCE8YQnCyDJjFbno7mzmyZdzRxdAt1UtLs0JjV6r3M5r
|
||||||
|
biH59aOgLjG1Co7ZbWj6tcQsgT+40GceiyMEva1eOm+lYjJnB2GQBCyeFhipnZTa
|
||||||
|
3yUeA86gKNjGwRGhqeQHpkuJeQkbwuYpY2p7scn5wAmn6tuJbup/7hBYjRXcTcat
|
||||||
|
/G/ziJEEExYKADkCGwEECwkIBwQVCgkIBRYCAwEAAh4FAheAFiEE7182epXgv6Y5
|
||||||
|
AthqtOPUgBxJ7F4FAmH6ZEgCGQEACgkQtOPUgBxJ7F7MbQEA28gNr8W5c2qiAEp1
|
||||||
|
gd7MWXU7/XDA1T7KB0gT4zikePwA/irn7tpqLyZC4d+N8gF2950qMt9h+t6kamc+
|
||||||
|
GtEyF6UDtCxDaGFybG90dGUg8J+mnSBEZWxlbmsgPGRhcmtraXJiQGRhcmtraXJi
|
||||||
|
LmRlPojMBBMWCgB0AhsBBAsJCAcEFQoJCAUWAgMBAAIeBQIXgBYhBO9fNnqV4L+m
|
||||||
|
OQLYarTj1IAcSexeBQJkSUsvPRSAAAAAABAAJHByb29mQGFyaWFkbmUuaWRodHRw
|
||||||
|
czovL2Fra28uY2hpci5ycy91c2Vycy9jaGFybG90dGUACgkQtOPUgBxJ7F6llAD/
|
||||||
|
U6oyWWt+QXgnlfivMe2EprjR3XlNDTkA7qYwEHsFmJIA/AyWeaRoJWQKc/U7BaO2
|
||||||
|
cCAOm8cZc0ANLuPX8Mz5FZ4OiI4EExYKADYWIQTvXzZ6leC/pjkC2Gq049SAHEns
|
||||||
|
XgUCYfpkLQIbAQQLCQgHBBUKCQgFFgIDAQACHgUCF4AACgkQtOPUgBxJ7F6SCwD/
|
||||||
|
S4pvjaU3c6Ov9LiETafcQnGOoyo1ATknphL5H2agh0UBAOPmX3T7NrWepQVJt4Nc
|
||||||
|
Qp3Nuggqqw3xPjqjrOpPnHAOuDMEYfpjyRYJKwYBBAHaRw8BAQdAPNDxa/Ee1Ovc
|
||||||
|
aJiFJb3HNGKjVZBepXDN0gX9CTYEVj+I9QQYFgoAJgIbAhYhBO9fNnqV4L+mOQLY
|
||||||
|
arTj1IAcSexeBQJnPutvBQkHJbsmAIF2IAQZFgoAHRYhBC79cu8hxFgw7HriU6sr
|
||||||
|
2Nry43EiBQJh+mPJAAoJEKsr2Nry43Ei4NYA/AsOyJgBZq6MET81FjAa16fZWlAC
|
||||||
|
dGxqNMEv2XVtsp7PAQCTNdttTShA84S/ZY5znPZQMxGtdDpVnXI+oQm8fkgRDwkQ
|
||||||
|
tOPUgBxJ7F7bkQEA/LYsodtgoK47nrJtPSTESMnQcyO+9U8f9bLgffs+MVMBAP5m
|
||||||
|
X19Mmq6x++GuMsTNk9SHZccuIZwodfLuHYV2fVIFuDgEYfpj6hIKKwYBBAGXVQEF
|
||||||
|
AQEHQMcqCbS7zlaE56jD3Dwk+/ty58wLxolO9Uw6j31UsnoOAwEIB4h+BBgWCgAm
|
||||||
|
AhsMFiEE7182epXgv6Y5AthqtOPUgBxJ7F4FAmc+628FCQcluwUACgkQtOPUgBxJ
|
||||||
|
7F4PkwD/QwITag2hM3yL9YuOjCD7/mWIVt/i39RgTgb7czN/OeEA/3v2NVVHwfBu
|
||||||
|
UQkC4h07SFLAysIiosQaEGamnyLim2QPuDMEYfpkABYJKwYBBAHaRw8BAQdAUWJh
|
||||||
|
OMgwfpjMCtNYyNPyviKMsN5N1EB6R6NET9b+cseIfgQYFgoAJgIbIBYhBO9fNnqV
|
||||||
|
4L+mOQLYarTj1IAcSexeBQJnPutvBQkHJbrvAAoJELTj1IAcSexereMBALbxvn97
|
||||||
|
a1RA7bU0g2C05CTkcArsm63ugmBq/fztsEnUAP9xmlZgD4TUuxQfEhPnzE8Zdw++
|
||||||
|
3a97jNjZSnYc0NxGBA==
|
||||||
|
=VnTl
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
31
services/desktop/gpg/privkey.yaml
Normal file
31
services/desktop/gpg/privkey.yaml
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
pgp:
|
||||||
|
0xB4E3D4801C49EC5E.asc: ENC[AES256_GCM,data:eGvKzysZy46FNrjfuDHUXidvAsAnyAszGMSlk2KVu8T9UjjT/KMta1Ys9wgfGn3MVm8SUhohprdR31R83l2+2FqNaRVcYNRhvsfrGUtmsPEC1346D0D3nxIcu33Pv7eROnIc7AaAcf+j2rHeqCyaSDS3Uwdx8oyl/ceiTaAzlohoDfPo43b5uetaCWH4KSdK2LKmrisOymrD4qrhgtFgpaIV6c3GfjrRG0uHczpoMOEje19IyenfF6uaIVSuXEjZqfi9dazFF3RtEpeNA4+oS29iKoY1zF2zj5uX10HlKrC+caiiJ7vO+yLt47jjYu2TbbbRgNR4AkMsxoW78EwBIHWKWp59q1mJV6uNL7Xjrxhq9qKxfcv08RHlk5jhM7Fy6/3pgAmhv/DuiIF3zWpaD1h4JJA+WMeoYb0N2npaW6mVUn61dIArbTxlxUxhtIPbxCa7cRqCe/YWrnFbca4aeSIgId8T46sN+Iv2O5yI9BZJabC8rfgQcESNUOJMbeCoQZR2+XCYnB1mo6Elh1mAeqIsaXRtSHzuWboIb9D6f9yY2KEousx6dskXor++LEQL4+z0POOIdjeS3m1F8SJBJ46aFIis57rls7sQs7bjeIrSjI8aWGCPwoSLIUe8Yv9leOnkijy3mzq75SAQ984nmuhByNXs9rfQZ038ZtK9RaafASZwuURErD2+h2ZHElU5BieI6Zd6r1efOe2NG4BD2bI0nghF7CG30A0KeiS3Gh+Xb65LooMZ/BKkYLiMEGvT9fJeCVLCMyDK+dUGSZgjdkG9nyosYyWxqSGo8eTSQWTnS2bwoBI2sHyd7/NvJ0rQeq6VhUa/S9jygNfp60/W6GN+kmLFv1yhkhjhvyXM7iyqabaZqf9DJnD7UpDg1h4faMEvWSS2sEjrUvZm4FGEn/k3yS0WiXzCqj6/TeuSjQbjsgC102Si2ULSwIy2wGYfPZLFRO/I55nGK/Vxx+/KePWBif0wJ7r5PdICiR6LVcDhF+ZXjPLvg4HsxhuPaBl1hHDuB6/0ZMX2b+3EWPzw2kwvBdzte1lr01cRq/tj1Xx1aecPNr+/l+yACrDyf3X2Mshuk+ad8eP1BvaIcNT5pFADXqcY5okavUHrhIU0lGf6WytFDa/aOX9z5IZG2CPmZ7ACyrJMDl+ESCC5WWinSBq83vHmxQYlqyRs0lPYQObbqGvT91GCDhqB/T86CMiJf/z1BlqDIIsTjBJE6328KAEv364d1fjAJG1Cws98lRqcaTNgnhfYJ7LLVY4GPXVrOhoUumH7NaeSWhDEYehproEIcu/SmOWWzG4o1UGePf2rH3l7zdWtVImIXN7g8G4YwY/zAfoUtn0KBpJVp0ZcnklpwZs4nfpvN0DBtAPn0toozEF4fyXjzbTK8bU7UZ/zpKvmea/5WaV9SyESb/A9AJPq9teui0A9u/DxKQx7SHtR1a5w8ysTsBAAzWswbgDUHxE3V6leCTjR5GvSofLDIuygyQCZ/IMu52EckDhf0cesfydLzyt0sm89/0s/B0mvAeQR/pQl86vuPMuJdpy7VrGeLpbWAFYNTwxDteaZXRGsJudRnm0UGrchhjU6jBeiIvpOi2I6TucjyNWdMOnHx1zBnJchZ87g1QWIqQ9RHCgVWhaDY76q/yvDlbdwmo7c5XSnIx7pHuCSvR2khi8yE3K2NImgL+S12qU0QtHXd3XPAD/+QpNOprc5y1pY4rHoT5WcOsrMBI4NxixGDJb2Ovzd1NxIXmX0qSuiP/AuyWNg763dBi0KDI0DHZM7QE855VGZKSemaaLs8M4w1cEo3oDzVFO9Pt+UFzxhp10AyeY65IhYmPEpQ1YFgQvqKg4SfWPGE2x0jJ25hRrAqJx26aSVybKEnm3zne+OSZT4E/E7fUvZr/+evxGOTzA92TJjxECRqoAOBTXaVoUcbEOcShT8bgGj0IkTsVYAESUAngzi2/vNLdwxLuDlYbPDF2JEdKZRS4vmcvy7kM9URXF7U1WrphFYmJnHDC7LLyBdzJMg49HDEgmgAiYk9f7zb/9A/NExsxFOq/PoqD3oyQzV+l7xSiBLXRs0uw8JqzF59TNK1XCEsru0U0zyWRN789tun0TNoQR6SyV1jeymsQC4tKUYvXucPsQObokF9OB8VlfIcLZ7omSymOjfWXM2ux2Qcxgmy12rnpFxTBIhB9zRXTBiUPlt+XM5EwEv4ys2q4g7Gs/vYgMT2a9tnI8I4pyCJKItsNbn0mrk6JEojiSn+HnXEbM79DCPpxGUXHMor7BkxHPoBCu6kwde5Igr6126z70dMkxwY2tOI+SghTojbkFRMmVJ8yrgBZB6cu0eSr86yH/uX6UtXfQx809TcQix2seSBqO7r31MLVfhRV+v5e3OT4QXV9EaAOrfGIM0dzkvceq96HgOogxYhr6krQbF61fpebcwNBHaUDs//f34PefykE8RLkza8HcCGsr62YM2yPxXhU0cEaimfhDJ1Qgi6rjnGY8QfxRQPUwmdscWfYnIsAPPoiTQ//up6XEewFqKE9AordPy53fpW6j0xNojyz4FqexgC/zBAxO7j2STSPf3J9A4PJlamEBrbE7XatBAOFhHN1JZUZYSlDc/FHJO/5A/FoELPG3kHzQ/uLG0tGZPqsSP4y5RPz+vmP2CzCl3tzrC7doQJ3kStXzGk8IMc8Ix6XiBrIxNlZacbxUiO65qC5n/7OrSGTQ9SDD7N8IKyfNDHVabtPHLWoR6QvaFyCnyqthOOsAyvPUKu6M4af8wNaSXvHM1jCRYKvaTVLgcIzscV+NVYSMnd+JdGtEWLQs804pa9EKFqK7G7fVJlSkr78jwTpVmkVY2j3JCIjlgXAP0XCxz8KL5XNKlPUZAFwqS17XvgmaLA6FLv8sv0Qare9jtYp9bR70B9G6tzZ6StnR0+nNJI6br8jsaSVD2UycH64V1PaqT5cyNA0K/+fdb5qRWCFUxQuBk5cDq6TLxtVYcN38a1HQzM7Vrsw0XEblKjesAgwN3aKeCpagTKwLA0ruhtUPPoHsmM/b6vNB54lBAbDVkVIJdd7NylUmIJjXjPV9pjH1BH9q7wUIAiXQJwKcuIPnwiywblye2iuqkxX//aLkaMSJqlzIbINbyg1YGxo7KOfX8uSPD2ZTH1C2QzCdU+yQhDY90hSIy0dFQJhHuEujDP09tUZIUJege7BTvUzWtlTStX9rUi3uii9bxv/szlQrhFE2ltoTN0arhLtzcRXkLRjDUkw0tmHP7Ah3kwJfV3mBc156pcFPDt9Ay8VOUqiTn3P2gL23oFL3EV0DrZ/xiPrrP3x8q+ELqM6vDpJkUhEIKPLB+YfmqYH9WGB/fZNtMFhx9HdXXXO1Ylc9adyGnOS3qTqrosfhfEfi3bxQ07VlpDDwtBbd3pXwJGjNj+v8pNCaxccVUdG+q/7z6u4kdG2UDRv09HanC2fvr2ylr0/QIDdMTD+ka81ZK/CuB1D5O0CxOr0sncYmy3xTjppLBGsrF3AdIZ0dQskBfajtfaihbBygFcLtq2GudWNXbhzEy6w36Uq/urQCrCGGjDTpmjDlzUSPm/Uac6WXa02aJ8nj7PAMdX176OYO4zcOk0TWBx6PFB9xaIX37rEm8q1TDM0UCuGXqgqKMlbo7vip8oPxMqNRdNsQiLUQlRRpo4xVDwTIXQE3RRSGXeCfOEbSpRVSw3fuVL/85gL+0nW1e+iTNjZTOMdFwYgKAlVF8or3A0yeGcLuTU0uBRFoEpb9ab1d2uaGiQC3CSyRj8CdJ7SHrNulUzKfK4GKd55MkfFuP6hqZW4LTvX0ZGjAdyhj6dXlKQetFjYZDW5b8UoJYQhFAtjzbJj+9PmpFMPwU7HwrpJskmDGsdLZlBCxPBw/kpkw/GSUMVqRKcajQ71M0UxkmHHXERho3x2Lwieahb9cAmbkySUPSlBiqct/0n0EP5GAkXsrZCVgIxnZ1cutbIFTAjDr5+F/UhzKtqEupbF5WXgyZKi5K8nRA5yjpBybVpKgcfLdm4VF+wKl/h0UkVMdk+3F2E1A14EMB9e2aDKI=,iv:DXDK1KJ5TVIaz43GZEYEQRX/KYhV79hpu9RB6BdqP58=,tag:c2cbvykpswWiuVmtnoQ1Ww==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1tltjgexkp5fz3rum4j0k66ty5q4u8ptvkgkepumd20zal24g2qfs5xgw76
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhQ1Q1YjB6V09UZzNZeE1Z
|
||||||
|
c2tNZFoyZ0xnWUV4NDVjRC9WS1lPcE8rMDJzCnF1ZFJvZEhLM09XeHZESTFla0ow
|
||||||
|
c0srSGRtdnBLSytqT1ZQNzh6MjR6MEUKLS0tIHZxdktjMnhDUnpFRFV6TDdHTWtN
|
||||||
|
QjQzempqdGloNnBIT1gzM0ZHUUwwVHMKzu/dHJ30SM1u8iAcAUFET2R4MImrxXyb
|
||||||
|
oaysw2RJzhb+THz+bnyeP+eH6kXcvg6tvzdESd/QOXQzbE5iraG5eg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age15g6tzvcmcp3ae4hwnn4pwewat6eq9unlhtjrlaka6rf94ej9dd5qqpgt7u
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBncThtZS9Ea0wrek94S1Nq
|
||||||
|
eWVEbEpvMWpGMW9UUGh6U1JYOGFndDY5NG5JClNPVVlsblFjQXJqcjgwdi91TWxP
|
||||||
|
UFdCcU5hZE4xbW5aNXYvN3M3bFZ6bGsKLS0tIFE0TGx5azNPYXF2MWdsNHpoMzhM
|
||||||
|
cnM5SGg1TEkrN1dCOEZWbElaVEFzNlkKzHjTkcZmcqxwfwExMH3fnNIesvy6y8N7
|
||||||
|
aSqPXsd2xo6yc2TNTh1ufvpKOwR6HB5q9AT1Dnpyrrmn0MwPdIHQEQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-11-21T08:13:09Z"
|
||||||
|
mac: ENC[AES256_GCM,data:bn1lA00v4gQqJ5rySjOmNVOGKTuJIsQ7YBiVMhvIwrKI58KjRENYUCGTxqHkfLYFUr7JpP6fCVgw6vOwe6UGc17p4aFAnERBzKZlo9FPQFYuZ0Kgjacv+QRX5Ie9DR1a6yF6mVJ8Fcub9TH9tL6lHd4Z28MSuVHQgnV8ajVYd5c=,iv:KyVVUITsTCeq+slNOtrWY8NrXzDaCPSrF2C6K9AmBzo=,tag:mSGLiTnlTysQKPUL/8JSDg==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.9.1
|
25
services/desktop/waypipe.nix
Normal file
25
services/desktop/waypipe.nix
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
{ pkgs, lib, ... }:
|
||||||
|
{
|
||||||
|
home.packages = [ pkgs.waypipe ];
|
||||||
|
systemd.user.services = {
|
||||||
|
waypipe-client = {
|
||||||
|
Unit.Description = "Runs waypipe on startup to support SSH forwarding";
|
||||||
|
Service = {
|
||||||
|
ExecStartPre = "${lib.getExe' pkgs.coreutils "mkdir"} %h/.waypipe -p";
|
||||||
|
ExecStart = "${lib.getExe pkgs.waypipe} --socket %h/.local/state/waypipe/client.sock client";
|
||||||
|
ExecStopPost = "${lib.getExe' pkgs.coreutils "rm"} -f %h/.local/state/waypipe/client.sock";
|
||||||
|
};
|
||||||
|
Install.WantedBy = [ "graphical-session.target" ];
|
||||||
|
};
|
||||||
|
waypipe-server = {
|
||||||
|
Unit.Description = "Runs waypipe on startup to support SSH forwarding";
|
||||||
|
Service = {
|
||||||
|
Type = "simple";
|
||||||
|
ExecStartPre = "${lib.getExe' pkgs.coreutils "mkdir"} %h/.waypipe -p";
|
||||||
|
ExecStart = "${lib.getExe pkgs.waypipe} --socket %h/.local/state/waypipe/server.sock --title-prefix '[%H] ' --login-shell --display wayland-waypipe server -- ${lib.getExe' pkgs.coreutils "sleep"} infinity";
|
||||||
|
ExecStopPost = "${lib.getExe' pkgs.coreutils "rm"} -f %h/.local/state/waypipe/server.sock %t/wayland-waypipe";
|
||||||
|
};
|
||||||
|
Install.WantedBy = [ "default.target" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -4,6 +4,10 @@
|
||||||
services.openssh.settings = {
|
services.openssh.settings = {
|
||||||
PermitRootLogin = "yes";
|
PermitRootLogin = "yes";
|
||||||
PasswordAuthentication = false;
|
PasswordAuthentication = false;
|
||||||
|
StreamLocalBindUnlink = "yes";
|
||||||
|
GatewayPorts = "clientspecified";
|
||||||
|
AcceptEnv = "WAYLAND_DISPLAY";
|
||||||
|
X11Forwarding = true;
|
||||||
};
|
};
|
||||||
programs.ssh.knownHosts = {
|
programs.ssh.knownHosts = {
|
||||||
"git.chir.rs".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE+GanuiV1I08OP8+nNy24+zagQN08rtJnCoU/ixiQNn";
|
"git.chir.rs".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE+GanuiV1I08OP8+nNy24+zagQN08rtJnCoU/ixiQNn";
|
||||||
|
|
|
@ -11,6 +11,8 @@
|
||||||
merge.conflictstyle = "diff3";
|
merge.conflictstyle = "diff3";
|
||||||
push.autoSetupRemote = true;
|
push.autoSetupRemote = true;
|
||||||
rerere.enabled = true;
|
rerere.enabled = true;
|
||||||
|
user.signingkey = "AB2BD8DAF2E37122";
|
||||||
|
commit.gpgsign = true;
|
||||||
};
|
};
|
||||||
delta.enable = true;
|
delta.enable = true;
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue