Compare commits

...

6 commits

Author SHA1 Message Date
b4f73c5d93
make home-manager-name wanted by multi-user.target as well
Some checks reported errors
Hydra nixosConfigurations.not522 Hydra build #27095 of nixos-config:pr618:nixosConfigurations.not522
Hydra nixosConfigurations.oracle-installer Hydra build #27097 of nixos-config:pr618:nixosConfigurations.oracle-installer
Hydra nixosConfigurations.not522-installer Hydra build #27096 of nixos-config:pr618:nixosConfigurations.not522-installer
Hydra nixosConfigurations.thinkrac Hydra build #27100 of nixos-config:pr618:nixosConfigurations.thinkrac
Hydra nixosConfigurations.pc-installer Hydra build #27098 of nixos-config:pr618:nixosConfigurations.pc-installer
Hydra nixosConfigurations.rainbow-resort Hydra build #27099 of nixos-config:pr618:nixosConfigurations.rainbow-resort
2024-11-21 09:52:59 +01:00
249ea2632d
forward x11 and wayland 2024-11-21 09:49:24 +01:00
e48c086eb6
forward gpg and ssh agent 2024-11-21 09:44:10 +01:00
3b6838cb08 make git use gpg 2024-11-21 09:23:05 +01:00
5f9d82aa02 support gpg 2024-11-21 09:22:59 +01:00
4123b40932 enable autoupdater 2024-11-21 08:20:44 +01:00
11 changed files with 175 additions and 3 deletions

View file

@ -65,3 +65,8 @@ creation_rules:
- age: - age:
- *base - *base
- *darkkirb - *darkkirb
- path_regex: services/desktop/gpg/privkey.yaml
key_groups:
- age:
- *base
- *darkkirb

View file

@ -100,7 +100,7 @@ with lib;
{ {
name = "home-manager-${name}"; name = "home-manager-${name}";
value = { value = {
wantedBy = mkForce [ wantedBy = [
"user@${toString cfg.uid}.service" "user@${toString cfg.uid}.service"
]; ];
after = [ after = [

View file

@ -40,7 +40,7 @@ with lib;
}; };
}; };
#config.nix.auto-update.enable = mkDefault config.nix.enable; config.nix.auto-update.enable = mkDefault config.nix.enable;
config.nix.auto-update.reboot = mkDefault true; config.nix.auto-update.reboot = mkDefault true;
config.systemd.services.nixos-upgrade = mkIf config.nix.enable { config.systemd.services.nixos-upgrade = mkIf config.nix.enable {
description = "NixOS Upgrade"; description = "NixOS Upgrade";

View file

@ -18,6 +18,7 @@
"build-rainbow-resort" "build-rainbow-resort"
"build-aarch64" "build-aarch64"
"build-riscv" "build-riscv"
"rainbow-resort.int.chir.rs"
] ]
{ {
identityFile = identityFile =
@ -26,6 +27,23 @@
else else
config.sops.secrets.".ssh/id_ed25519_sk".path; config.sops.secrets.".ssh/id_ed25519_sk".path;
}; };
matchBlocks."rainbow-resort.int.chir.rs" = {
forwardAgent = true;
remoteForwards = [
{
bind.address = "/%d/.local/state/gnupg/S.gpg-agent";
host.address = "/%d/.local/state/gnupg/S.gpg-agent.extra";
}
{
bind.address = "/%d/.local/state/waypipe/server.sock";
host.address = "/%d/.local/state/waypipe/client.sock";
}
];
forwardX11 = true;
forwardX11Trusted = true;
setEnv.WAYLAND_DISPLAY = "wayland-waypipe";
extraOptions.StreamLocalBindUnlink = "yes";
};
enable = true; enable = true;
}; };
sops.secrets = lib.mkIf (config.home.username != "root") { sops.secrets = lib.mkIf (config.home.username != "root") {

View file

@ -3,5 +3,6 @@
imports = [ imports = [
./kdeconnect.nix ./kdeconnect.nix
./gpg ./gpg
./waypipe.nix
]; ];
} }

View file

@ -1,4 +1,9 @@
{ config, pkgs, ... }: {
config,
pkgs,
lib,
...
}:
{ {
programs.gpg = { programs.gpg = {
enable = true; enable = true;
@ -6,10 +11,43 @@
mutableKeys = false; mutableKeys = false;
mutableTrust = false; mutableTrust = false;
scdaemonSettings.disable-ccid = true; scdaemonSettings.disable-ccid = true;
publicKeys = [
{
source = ./keys/0xB4E3D4801C49EC5E.asc;
trust = "ultimate";
}
];
}; };
services.gpg-agent = { services.gpg-agent = {
enable = true; enable = true;
enableSshSupport = true; enableSshSupport = true;
pinentryPackage = pkgs.pinentry-qt; pinentryPackage = pkgs.pinentry-qt;
enableExtraSocket = true;
};
sops.secrets."pgp/0xB4E3D4801C49EC5E.asc".sopsFile = ./privkey.yaml;
home.activation.import-gpg-privkey =
lib.hm.dag.entryAfter
[
"writeBoundary"
"sops-nix"
"importGpgKeys"
]
''
run env GNUPGHOME=${config.programs.gpg.homedir} ${config.programs.gpg.package}/bin/gpg --import ${
config.sops.secrets."pgp/0xB4E3D4801C49EC5E.asc".path
}
'';
programs.fish.loginShellInit = "gpgconf --launch gpg-agent";
systemd.user.services.link-gnupg-sockets = {
Unit = {
Description = "link gnupg sockets from /run to /home";
};
Service = {
Type = "oneshot";
ExecStart = "${pkgs.coreutils}/bin/ln -Tfs /run/user/%U/gnupg %h/.local/state/gnupg";
ExecStop = "${pkgs.coreutils}/bin/rm $HOME/.local/state/gnupg";
RemainAfterExit = true;
};
Install.WantedBy = [ "default.target" ];
}; };
} }

View file

@ -0,0 +1,48 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEYfph3hYJKwYBBAHaRw8BAQdAWYTcPt/iW5HydB1kBRgUk9yDIvp6iwYu8zVB
yRsLPEi0JUNoYXJsb3R0ZSDwn6adIERlbGVuayA8bG90dGVAY2hpci5ycz6IzwQT
FgoAdwIbAQQLCQgHBBUKCQgFFgIDAQACHgUCF4ACGQEWIQTvXzZ6leC/pjkC2Gq0
49SAHEnsXgUCZElLLz0UgAAAAAAQACRwcm9vZkBhcmlhZG5lLmlkaHR0cHM6Ly9h
a2tvLmNoaXIucnMvdXNlcnMvY2hhcmxvdHRlAAoJELTj1IAcSexexHYA/2t1Rgmb
NXXBO+pmwII+EDIsOe1ZGI5lY1i6fXgq5c5iAQC2HqBXBv/E0ZJkQwaXLM3s+axP
o38TImzETJKT3Ja/D4kCMwQQAQoAHRYhBCBtpeHaCQS27kkWujzvXdqRWuywBQJh
+mNQAAoJEDzvXdqRWuywotIP/3jCrxmP1q65BSx305uHGpt0Yn9X01xq0OBCCbBg
8GRfdCYCFi1QzNcZwcrNZm71TR4gr5r0ZdZECHtm8AQe3nMtD9MJhsnku8qrMIwl
Y/HFgtZcQToMQgd3tDciMnBLLQhsNsW2gePN/REgHbq0VRNQX4UvwN9u+4Odp+W6
aOuG4mx/t0SHPvftsLn7DTP0/tIHQT6iWtIqfqtWtuxL7SLrzKzRWuNmYGKwgx7g
cmg4aBEBBpTQxx8aokPtcV90GTx6oU4gKaZsDuHkHERKggJZqZJNpuiJio45yvOC
Ht/7UwpSJI/WL4bvN8S9ecSRGiweillZlk/fQe9Rmok7NOsn2lA0Jpvj5UngqiSe
dqKfcDcgNRPXoc6aZYZV97Vddttploa93MG50DGjEUERX9vxwU0YcxmmvfNoH07M
Exp2eGlNImCGnlTyP7CLHnhfb9GeH63dKCkmYNNzP9p0f/HDPzSWCCFCGXz915nn
ZiJag/4bu4j+iDkXb0qYWCE8YQnCyDJjFbno7mzmyZdzRxdAt1UtLs0JjV6r3M5r
biH59aOgLjG1Co7ZbWj6tcQsgT+40GceiyMEva1eOm+lYjJnB2GQBCyeFhipnZTa
3yUeA86gKNjGwRGhqeQHpkuJeQkbwuYpY2p7scn5wAmn6tuJbup/7hBYjRXcTcat
/G/ziJEEExYKADkCGwEECwkIBwQVCgkIBRYCAwEAAh4FAheAFiEE7182epXgv6Y5
AthqtOPUgBxJ7F4FAmH6ZEgCGQEACgkQtOPUgBxJ7F7MbQEA28gNr8W5c2qiAEp1
gd7MWXU7/XDA1T7KB0gT4zikePwA/irn7tpqLyZC4d+N8gF2950qMt9h+t6kamc+
GtEyF6UDtCxDaGFybG90dGUg8J+mnSBEZWxlbmsgPGRhcmtraXJiQGRhcmtraXJi
LmRlPojMBBMWCgB0AhsBBAsJCAcEFQoJCAUWAgMBAAIeBQIXgBYhBO9fNnqV4L+m
OQLYarTj1IAcSexeBQJkSUsvPRSAAAAAABAAJHByb29mQGFyaWFkbmUuaWRodHRw
czovL2Fra28uY2hpci5ycy91c2Vycy9jaGFybG90dGUACgkQtOPUgBxJ7F6llAD/
U6oyWWt+QXgnlfivMe2EprjR3XlNDTkA7qYwEHsFmJIA/AyWeaRoJWQKc/U7BaO2
cCAOm8cZc0ANLuPX8Mz5FZ4OiI4EExYKADYWIQTvXzZ6leC/pjkC2Gq049SAHEns
XgUCYfpkLQIbAQQLCQgHBBUKCQgFFgIDAQACHgUCF4AACgkQtOPUgBxJ7F6SCwD/
S4pvjaU3c6Ov9LiETafcQnGOoyo1ATknphL5H2agh0UBAOPmX3T7NrWepQVJt4Nc
Qp3Nuggqqw3xPjqjrOpPnHAOuDMEYfpjyRYJKwYBBAHaRw8BAQdAPNDxa/Ee1Ovc
aJiFJb3HNGKjVZBepXDN0gX9CTYEVj+I9QQYFgoAJgIbAhYhBO9fNnqV4L+mOQLY
arTj1IAcSexeBQJnPutvBQkHJbsmAIF2IAQZFgoAHRYhBC79cu8hxFgw7HriU6sr
2Nry43EiBQJh+mPJAAoJEKsr2Nry43Ei4NYA/AsOyJgBZq6MET81FjAa16fZWlAC
dGxqNMEv2XVtsp7PAQCTNdttTShA84S/ZY5znPZQMxGtdDpVnXI+oQm8fkgRDwkQ
tOPUgBxJ7F7bkQEA/LYsodtgoK47nrJtPSTESMnQcyO+9U8f9bLgffs+MVMBAP5m
X19Mmq6x++GuMsTNk9SHZccuIZwodfLuHYV2fVIFuDgEYfpj6hIKKwYBBAGXVQEF
AQEHQMcqCbS7zlaE56jD3Dwk+/ty58wLxolO9Uw6j31UsnoOAwEIB4h+BBgWCgAm
AhsMFiEE7182epXgv6Y5AthqtOPUgBxJ7F4FAmc+628FCQcluwUACgkQtOPUgBxJ
7F4PkwD/QwITag2hM3yL9YuOjCD7/mWIVt/i39RgTgb7czN/OeEA/3v2NVVHwfBu
UQkC4h07SFLAysIiosQaEGamnyLim2QPuDMEYfpkABYJKwYBBAHaRw8BAQdAUWJh
OMgwfpjMCtNYyNPyviKMsN5N1EB6R6NET9b+cseIfgQYFgoAJgIbIBYhBO9fNnqV
4L+mOQLYarTj1IAcSexeBQJnPutvBQkHJbrvAAoJELTj1IAcSexereMBALbxvn97
a1RA7bU0g2C05CTkcArsm63ugmBq/fztsEnUAP9xmlZgD4TUuxQfEhPnzE8Zdw++
3a97jNjZSnYc0NxGBA==
=VnTl
-----END PGP PUBLIC KEY BLOCK-----

View file

@ -0,0 +1,31 @@
pgp:
0xB4E3D4801C49EC5E.asc: ENC[AES256_GCM,data:eGvKzysZy46FNrjfuDHUXidvAsAnyAszGMSlk2KVu8T9UjjT/KMta1Ys9wgfGn3MVm8SUhohprdR31R83l2+2FqNaRVcYNRhvsfrGUtmsPEC1346D0D3nxIcu33Pv7eROnIc7AaAcf+j2rHeqCyaSDS3Uwdx8oyl/ceiTaAzlohoDfPo43b5uetaCWH4KSdK2LKmrisOymrD4qrhgtFgpaIV6c3GfjrRG0uHczpoMOEje19IyenfF6uaIVSuXEjZqfi9dazFF3RtEpeNA4+oS29iKoY1zF2zj5uX10HlKrC+caiiJ7vO+yLt47jjYu2TbbbRgNR4AkMsxoW78EwBIHWKWp59q1mJV6uNL7Xjrxhq9qKxfcv08RHlk5jhM7Fy6/3pgAmhv/DuiIF3zWpaD1h4JJA+WMeoYb0N2npaW6mVUn61dIArbTxlxUxhtIPbxCa7cRqCe/YWrnFbca4aeSIgId8T46sN+Iv2O5yI9BZJabC8rfgQcESNUOJMbeCoQZR2+XCYnB1mo6Elh1mAeqIsaXRtSHzuWboIb9D6f9yY2KEousx6dskXor++LEQL4+z0POOIdjeS3m1F8SJBJ46aFIis57rls7sQs7bjeIrSjI8aWGCPwoSLIUe8Yv9leOnkijy3mzq75SAQ984nmuhByNXs9rfQZ038ZtK9RaafASZwuURErD2+h2ZHElU5BieI6Zd6r1efOe2NG4BD2bI0nghF7CG30A0KeiS3Gh+Xb65LooMZ/BKkYLiMEGvT9fJeCVLCMyDK+dUGSZgjdkG9nyosYyWxqSGo8eTSQWTnS2bwoBI2sHyd7/NvJ0rQeq6VhUa/S9jygNfp60/W6GN+kmLFv1yhkhjhvyXM7iyqabaZqf9DJnD7UpDg1h4faMEvWSS2sEjrUvZm4FGEn/k3yS0WiXzCqj6/TeuSjQbjsgC102Si2ULSwIy2wGYfPZLFRO/I55nGK/Vxx+/KePWBif0wJ7r5PdICiR6LVcDhF+ZXjPLvg4HsxhuPaBl1hHDuB6/0ZMX2b+3EWPzw2kwvBdzte1lr01cRq/tj1Xx1aecPNr+/l+yACrDyf3X2Mshuk+ad8eP1BvaIcNT5pFADXqcY5okavUHrhIU0lGf6WytFDa/aOX9z5IZG2CPmZ7ACyrJMDl+ESCC5WWinSBq83vHmxQYlqyRs0lPYQObbqGvT91GCDhqB/T86CMiJf/z1BlqDIIsTjBJE6328KAEv364d1fjAJG1Cws98lRqcaTNgnhfYJ7LLVY4GPXVrOhoUumH7NaeSWhDEYehproEIcu/SmOWWzG4o1UGePf2rH3l7zdWtVImIXN7g8G4YwY/zAfoUtn0KBpJVp0ZcnklpwZs4nfpvN0DBtAPn0toozEF4fyXjzbTK8bU7UZ/zpKvmea/5WaV9SyESb/A9AJPq9teui0A9u/DxKQx7SHtR1a5w8ysTsBAAzWswbgDUHxE3V6leCTjR5GvSofLDIuygyQCZ/IMu52EckDhf0cesfydLzyt0sm89/0s/B0mvAeQR/pQl86vuPMuJdpy7VrGeLpbWAFYNTwxDteaZXRGsJudRnm0UGrchhjU6jBeiIvpOi2I6TucjyNWdMOnHx1zBnJchZ87g1QWIqQ9RHCgVWhaDY76q/yvDlbdwmo7c5XSnIx7pHuCSvR2khi8yE3K2NImgL+S12qU0QtHXd3XPAD/+QpNOprc5y1pY4rHoT5WcOsrMBI4NxixGDJb2Ovzd1NxIXmX0qSuiP/AuyWNg763dBi0KDI0DHZM7QE855VGZKSemaaLs8M4w1cEo3oDzVFO9Pt+UFzxhp10AyeY65IhYmPEpQ1YFgQvqKg4SfWPGE2x0jJ25hRrAqJx26aSVybKEnm3zne+OSZT4E/E7fUvZr/+evxGOTzA92TJjxECRqoAOBTXaVoUcbEOcShT8bgGj0IkTsVYAESUAngzi2/vNLdwxLuDlYbPDF2JEdKZRS4vmcvy7kM9URXF7U1WrphFYmJnHDC7LLyBdzJMg49HDEgmgAiYk9f7zb/9A/NExsxFOq/PoqD3oyQzV+l7xSiBLXRs0uw8JqzF59TNK1XCEsru0U0zyWRN789tun0TNoQR6SyV1jeymsQC4tKUYvXucPsQObokF9OB8VlfIcLZ7omSymOjfWXM2ux2Qcxgmy12rnpFxTBIhB9zRXTBiUPlt+XM5EwEv4ys2q4g7Gs/vYgMT2a9tnI8I4pyCJKItsNbn0mrk6JEojiSn+HnXEbM79DCPpxGUXHMor7BkxHPoBCu6kwde5Igr6126z70dMkxwY2tOI+SghTojbkFRMmVJ8yrgBZB6cu0eSr86yH/uX6UtXfQx809TcQix2seSBqO7r31MLVfhRV+v5e3OT4QXV9EaAOrfGIM0dzkvceq96HgOogxYhr6krQbF61fpebcwNBHaUDs//f34PefykE8RLkza8HcCGsr62YM2yPxXhU0cEaimfhDJ1Qgi6rjnGY8QfxRQPUwmdscWfYnIsAPPoiTQ//up6XEewFqKE9AordPy53fpW6j0xNojyz4FqexgC/zBAxO7j2STSPf3J9A4PJlamEBrbE7XatBAOFhHN1JZUZYSlDc/FHJO/5A/FoELPG3kHzQ/uLG0tGZPqsSP4y5RPz+vmP2CzCl3tzrC7doQJ3kStXzGk8IMc8Ix6XiBrIxNlZacbxUiO65qC5n/7OrSGTQ9SDD7N8IKyfNDHVabtPHLWoR6QvaFyCnyqthOOsAyvPUKu6M4af8wNaSXvHM1jCRYKvaTVLgcIzscV+NVYSMnd+JdGtEWLQs804pa9EKFqK7G7fVJlSkr78jwTpVmkVY2j3JCIjlgXAP0XCxz8KL5XNKlPUZAFwqS17XvgmaLA6FLv8sv0Qare9jtYp9bR70B9G6tzZ6StnR0+nNJI6br8jsaSVD2UycH64V1PaqT5cyNA0K/+fdb5qRWCFUxQuBk5cDq6TLxtVYcN38a1HQzM7Vrsw0XEblKjesAgwN3aKeCpagTKwLA0ruhtUPPoHsmM/b6vNB54lBAbDVkVIJdd7NylUmIJjXjPV9pjH1BH9q7wUIAiXQJwKcuIPnwiywblye2iuqkxX//aLkaMSJqlzIbINbyg1YGxo7KOfX8uSPD2ZTH1C2QzCdU+yQhDY90hSIy0dFQJhHuEujDP09tUZIUJege7BTvUzWtlTStX9rUi3uii9bxv/szlQrhFE2ltoTN0arhLtzcRXkLRjDUkw0tmHP7Ah3kwJfV3mBc156pcFPDt9Ay8VOUqiTn3P2gL23oFL3EV0DrZ/xiPrrP3x8q+ELqM6vDpJkUhEIKPLB+YfmqYH9WGB/fZNtMFhx9HdXXXO1Ylc9adyGnOS3qTqrosfhfEfi3bxQ07VlpDDwtBbd3pXwJGjNj+v8pNCaxccVUdG+q/7z6u4kdG2UDRv09HanC2fvr2ylr0/QIDdMTD+ka81ZK/CuB1D5O0CxOr0sncYmy3xTjppLBGsrF3AdIZ0dQskBfajtfaihbBygFcLtq2GudWNXbhzEy6w36Uq/urQCrCGGjDTpmjDlzUSPm/Uac6WXa02aJ8nj7PAMdX176OYO4zcOk0TWBx6PFB9xaIX37rEm8q1TDM0UCuGXqgqKMlbo7vip8oPxMqNRdNsQiLUQlRRpo4xVDwTIXQE3RRSGXeCfOEbSpRVSw3fuVL/85gL+0nW1e+iTNjZTOMdFwYgKAlVF8or3A0yeGcLuTU0uBRFoEpb9ab1d2uaGiQC3CSyRj8CdJ7SHrNulUzKfK4GKd55MkfFuP6hqZW4LTvX0ZGjAdyhj6dXlKQetFjYZDW5b8UoJYQhFAtjzbJj+9PmpFMPwU7HwrpJskmDGsdLZlBCxPBw/kpkw/GSUMVqRKcajQ71M0UxkmHHXERho3x2Lwieahb9cAmbkySUPSlBiqct/0n0EP5GAkXsrZCVgIxnZ1cutbIFTAjDr5+F/UhzKtqEupbF5WXgyZKi5K8nRA5yjpBybVpKgcfLdm4VF+wKl/h0UkVMdk+3F2E1A14EMB9e2aDKI=,iv:DXDK1KJ5TVIaz43GZEYEQRX/KYhV79hpu9RB6BdqP58=,tag:c2cbvykpswWiuVmtnoQ1Ww==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1tltjgexkp5fz3rum4j0k66ty5q4u8ptvkgkepumd20zal24g2qfs5xgw76
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhQ1Q1YjB6V09UZzNZeE1Z
c2tNZFoyZ0xnWUV4NDVjRC9WS1lPcE8rMDJzCnF1ZFJvZEhLM09XeHZESTFla0ow
c0srSGRtdnBLSytqT1ZQNzh6MjR6MEUKLS0tIHZxdktjMnhDUnpFRFV6TDdHTWtN
QjQzempqdGloNnBIT1gzM0ZHUUwwVHMKzu/dHJ30SM1u8iAcAUFET2R4MImrxXyb
oaysw2RJzhb+THz+bnyeP+eH6kXcvg6tvzdESd/QOXQzbE5iraG5eg==
-----END AGE ENCRYPTED FILE-----
- recipient: age15g6tzvcmcp3ae4hwnn4pwewat6eq9unlhtjrlaka6rf94ej9dd5qqpgt7u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBncThtZS9Ea0wrek94S1Nq
eWVEbEpvMWpGMW9UUGh6U1JYOGFndDY5NG5JClNPVVlsblFjQXJqcjgwdi91TWxP
UFdCcU5hZE4xbW5aNXYvN3M3bFZ6bGsKLS0tIFE0TGx5azNPYXF2MWdsNHpoMzhM
cnM5SGg1TEkrN1dCOEZWbElaVEFzNlkKzHjTkcZmcqxwfwExMH3fnNIesvy6y8N7
aSqPXsd2xo6yc2TNTh1ufvpKOwR6HB5q9AT1Dnpyrrmn0MwPdIHQEQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-21T08:13:09Z"
mac: ENC[AES256_GCM,data:bn1lA00v4gQqJ5rySjOmNVOGKTuJIsQ7YBiVMhvIwrKI58KjRENYUCGTxqHkfLYFUr7JpP6fCVgw6vOwe6UGc17p4aFAnERBzKZlo9FPQFYuZ0Kgjacv+QRX5Ie9DR1a6yF6mVJ8Fcub9TH9tL6lHd4Z28MSuVHQgnV8ajVYd5c=,iv:KyVVUITsTCeq+slNOtrWY8NrXzDaCPSrF2C6K9AmBzo=,tag:mSGLiTnlTysQKPUL/8JSDg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

View file

@ -0,0 +1,25 @@
{ pkgs, lib, ... }:
{
home.packages = [ pkgs.waypipe ];
systemd.user.services = {
waypipe-client = {
Unit.Description = "Runs waypipe on startup to support SSH forwarding";
Service = {
ExecStartPre = "${lib.getExe' pkgs.coreutils "mkdir"} %h/.waypipe -p";
ExecStart = "${lib.getExe pkgs.waypipe} --socket %h/.local/state/waypipe/client.sock client";
ExecStopPost = "${lib.getExe' pkgs.coreutils "rm"} -f %h/.local/state/waypipe/client.sock";
};
Install.WantedBy = [ "graphical-session.target" ];
};
waypipe-server = {
Unit.Description = "Runs waypipe on startup to support SSH forwarding";
Service = {
Type = "simple";
ExecStartPre = "${lib.getExe' pkgs.coreutils "mkdir"} %h/.waypipe -p";
ExecStart = "${lib.getExe pkgs.waypipe} --socket %h/.local/state/waypipe/server.sock --title-prefix '[%H] ' --login-shell --display wayland-waypipe server -- ${lib.getExe' pkgs.coreutils "sleep"} infinity";
ExecStopPost = "${lib.getExe' pkgs.coreutils "rm"} -f %h/.local/state/waypipe/server.sock %t/wayland-waypipe";
};
Install.WantedBy = [ "default.target" ];
};
};
}

View file

@ -4,6 +4,10 @@
services.openssh.settings = { services.openssh.settings = {
PermitRootLogin = "yes"; PermitRootLogin = "yes";
PasswordAuthentication = false; PasswordAuthentication = false;
StreamLocalBindUnlink = "yes";
GatewayPorts = "clientspecified";
AcceptEnv = "WAYLAND_DISPLAY";
X11Forwarding = true;
}; };
programs.ssh.knownHosts = { programs.ssh.knownHosts = {
"git.chir.rs".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE+GanuiV1I08OP8+nNy24+zagQN08rtJnCoU/ixiQNn"; "git.chir.rs".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE+GanuiV1I08OP8+nNy24+zagQN08rtJnCoU/ixiQNn";

View file

@ -11,6 +11,8 @@
merge.conflictstyle = "diff3"; merge.conflictstyle = "diff3";
push.autoSetupRemote = true; push.autoSetupRemote = true;
rerere.enabled = true; rerere.enabled = true;
user.signingkey = "AB2BD8DAF2E37122";
commit.gpgsign = true;
}; };
delta.enable = true; delta.enable = true;
}; };