-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathhome.nix
More file actions
73 lines (64 loc) · 1.74 KB
/
home.nix
File metadata and controls
73 lines (64 loc) · 1.74 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
{ config, pkgs, ... }:
{
# === NO PACKAGE MANAGEMENT ===
home.packages = [];
programs.home-manager.enable = true;
home.file = {
".gemini/settings.json" = {
source = ./gemini/settings.json;
};
".ssh/config" = {
source = ./ssh/config;
};
".ssh/mrw-droid-github.pub" = {
source = ./ssh/mrw-droid-github.pub;
};
".ssh/authorized_keys" = {
text =
let
authorizedKeysDir = ./ssh/authorized_keys;
keyFiles = builtins.attrNames (builtins.readDir authorizedKeysDir);
pubKeyFiles = builtins.filter (file: builtins.match ".*\\.pub" file != null) keyFiles;
keys = builtins.map (keyFile: builtins.readFile (authorizedKeysDir + "/${keyFile}")) pubKeyFiles;
in
builtins.concatStringsSep "\n" keys;
};
};
xdg.configFile = {
"zed/settings.json" = {
source = ./zed/settings.json;
};
"zed/keymap.json" = {
source = ./zed/keymap.json;
};
# This manages ~/.config/fish/
"fish/config.fish" = {
source = ./fish/config.fish;
};
};
programs.ssh = {
enable = true;
enableDefaultConfig = false;
matchBlocks = {
"*" = {
extraOptions = {
"IdentitiesOnly" = "yes";
"SendEnv" = "LANG LC_*";
"HashKnownHosts" = "yes";
};
};
};
};
### SSH Keys and Config ###
home.sessionVariables = {
SOPS_GCP_KMS_IDS = "projects/nix-dotfiles/locations/global/keyRings/sops-keyring/cryptoKeys/sops-key";
};
sops = {
defaultSopsFile = ./secrets.sops.yaml;
gnupg.home = "${config.home.homeDirectory}/.gnupg";
secrets."github_ssh_key" = {
path = "${config.home.homeDirectory}/.ssh/mrw-droid-github";
mode = "0600";
};
};
}