nix: Fixes and gnupg

2023-10-28 23:03:27 +02:00 · 2023-10-28 23:03:27 +02:00 · 0ffe92164d
parent 98efabc904
commit 0ffe92164d
7 changed files with 51 additions and 68 deletions
--- a/config/automatrop/playbooks/default.yml
+++ b/config/automatrop/playbooks/default.yml
@ -11,8 +11,6 @@
      tags: dotfiles
    - role: vim
      tags: vim
-    - role: gnupg
-      tags: gnupg
    - role: mnussbaum.base16-builder-ansible # Required for desktop_environment
      tags:
        - color
--- a/config/automatrop/roles/dotfiles/tasks/main.yml
+++ b/config/automatrop/roles/dotfiles/tasks/main.yml
@ -19,12 +19,6 @@
  tags: dotfiles_repo
 # TODO Put actual dotfiles in a subdirectory of the repo, so we don't have to put everything in config

- name: Register as Ansible collection
-  file:
-    state: link
-    src: "{{ ansible_user_dir }}/.dotfiles/config/automatrop"
-    path: "{{ ansible_user_dir }}/.ansible/collections/ansible_collections/geoffreyfrogeye/automatrop"
-
 - name: Install python dependencies for scripts
  pip:
    requirements: "{{ ansible_user_dir }}/.dotfiles/config/scripts/requirements.txt"
--- a/config/automatrop/roles/gnupg/tasks/main.yml
+++ b/config/automatrop/roles/gnupg/tasks/main.yml
@ -1,51 +0,0 @@
- name: Create GnuPG directory
-  file:
-    path: "{{ gnupghome }}"
-    state: directory
-    mode: "u=rwx"
-
- name: Create GnuPG configuration files
-  file:
-    path: "{{ gnupghome }}/{{ item }}"
-    state: file
-    mode: "u=rw,g=r,o=r"
-  loop:
-    - gpg-agent.conf
-    - gpg.conf
-
- name: Configure GnuPG
-  lineinfile:
-    path: "{{ gnupghome }}/gpg.conf"
-    regex: "^#?\\s*{{ item.key }}\\s"
-    line: "{{ item.key }}{% if item.value is defined %} {{ item.value }}{% endif %}"
-  loop:
-    # Remove fluff
-    - key: no-greeting
-    - key: no-emit-version
-    - key: no-comments
-    # Output format that I prefer
-    - key: keyid-format
-      value: 0xlong
-    # Show fingerprints
-    - key: with-fingerprint
-    # Make sure to show if key is invalid
-    # (should be default on most platform,
-    # but just to be sure)
-    - key: list-options
-      value: show-uid-validity
-    - key: verify-options
-      value: show-uid-validity
-    # Stronger algorithm (https://wiki.archlinux.org/title/GnuPG#Different_algorithm)
-    - key: personal-digest-preferences
-      value: SHA512
-    - key: cert-digest-algo
-      value: SHA512
-    - key: default-preference-list
-      value: SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
-    - key: personal-cipher-preferences
-      value: TWOFISH CAMELLIA256 AES 3DES
-
- name: Install Geoffrey Frogeye's key
-  gpg_key:
-    fpr: 4FBA930D314A03215E2CDB0A8312C8CAC1BAC289
-    trust: 5
--- a/config/automatrop/roles/gnupg/vars/main.yml
+++ b/config/automatrop/roles/gnupg/vars/main.yml
@ -1 +0,0 @@
-gnupghome: "{{ ansible_user_dir }}/.config/gnupg"
--- a/config/nix/hm/common.nix
+++ b/config/nix/hm/common.nix
@ -1,9 +1,12 @@
-{ pkgs, ... }:
+{ pkgs, config, ... }:
+let
+  gnupghome = "${config.xdg.dataHome}/gnupg";
+in
 {
  home.stateVersion = "23.05";
-  programs.home-manager.enable = true;

  programs = {
+    home-manager.enable = true;
    zsh = {
      enable = true;
      enableAutosuggestions = true;
@ -17,9 +20,39 @@
      vimAlias = true;
      viAlias = true;
    };
+    gpg = {
+      enable = true;
+      homedir = gnupghome;
+      settings = {
+        # Remove fluff
+        no-greeting = true;
+        no-emit-version = true;
+        no-comments = true;
+        # Output format that I prefer
+        keyid-format = "0xlong";
+        # Show fingerprints
+        with-fingerprint = true;
+        # Make sure to show if key is invalid
+        # (should be default on most platform,
+        # but just to be sure)
+        list-options = "show-uid-validity";
+        verify-options = "show-uid-validity";
+        # Stronger algorithm (https://wiki.archlinux.org/title/GnuPG#Different_algorithm)
+        personal-digest-preferences = "SHA512";
+        cert-digest-algo = "SHA512";
+        default-preference-list = "SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed";
+        personal-cipher-preferences = "TWOFISH CAMELLIA256 AES 3DES";
+      };
+      publicKeys = [{
+        source = builtins.fetchurl {
+          url = "https://keys.openpgp.org/vks/v1/by-fingerprint/4FBA930D314A03215E2CDB0A8312C8CAC1BAC289";
+          sha256 = "sha256:10y9xqcy1vyk2p8baay14p3vwdnlwynk0fvfbika65hz2z8yw2cm";
+        };
+        trust = "ultimate";
+      }];
+    };
  };

-
  home.packages = with pkgs; [
    # dotfiles dependencies
    coreutils
--- a/config/nix/os/geoffrey.nix
+++ b/config/nix/os/geoffrey.nix
@ -7,6 +7,7 @@
  users.users.geoffrey = {
    isNormalUser = true;
    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+    shell = pkgs.zsh;

    initialPassword = "cartable"; # DEBUG
    openssh.authorizedKeys.keys = [
@ -14,9 +15,19 @@
    ];
  };

-  home-manager.users.geoffrey = { pkgs, ... }: {
-    imports = [
-      ../hm/loader.nix
-    ];
+  # Won't allow to set the shell otherwise,
+  # even though home-manager sets it
+  programs.zsh.enable = true;
+
+  home-manager = {
+    users.geoffrey = { pkgs, ... }: {
+      imports = [
+        ../hm/loader.nix
+      ];
+    };
+    # Makes VMs able to re-run
+    useUserPackages = true;
+    # Adds consistency
+    useGlobalPkgs = true;
  };
 }
--- a/config/shell/shenv
+++ b/config/shell/shenv
@ -29,7 +29,6 @@ direnv CARGOHOME "$HOME/.cache/cargo" # There are config in there that we can ve
 export CCACHE_CONFIGPATH="$HOME/.config/ccache.conf"
 direnv CCACHE_DIR "$HOME/.cache/ccache" # The config file alone seems to be not enough
 direnv DASHT_DOCSETS_DIR "$HOME/.cache/dash_docsets"
-direnv GNUPGHOME "$HOME/.config/gnupg"
 direnv GOPATH "$HOME/.cache/go"
 direnv GRADLE_USER_HOME "$HOME/.cache/gradle"
 export INPUTRC="$HOME/.config/inputrc"
				`@ -1 +0,0 @@`
				`gnupghome: "{{ ansible_user_dir }}/.config/gnupg"`