From 0ffe92164d54d6f1953cfed79fbe87e352053f16 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Geoffrey=20=E2=80=9CFrogeye=E2=80=9D=20Preud=27homme?=
 <geoffrey@frogeye.fr>
Date: Sat, 28 Oct 2023 23:03:27 +0200
Subject: [PATCH] nix: Fixes and gnupg

---
 config/automatrop/playbooks/default.yml       |  2 -
 .../automatrop/roles/dotfiles/tasks/main.yml  |  6 ---
 config/automatrop/roles/gnupg/tasks/main.yml  | 51 -------------------
 config/automatrop/roles/gnupg/vars/main.yml   |  1 -
 config/nix/hm/common.nix                      | 39 ++++++++++++--
 config/nix/os/geoffrey.nix                    | 19 +++++--
 config/shell/shenv                            |  1 -
 7 files changed, 51 insertions(+), 68 deletions(-)
 delete mode 100644 config/automatrop/roles/gnupg/tasks/main.yml
 delete mode 100644 config/automatrop/roles/gnupg/vars/main.yml

diff --git a/config/automatrop/playbooks/default.yml b/config/automatrop/playbooks/default.yml
index 61b48a9..6b9231c 100644
--- a/config/automatrop/playbooks/default.yml
+++ b/config/automatrop/playbooks/default.yml
@@ -11,8 +11,6 @@
       tags: dotfiles
     - role: vim
       tags: vim
-    - role: gnupg
-      tags: gnupg
     - role: mnussbaum.base16-builder-ansible # Required for desktop_environment
       tags:
         - color
diff --git a/config/automatrop/roles/dotfiles/tasks/main.yml b/config/automatrop/roles/dotfiles/tasks/main.yml
index 0498403..3586aa7 100644
--- a/config/automatrop/roles/dotfiles/tasks/main.yml
+++ b/config/automatrop/roles/dotfiles/tasks/main.yml
@@ -19,12 +19,6 @@
   tags: dotfiles_repo
 # TODO Put actual dotfiles in a subdirectory of the repo, so we don't have to put everything in config
 
-- name: Register as Ansible collection
-  file:
-    state: link
-    src: "{{ ansible_user_dir }}/.dotfiles/config/automatrop"
-    path: "{{ ansible_user_dir }}/.ansible/collections/ansible_collections/geoffreyfrogeye/automatrop"
-
 - name: Install python dependencies for scripts
   pip:
     requirements: "{{ ansible_user_dir }}/.dotfiles/config/scripts/requirements.txt"
diff --git a/config/automatrop/roles/gnupg/tasks/main.yml b/config/automatrop/roles/gnupg/tasks/main.yml
deleted file mode 100644
index 619119b..0000000
--- a/config/automatrop/roles/gnupg/tasks/main.yml
+++ /dev/null
@@ -1,51 +0,0 @@
-- name: Create GnuPG directory
-  file:
-    path: "{{ gnupghome }}"
-    state: directory
-    mode: "u=rwx"
-
-- name: Create GnuPG configuration files
-  file:
-    path: "{{ gnupghome }}/{{ item }}"
-    state: file
-    mode: "u=rw,g=r,o=r"
-  loop:
-    - gpg-agent.conf
-    - gpg.conf
-
-- name: Configure GnuPG
-  lineinfile:
-    path: "{{ gnupghome }}/gpg.conf"
-    regex: "^#?\\s*{{ item.key }}\\s"
-    line: "{{ item.key }}{% if item.value is defined %} {{ item.value }}{% endif %}"
-  loop:
-    # Remove fluff
-    - key: no-greeting
-    - key: no-emit-version
-    - key: no-comments
-    # Output format that I prefer
-    - key: keyid-format
-      value: 0xlong
-    # Show fingerprints
-    - key: with-fingerprint
-    # Make sure to show if key is invalid
-    # (should be default on most platform,
-    # but just to be sure)
-    - key: list-options
-      value: show-uid-validity
-    - key: verify-options
-      value: show-uid-validity
-    # Stronger algorithm (https://wiki.archlinux.org/title/GnuPG#Different_algorithm)
-    - key: personal-digest-preferences
-      value: SHA512
-    - key: cert-digest-algo
-      value: SHA512
-    - key: default-preference-list
-      value: SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
-    - key: personal-cipher-preferences
-      value: TWOFISH CAMELLIA256 AES 3DES
-
-- name: Install Geoffrey Frogeye's key
-  gpg_key:
-    fpr: 4FBA930D314A03215E2CDB0A8312C8CAC1BAC289
-    trust: 5
diff --git a/config/automatrop/roles/gnupg/vars/main.yml b/config/automatrop/roles/gnupg/vars/main.yml
deleted file mode 100644
index fb95fd1..0000000
--- a/config/automatrop/roles/gnupg/vars/main.yml
+++ /dev/null
@@ -1 +0,0 @@
-gnupghome: "{{ ansible_user_dir }}/.config/gnupg"
diff --git a/config/nix/hm/common.nix b/config/nix/hm/common.nix
index 2479899..e49e937 100644
--- a/config/nix/hm/common.nix
+++ b/config/nix/hm/common.nix
@@ -1,9 +1,12 @@
-{ pkgs, ... }:
+{ pkgs, config, ... }:
+let
+  gnupghome = "${config.xdg.dataHome}/gnupg";
+in
 {
   home.stateVersion = "23.05";
-  programs.home-manager.enable = true;
 
   programs = {
+    home-manager.enable = true;
     zsh = {
       enable = true;
       enableAutosuggestions = true;
@@ -17,9 +20,39 @@
       vimAlias = true;
       viAlias = true;
     };
+    gpg = {
+      enable = true;
+      homedir = gnupghome;
+      settings = {
+        # Remove fluff
+        no-greeting = true;
+        no-emit-version = true;
+        no-comments = true;
+        # Output format that I prefer
+        keyid-format = "0xlong";
+        # Show fingerprints
+        with-fingerprint = true;
+        # Make sure to show if key is invalid
+        # (should be default on most platform,
+        # but just to be sure)
+        list-options = "show-uid-validity";
+        verify-options = "show-uid-validity";
+        # Stronger algorithm (https://wiki.archlinux.org/title/GnuPG#Different_algorithm)
+        personal-digest-preferences = "SHA512";
+        cert-digest-algo = "SHA512";
+        default-preference-list = "SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed";
+        personal-cipher-preferences = "TWOFISH CAMELLIA256 AES 3DES";
+      };
+      publicKeys = [{
+        source = builtins.fetchurl {
+          url = "https://keys.openpgp.org/vks/v1/by-fingerprint/4FBA930D314A03215E2CDB0A8312C8CAC1BAC289";
+          sha256 = "sha256:10y9xqcy1vyk2p8baay14p3vwdnlwynk0fvfbika65hz2z8yw2cm";
+        };
+        trust = "ultimate";
+      }];
+    };
   };
 
-
   home.packages = with pkgs; [
     # dotfiles dependencies
     coreutils
diff --git a/config/nix/os/geoffrey.nix b/config/nix/os/geoffrey.nix
index b04d8c2..b2ff975 100644
--- a/config/nix/os/geoffrey.nix
+++ b/config/nix/os/geoffrey.nix
@@ -7,6 +7,7 @@
   users.users.geoffrey = {
     isNormalUser = true;
     extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+    shell = pkgs.zsh;
 
     initialPassword = "cartable"; # DEBUG
     openssh.authorizedKeys.keys = [
@@ -14,9 +15,19 @@
     ];
   };
 
-  home-manager.users.geoffrey = { pkgs, ... }: {
-    imports = [
-      ../hm/loader.nix
-    ];
+  # Won't allow to set the shell otherwise,
+  # even though home-manager sets it
+  programs.zsh.enable = true;
+
+  home-manager = {
+    users.geoffrey = { pkgs, ... }: {
+      imports = [
+        ../hm/loader.nix
+      ];
+    };
+    # Makes VMs able to re-run
+    useUserPackages = true;
+    # Adds consistency
+    useGlobalPkgs = true;
   };
 }
diff --git a/config/shell/shenv b/config/shell/shenv
index d28d5f0..bb18950 100644
--- a/config/shell/shenv
+++ b/config/shell/shenv
@@ -29,7 +29,6 @@ direnv CARGOHOME "$HOME/.cache/cargo" # There are config in there that we can ve
 export CCACHE_CONFIGPATH="$HOME/.config/ccache.conf"
 direnv CCACHE_DIR "$HOME/.cache/ccache" # The config file alone seems to be not enough
 direnv DASHT_DOCSETS_DIR "$HOME/.cache/dash_docsets"
-direnv GNUPGHOME "$HOME/.config/gnupg"
 direnv GOPATH "$HOME/.cache/go"
 direnv GRADLE_USER_HOME "$HOME/.cache/gradle"
 export INPUTRC="$HOME/.config/inputrc"