nix: Fixes and gnupg

This commit is contained in:
Geoffrey Frogeye 2023-10-28 23:03:27 +02:00
parent 98efabc904
commit 0ffe92164d
Signed by: geoffrey
GPG key ID: C72403E7F82E6AD8
7 changed files with 51 additions and 68 deletions

View file

@ -11,8 +11,6 @@
tags: dotfiles tags: dotfiles
- role: vim - role: vim
tags: vim tags: vim
- role: gnupg
tags: gnupg
- role: mnussbaum.base16-builder-ansible # Required for desktop_environment - role: mnussbaum.base16-builder-ansible # Required for desktop_environment
tags: tags:
- color - color

View file

@ -19,12 +19,6 @@
tags: dotfiles_repo tags: dotfiles_repo
# TODO Put actual dotfiles in a subdirectory of the repo, so we don't have to put everything in config # TODO Put actual dotfiles in a subdirectory of the repo, so we don't have to put everything in config
- name: Register as Ansible collection
file:
state: link
src: "{{ ansible_user_dir }}/.dotfiles/config/automatrop"
path: "{{ ansible_user_dir }}/.ansible/collections/ansible_collections/geoffreyfrogeye/automatrop"
- name: Install python dependencies for scripts - name: Install python dependencies for scripts
pip: pip:
requirements: "{{ ansible_user_dir }}/.dotfiles/config/scripts/requirements.txt" requirements: "{{ ansible_user_dir }}/.dotfiles/config/scripts/requirements.txt"

View file

@ -1,51 +0,0 @@
- name: Create GnuPG directory
file:
path: "{{ gnupghome }}"
state: directory
mode: "u=rwx"
- name: Create GnuPG configuration files
file:
path: "{{ gnupghome }}/{{ item }}"
state: file
mode: "u=rw,g=r,o=r"
loop:
- gpg-agent.conf
- gpg.conf
- name: Configure GnuPG
lineinfile:
path: "{{ gnupghome }}/gpg.conf"
regex: "^#?\\s*{{ item.key }}\\s"
line: "{{ item.key }}{% if item.value is defined %} {{ item.value }}{% endif %}"
loop:
# Remove fluff
- key: no-greeting
- key: no-emit-version
- key: no-comments
# Output format that I prefer
- key: keyid-format
value: 0xlong
# Show fingerprints
- key: with-fingerprint
# Make sure to show if key is invalid
# (should be default on most platform,
# but just to be sure)
- key: list-options
value: show-uid-validity
- key: verify-options
value: show-uid-validity
# Stronger algorithm (https://wiki.archlinux.org/title/GnuPG#Different_algorithm)
- key: personal-digest-preferences
value: SHA512
- key: cert-digest-algo
value: SHA512
- key: default-preference-list
value: SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
- key: personal-cipher-preferences
value: TWOFISH CAMELLIA256 AES 3DES
- name: Install Geoffrey Frogeye's key
gpg_key:
fpr: 4FBA930D314A03215E2CDB0A8312C8CAC1BAC289
trust: 5

View file

@ -1 +0,0 @@
gnupghome: "{{ ansible_user_dir }}/.config/gnupg"

View file

@ -1,9 +1,12 @@
{ pkgs, ... }: { pkgs, config, ... }:
let
gnupghome = "${config.xdg.dataHome}/gnupg";
in
{ {
home.stateVersion = "23.05"; home.stateVersion = "23.05";
programs.home-manager.enable = true;
programs = { programs = {
home-manager.enable = true;
zsh = { zsh = {
enable = true; enable = true;
enableAutosuggestions = true; enableAutosuggestions = true;
@ -17,8 +20,38 @@
vimAlias = true; vimAlias = true;
viAlias = true; viAlias = true;
}; };
gpg = {
enable = true;
homedir = gnupghome;
settings = {
# Remove fluff
no-greeting = true;
no-emit-version = true;
no-comments = true;
# Output format that I prefer
keyid-format = "0xlong";
# Show fingerprints
with-fingerprint = true;
# Make sure to show if key is invalid
# (should be default on most platform,
# but just to be sure)
list-options = "show-uid-validity";
verify-options = "show-uid-validity";
# Stronger algorithm (https://wiki.archlinux.org/title/GnuPG#Different_algorithm)
personal-digest-preferences = "SHA512";
cert-digest-algo = "SHA512";
default-preference-list = "SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed";
personal-cipher-preferences = "TWOFISH CAMELLIA256 AES 3DES";
};
publicKeys = [{
source = builtins.fetchurl {
url = "https://keys.openpgp.org/vks/v1/by-fingerprint/4FBA930D314A03215E2CDB0A8312C8CAC1BAC289";
sha256 = "sha256:10y9xqcy1vyk2p8baay14p3vwdnlwynk0fvfbika65hz2z8yw2cm";
};
trust = "ultimate";
}];
};
}; };
home.packages = with pkgs; [ home.packages = with pkgs; [
# dotfiles dependencies # dotfiles dependencies

View file

@ -7,6 +7,7 @@
users.users.geoffrey = { users.users.geoffrey = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user. extraGroups = [ "wheel" ]; # Enable sudo for the user.
shell = pkgs.zsh;
initialPassword = "cartable"; # DEBUG initialPassword = "cartable"; # DEBUG
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
@ -14,9 +15,19 @@
]; ];
}; };
home-manager.users.geoffrey = { pkgs, ... }: { # Won't allow to set the shell otherwise,
# even though home-manager sets it
programs.zsh.enable = true;
home-manager = {
users.geoffrey = { pkgs, ... }: {
imports = [ imports = [
../hm/loader.nix ../hm/loader.nix
]; ];
}; };
# Makes VMs able to re-run
useUserPackages = true;
# Adds consistency
useGlobalPkgs = true;
};
} }

View file

@ -29,7 +29,6 @@ direnv CARGOHOME "$HOME/.cache/cargo" # There are config in there that we can ve
export CCACHE_CONFIGPATH="$HOME/.config/ccache.conf" export CCACHE_CONFIGPATH="$HOME/.config/ccache.conf"
direnv CCACHE_DIR "$HOME/.cache/ccache" # The config file alone seems to be not enough direnv CCACHE_DIR "$HOME/.cache/ccache" # The config file alone seems to be not enough
direnv DASHT_DOCSETS_DIR "$HOME/.cache/dash_docsets" direnv DASHT_DOCSETS_DIR "$HOME/.cache/dash_docsets"
direnv GNUPGHOME "$HOME/.config/gnupg"
direnv GOPATH "$HOME/.cache/go" direnv GOPATH "$HOME/.cache/go"
direnv GRADLE_USER_HOME "$HOME/.cache/gradle" direnv GRADLE_USER_HOME "$HOME/.cache/gradle"
export INPUTRC="$HOME/.config/inputrc" export INPUTRC="$HOME/.config/inputrc"