nix: Fixes and gnupg
This commit is contained in:
parent
98efabc904
commit
0ffe92164d
|
@ -11,8 +11,6 @@
|
||||||
tags: dotfiles
|
tags: dotfiles
|
||||||
- role: vim
|
- role: vim
|
||||||
tags: vim
|
tags: vim
|
||||||
- role: gnupg
|
|
||||||
tags: gnupg
|
|
||||||
- role: mnussbaum.base16-builder-ansible # Required for desktop_environment
|
- role: mnussbaum.base16-builder-ansible # Required for desktop_environment
|
||||||
tags:
|
tags:
|
||||||
- color
|
- color
|
||||||
|
|
|
@ -19,12 +19,6 @@
|
||||||
tags: dotfiles_repo
|
tags: dotfiles_repo
|
||||||
# TODO Put actual dotfiles in a subdirectory of the repo, so we don't have to put everything in config
|
# TODO Put actual dotfiles in a subdirectory of the repo, so we don't have to put everything in config
|
||||||
|
|
||||||
- name: Register as Ansible collection
|
|
||||||
file:
|
|
||||||
state: link
|
|
||||||
src: "{{ ansible_user_dir }}/.dotfiles/config/automatrop"
|
|
||||||
path: "{{ ansible_user_dir }}/.ansible/collections/ansible_collections/geoffreyfrogeye/automatrop"
|
|
||||||
|
|
||||||
- name: Install python dependencies for scripts
|
- name: Install python dependencies for scripts
|
||||||
pip:
|
pip:
|
||||||
requirements: "{{ ansible_user_dir }}/.dotfiles/config/scripts/requirements.txt"
|
requirements: "{{ ansible_user_dir }}/.dotfiles/config/scripts/requirements.txt"
|
||||||
|
|
|
@ -1,51 +0,0 @@
|
||||||
- name: Create GnuPG directory
|
|
||||||
file:
|
|
||||||
path: "{{ gnupghome }}"
|
|
||||||
state: directory
|
|
||||||
mode: "u=rwx"
|
|
||||||
|
|
||||||
- name: Create GnuPG configuration files
|
|
||||||
file:
|
|
||||||
path: "{{ gnupghome }}/{{ item }}"
|
|
||||||
state: file
|
|
||||||
mode: "u=rw,g=r,o=r"
|
|
||||||
loop:
|
|
||||||
- gpg-agent.conf
|
|
||||||
- gpg.conf
|
|
||||||
|
|
||||||
- name: Configure GnuPG
|
|
||||||
lineinfile:
|
|
||||||
path: "{{ gnupghome }}/gpg.conf"
|
|
||||||
regex: "^#?\\s*{{ item.key }}\\s"
|
|
||||||
line: "{{ item.key }}{% if item.value is defined %} {{ item.value }}{% endif %}"
|
|
||||||
loop:
|
|
||||||
# Remove fluff
|
|
||||||
- key: no-greeting
|
|
||||||
- key: no-emit-version
|
|
||||||
- key: no-comments
|
|
||||||
# Output format that I prefer
|
|
||||||
- key: keyid-format
|
|
||||||
value: 0xlong
|
|
||||||
# Show fingerprints
|
|
||||||
- key: with-fingerprint
|
|
||||||
# Make sure to show if key is invalid
|
|
||||||
# (should be default on most platform,
|
|
||||||
# but just to be sure)
|
|
||||||
- key: list-options
|
|
||||||
value: show-uid-validity
|
|
||||||
- key: verify-options
|
|
||||||
value: show-uid-validity
|
|
||||||
# Stronger algorithm (https://wiki.archlinux.org/title/GnuPG#Different_algorithm)
|
|
||||||
- key: personal-digest-preferences
|
|
||||||
value: SHA512
|
|
||||||
- key: cert-digest-algo
|
|
||||||
value: SHA512
|
|
||||||
- key: default-preference-list
|
|
||||||
value: SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
|
|
||||||
- key: personal-cipher-preferences
|
|
||||||
value: TWOFISH CAMELLIA256 AES 3DES
|
|
||||||
|
|
||||||
- name: Install Geoffrey Frogeye's key
|
|
||||||
gpg_key:
|
|
||||||
fpr: 4FBA930D314A03215E2CDB0A8312C8CAC1BAC289
|
|
||||||
trust: 5
|
|
|
@ -1 +0,0 @@
|
||||||
gnupghome: "{{ ansible_user_dir }}/.config/gnupg"
|
|
|
@ -1,9 +1,12 @@
|
||||||
{ pkgs, ... }:
|
{ pkgs, config, ... }:
|
||||||
|
let
|
||||||
|
gnupghome = "${config.xdg.dataHome}/gnupg";
|
||||||
|
in
|
||||||
{
|
{
|
||||||
home.stateVersion = "23.05";
|
home.stateVersion = "23.05";
|
||||||
programs.home-manager.enable = true;
|
|
||||||
|
|
||||||
programs = {
|
programs = {
|
||||||
|
home-manager.enable = true;
|
||||||
zsh = {
|
zsh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
enableAutosuggestions = true;
|
enableAutosuggestions = true;
|
||||||
|
@ -17,8 +20,38 @@
|
||||||
vimAlias = true;
|
vimAlias = true;
|
||||||
viAlias = true;
|
viAlias = true;
|
||||||
};
|
};
|
||||||
|
gpg = {
|
||||||
|
enable = true;
|
||||||
|
homedir = gnupghome;
|
||||||
|
settings = {
|
||||||
|
# Remove fluff
|
||||||
|
no-greeting = true;
|
||||||
|
no-emit-version = true;
|
||||||
|
no-comments = true;
|
||||||
|
# Output format that I prefer
|
||||||
|
keyid-format = "0xlong";
|
||||||
|
# Show fingerprints
|
||||||
|
with-fingerprint = true;
|
||||||
|
# Make sure to show if key is invalid
|
||||||
|
# (should be default on most platform,
|
||||||
|
# but just to be sure)
|
||||||
|
list-options = "show-uid-validity";
|
||||||
|
verify-options = "show-uid-validity";
|
||||||
|
# Stronger algorithm (https://wiki.archlinux.org/title/GnuPG#Different_algorithm)
|
||||||
|
personal-digest-preferences = "SHA512";
|
||||||
|
cert-digest-algo = "SHA512";
|
||||||
|
default-preference-list = "SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed";
|
||||||
|
personal-cipher-preferences = "TWOFISH CAMELLIA256 AES 3DES";
|
||||||
|
};
|
||||||
|
publicKeys = [{
|
||||||
|
source = builtins.fetchurl {
|
||||||
|
url = "https://keys.openpgp.org/vks/v1/by-fingerprint/4FBA930D314A03215E2CDB0A8312C8CAC1BAC289";
|
||||||
|
sha256 = "sha256:10y9xqcy1vyk2p8baay14p3vwdnlwynk0fvfbika65hz2z8yw2cm";
|
||||||
|
};
|
||||||
|
trust = "ultimate";
|
||||||
|
}];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
home.packages = with pkgs; [
|
home.packages = with pkgs; [
|
||||||
# dotfiles dependencies
|
# dotfiles dependencies
|
||||||
|
|
|
@ -7,6 +7,7 @@
|
||||||
users.users.geoffrey = {
|
users.users.geoffrey = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
|
extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
|
||||||
|
shell = pkgs.zsh;
|
||||||
|
|
||||||
initialPassword = "cartable"; # DEBUG
|
initialPassword = "cartable"; # DEBUG
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
|
@ -14,9 +15,19 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
home-manager.users.geoffrey = { pkgs, ... }: {
|
# Won't allow to set the shell otherwise,
|
||||||
|
# even though home-manager sets it
|
||||||
|
programs.zsh.enable = true;
|
||||||
|
|
||||||
|
home-manager = {
|
||||||
|
users.geoffrey = { pkgs, ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
../hm/loader.nix
|
../hm/loader.nix
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
# Makes VMs able to re-run
|
||||||
|
useUserPackages = true;
|
||||||
|
# Adds consistency
|
||||||
|
useGlobalPkgs = true;
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -29,7 +29,6 @@ direnv CARGOHOME "$HOME/.cache/cargo" # There are config in there that we can ve
|
||||||
export CCACHE_CONFIGPATH="$HOME/.config/ccache.conf"
|
export CCACHE_CONFIGPATH="$HOME/.config/ccache.conf"
|
||||||
direnv CCACHE_DIR "$HOME/.cache/ccache" # The config file alone seems to be not enough
|
direnv CCACHE_DIR "$HOME/.cache/ccache" # The config file alone seems to be not enough
|
||||||
direnv DASHT_DOCSETS_DIR "$HOME/.cache/dash_docsets"
|
direnv DASHT_DOCSETS_DIR "$HOME/.cache/dash_docsets"
|
||||||
direnv GNUPGHOME "$HOME/.config/gnupg"
|
|
||||||
direnv GOPATH "$HOME/.cache/go"
|
direnv GOPATH "$HOME/.cache/go"
|
||||||
direnv GRADLE_USER_HOME "$HOME/.cache/gradle"
|
direnv GRADLE_USER_HOME "$HOME/.cache/gradle"
|
||||||
export INPUTRC="$HOME/.config/inputrc"
|
export INPUTRC="$HOME/.config/inputrc"
|
||||||
|
|
Loading…
Reference in a new issue