nix #11
					 7 changed files with 51 additions and 68 deletions
				
			
		|  | @ -11,8 +11,6 @@ | ||||||
|       tags: dotfiles |       tags: dotfiles | ||||||
|     - role: vim |     - role: vim | ||||||
|       tags: vim |       tags: vim | ||||||
|     - role: gnupg |  | ||||||
|       tags: gnupg |  | ||||||
|     - role: mnussbaum.base16-builder-ansible # Required for desktop_environment |     - role: mnussbaum.base16-builder-ansible # Required for desktop_environment | ||||||
|       tags: |       tags: | ||||||
|         - color |         - color | ||||||
|  |  | ||||||
|  | @ -19,12 +19,6 @@ | ||||||
|   tags: dotfiles_repo |   tags: dotfiles_repo | ||||||
| # TODO Put actual dotfiles in a subdirectory of the repo, so we don't have to put everything in config | # TODO Put actual dotfiles in a subdirectory of the repo, so we don't have to put everything in config | ||||||
| 
 | 
 | ||||||
| - name: Register as Ansible collection |  | ||||||
|   file: |  | ||||||
|     state: link |  | ||||||
|     src: "{{ ansible_user_dir }}/.dotfiles/config/automatrop" |  | ||||||
|     path: "{{ ansible_user_dir }}/.ansible/collections/ansible_collections/geoffreyfrogeye/automatrop" |  | ||||||
| 
 |  | ||||||
| - name: Install python dependencies for scripts | - name: Install python dependencies for scripts | ||||||
|   pip: |   pip: | ||||||
|     requirements: "{{ ansible_user_dir }}/.dotfiles/config/scripts/requirements.txt" |     requirements: "{{ ansible_user_dir }}/.dotfiles/config/scripts/requirements.txt" | ||||||
|  |  | ||||||
|  | @ -1,51 +0,0 @@ | ||||||
| - name: Create GnuPG directory |  | ||||||
|   file: |  | ||||||
|     path: "{{ gnupghome }}" |  | ||||||
|     state: directory |  | ||||||
|     mode: "u=rwx" |  | ||||||
| 
 |  | ||||||
| - name: Create GnuPG configuration files |  | ||||||
|   file: |  | ||||||
|     path: "{{ gnupghome }}/{{ item }}" |  | ||||||
|     state: file |  | ||||||
|     mode: "u=rw,g=r,o=r" |  | ||||||
|   loop: |  | ||||||
|     - gpg-agent.conf |  | ||||||
|     - gpg.conf |  | ||||||
| 
 |  | ||||||
| - name: Configure GnuPG |  | ||||||
|   lineinfile: |  | ||||||
|     path: "{{ gnupghome }}/gpg.conf" |  | ||||||
|     regex: "^#?\\s*{{ item.key }}\\s" |  | ||||||
|     line: "{{ item.key }}{% if item.value is defined %} {{ item.value }}{% endif %}" |  | ||||||
|   loop: |  | ||||||
|     # Remove fluff |  | ||||||
|     - key: no-greeting |  | ||||||
|     - key: no-emit-version |  | ||||||
|     - key: no-comments |  | ||||||
|     # Output format that I prefer |  | ||||||
|     - key: keyid-format |  | ||||||
|       value: 0xlong |  | ||||||
|     # Show fingerprints |  | ||||||
|     - key: with-fingerprint |  | ||||||
|     # Make sure to show if key is invalid |  | ||||||
|     # (should be default on most platform, |  | ||||||
|     # but just to be sure) |  | ||||||
|     - key: list-options |  | ||||||
|       value: show-uid-validity |  | ||||||
|     - key: verify-options |  | ||||||
|       value: show-uid-validity |  | ||||||
|     # Stronger algorithm (https://wiki.archlinux.org/title/GnuPG#Different_algorithm) |  | ||||||
|     - key: personal-digest-preferences |  | ||||||
|       value: SHA512 |  | ||||||
|     - key: cert-digest-algo |  | ||||||
|       value: SHA512 |  | ||||||
|     - key: default-preference-list |  | ||||||
|       value: SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed |  | ||||||
|     - key: personal-cipher-preferences |  | ||||||
|       value: TWOFISH CAMELLIA256 AES 3DES |  | ||||||
| 
 |  | ||||||
| - name: Install Geoffrey Frogeye's key |  | ||||||
|   gpg_key: |  | ||||||
|     fpr: 4FBA930D314A03215E2CDB0A8312C8CAC1BAC289 |  | ||||||
|     trust: 5 |  | ||||||
|  | @ -1 +0,0 @@ | ||||||
| gnupghome: "{{ ansible_user_dir }}/.config/gnupg" |  | ||||||
|  | @ -1,9 +1,12 @@ | ||||||
| { pkgs, ... }: | { pkgs, config, ... }: | ||||||
|  | let | ||||||
|  |   gnupghome = "${config.xdg.dataHome}/gnupg"; | ||||||
|  | in | ||||||
| { | { | ||||||
|   home.stateVersion = "23.05"; |   home.stateVersion = "23.05"; | ||||||
|   programs.home-manager.enable = true; |  | ||||||
| 
 | 
 | ||||||
|   programs = { |   programs = { | ||||||
|  |     home-manager.enable = true; | ||||||
|     zsh = { |     zsh = { | ||||||
|       enable = true; |       enable = true; | ||||||
|       enableAutosuggestions = true; |       enableAutosuggestions = true; | ||||||
|  | @ -17,9 +20,39 @@ | ||||||
|       vimAlias = true; |       vimAlias = true; | ||||||
|       viAlias = true; |       viAlias = true; | ||||||
|     }; |     }; | ||||||
|  |     gpg = { | ||||||
|  |       enable = true; | ||||||
|  |       homedir = gnupghome; | ||||||
|  |       settings = { | ||||||
|  |         # Remove fluff | ||||||
|  |         no-greeting = true; | ||||||
|  |         no-emit-version = true; | ||||||
|  |         no-comments = true; | ||||||
|  |         # Output format that I prefer | ||||||
|  |         keyid-format = "0xlong"; | ||||||
|  |         # Show fingerprints | ||||||
|  |         with-fingerprint = true; | ||||||
|  |         # Make sure to show if key is invalid | ||||||
|  |         # (should be default on most platform, | ||||||
|  |         # but just to be sure) | ||||||
|  |         list-options = "show-uid-validity"; | ||||||
|  |         verify-options = "show-uid-validity"; | ||||||
|  |         # Stronger algorithm (https://wiki.archlinux.org/title/GnuPG#Different_algorithm) | ||||||
|  |         personal-digest-preferences = "SHA512"; | ||||||
|  |         cert-digest-algo = "SHA512"; | ||||||
|  |         default-preference-list = "SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed"; | ||||||
|  |         personal-cipher-preferences = "TWOFISH CAMELLIA256 AES 3DES"; | ||||||
|  |       }; | ||||||
|  |       publicKeys = [{ | ||||||
|  |         source = builtins.fetchurl { | ||||||
|  |           url = "https://keys.openpgp.org/vks/v1/by-fingerprint/4FBA930D314A03215E2CDB0A8312C8CAC1BAC289"; | ||||||
|  |           sha256 = "sha256:10y9xqcy1vyk2p8baay14p3vwdnlwynk0fvfbika65hz2z8yw2cm"; | ||||||
|  |         }; | ||||||
|  |         trust = "ultimate"; | ||||||
|  |       }]; | ||||||
|  |     }; | ||||||
|   }; |   }; | ||||||
| 
 | 
 | ||||||
| 
 |  | ||||||
|   home.packages = with pkgs; [ |   home.packages = with pkgs; [ | ||||||
|     # dotfiles dependencies |     # dotfiles dependencies | ||||||
|     coreutils |     coreutils | ||||||
|  |  | ||||||
|  | @ -7,6 +7,7 @@ | ||||||
|   users.users.geoffrey = { |   users.users.geoffrey = { | ||||||
|     isNormalUser = true; |     isNormalUser = true; | ||||||
|     extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. |     extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. | ||||||
|  |     shell = pkgs.zsh; | ||||||
| 
 | 
 | ||||||
|     initialPassword = "cartable"; # DEBUG |     initialPassword = "cartable"; # DEBUG | ||||||
|     openssh.authorizedKeys.keys = [ |     openssh.authorizedKeys.keys = [ | ||||||
|  | @ -14,9 +15,19 @@ | ||||||
|     ]; |     ]; | ||||||
|   }; |   }; | ||||||
| 
 | 
 | ||||||
|   home-manager.users.geoffrey = { pkgs, ... }: { |   # Won't allow to set the shell otherwise, | ||||||
|     imports = [ |   # even though home-manager sets it | ||||||
|       ../hm/loader.nix |   programs.zsh.enable = true; | ||||||
|     ]; | 
 | ||||||
|  |   home-manager = { | ||||||
|  |     users.geoffrey = { pkgs, ... }: { | ||||||
|  |       imports = [ | ||||||
|  |         ../hm/loader.nix | ||||||
|  |       ]; | ||||||
|  |     }; | ||||||
|  |     # Makes VMs able to re-run | ||||||
|  |     useUserPackages = true; | ||||||
|  |     # Adds consistency | ||||||
|  |     useGlobalPkgs = true; | ||||||
|   }; |   }; | ||||||
| } | } | ||||||
|  |  | ||||||
|  | @ -29,7 +29,6 @@ direnv CARGOHOME "$HOME/.cache/cargo" # There are config in there that we can ve | ||||||
| export CCACHE_CONFIGPATH="$HOME/.config/ccache.conf" | export CCACHE_CONFIGPATH="$HOME/.config/ccache.conf" | ||||||
| direnv CCACHE_DIR "$HOME/.cache/ccache" # The config file alone seems to be not enough | direnv CCACHE_DIR "$HOME/.cache/ccache" # The config file alone seems to be not enough | ||||||
| direnv DASHT_DOCSETS_DIR "$HOME/.cache/dash_docsets" | direnv DASHT_DOCSETS_DIR "$HOME/.cache/dash_docsets" | ||||||
| direnv GNUPGHOME "$HOME/.config/gnupg" |  | ||||||
| direnv GOPATH "$HOME/.cache/go" | direnv GOPATH "$HOME/.cache/go" | ||||||
| direnv GRADLE_USER_HOME "$HOME/.cache/gradle" | direnv GRADLE_USER_HOME "$HOME/.cache/gradle" | ||||||
| export INPUTRC="$HOME/.config/inputrc" | export INPUTRC="$HOME/.config/inputrc" | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue