andreijiroh.dev / nixops-config
NixOS + home-manager configs, mirrored from GitLab SaaS. gitlab.com/andreijiroh-dev/nixops-config
nix-flake nixos home-manager nixpkgs nix-flakes
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

feat(global): refactor networking and add logging to ssh-agent-loader

Ai-generated summary via GitHub Copilot:
- Simplified networking.hosts configuration by importing from a shared
hosts file.
- Added logging functionality to ssh-agent-loader for better
debugging and error handling.
- Updated home-manager configurations to include new paths and
environment variables for Go.

Signed-off-by: Andrei Jiroh Halili <ajhalili2006@andreijiroh.dev>

andreijiroh.dev 15ae5c0b e3888f76

+156 -92
+9 -36
hosts/stellapent-cier/configuration.nix
··· 32 32 33 33 networking = { 34 34 hostName = "stellapent-cier"; 35 - hosts = { 36 - "127.0.0.1" = [ 37 - "localhost" 38 - "stellapent-cier" 39 - "stellapent-cier.local" 40 - "localdev.andreijiroh.dev" 41 - "localdev.andreijiroh.eu.org" 42 - ]; 43 - "100.87.227.94" = [ 44 - "stellapent-cier.tailnet" 45 - "stellapent-cier.fawn-cod.ts.net" 46 - "stellapent-cier.fawn-cod.tailnet" 47 - "stellapent.tailnet" 48 - "stellapent.tailnet.andreijiroh.dev" 49 - "stellapent.tailnet.andreijiroh.eu.org" 50 - ]; 51 - "100.120.57.47" = [ 52 - "rpi-aether" 53 - "rpi-aether.tailnet" 54 - "rpi-aether.tailnet.andreijiroh.dev" 55 - "rpi-aether.tailnet.andreijiroh.eu.org" 56 - "aether.tailnet" 57 - "aether.tailnet.andreijiroh.dev" 58 - "aether.tailnet.andreijiroh.eu.org" 59 - ]; 60 - "100.102.205.81" = [ 61 - "go" 62 - "go.tailnet" 63 - "go.fawn-cod.ts.net" 64 - ]; 65 - "100.126.238.86" = [ 66 - "paste" 67 - "paste.tailnet" 68 - "paste.fawn-cod.ts.net" 69 - ]; 70 - }; 35 + hosts = with import ../../shared/networking/hosts-file.nix; hosts.stellapent-cier; 71 36 networkmanager = { 72 37 enable = true; 73 38 }; ··· 161 126 android-tools 162 127 adbtuifm 163 128 ]; 129 + 130 + # logind adjustments for this laptop to run as a headless server while 131 + # the lid is closed. 132 + services.logind = { 133 + lidSwitchExternalPower = "ignore"; 134 + lidSwitchDocked = "ignore"; 135 + lidSwitch = "ignore"; 136 + }; 164 137 165 138 # Some programs need SUID wrappers, can be configured further or are 166 139 # started in user sessions.
+42 -15
misc/bash/lib/ssh-agent-loader
··· 1 1 #!/usr/bin/env bash 2 2 # shellcheck disable=SC2034 3 3 # SPDX-License-Identifier: MPL-2.0 4 + set -euo pipefail 5 + 6 + if [[ $DEBUG == "1" ]]; then 7 + set -x 8 + fi 9 + 10 + logOps() { 11 + PREFIX=$3 12 + 13 + if [[ $PREFIX != "" ]]; then 14 + LOGOPS_PREFIX="[ssh-agent-loader::$PREFIX]" 15 + else 16 + LOGOPS_PREFIX="[ssh-agent-loader]" 17 + fi 18 + 19 + if [[ $1 == "debug" ]]; then 20 + [[ $DEBUG != "" ]] && echo "[ssh-agent-loader] debug: $2" 21 + elif [[ $1 == "warn" ]]; then 22 + [[ $SSH_AGENT_LOADER_SLIENT != "1" ]] && echo "$LOGOPS_PREFIX warning: $2" 23 + else 24 + [[ $SSH_AGENT_LOADER_SLIENT != "1" ]] && echo "$LOGOPS_PREFIX $2" 25 + fi 26 + } 4 27 5 28 # Workaround in cases where XDG_RUNTIME_DIR is undefined on login 6 29 if [[ -z "${XDG_RUNTIME_DIR}" ]]; then 7 - echo "warning: XDG_RUNTIME_DIR is possibly undefined, see https://github.com/swaywm/sway/issues/7202" 8 - echo "warning: for context and https://wiki.archlinux.org/title/XDG_Base_Directory for docs" 9 - echo "warning: setting it up for you using the default '/run/user/$(id -u)' value in 3s..." 30 + logOps warn "XDG_RUNTIME_DIR is possibly undefined, see https://github.com/swaywm/sway/issues/7202" 31 + logOps warn "for context and https://wiki.archlinux.org/title/XDG_Base_Directory for docs" 32 + logOps warn "setting it up for you using the default '/run/user/$(id -u)' value in 3s..." 10 33 sleep 3 11 34 XDG_RUNTIME_DIR="/run/user/$(id -u)" 12 35 export XDG_RUNTIME_DIR ··· 21 44 22 45 try_keychain_ssh_agent() { 23 46 if [[ $FF_KEYCHAIN == "1" ]]; then 24 - echo "[ssh-agent-loader::keychain] attempting to use keychain for SSH agents" 47 + logOps info "attempting to use keychain for SSH agents" keychain 25 48 eval "$(keychain --eval --agents ssh,gpg)" 26 49 else 27 - echo "[ssh-agent-loader::keychain] keychain is not in PATH yet" 50 + logOps warn "keychain is not in PATH yet" keychain 28 51 return 1 29 52 fi 30 53 } ··· 32 55 # Ripped off NixOS-generated set-environment on my laptop for yubikey-agent setup 33 56 try_yubikey_agent() { 34 57 if [[ -f "${XDG_RUNTIME_DIR}/yubikey-agent/yubikey-agent.sock" ]]; then 35 - echo "[ssh-agent-loader::yubikey-agent] using YubiKey SSH Agent" 58 + logOps info "using YubiKey SSH Agent" yubikey-agent 36 59 export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/yubikey-agent/yubikey-agent.sock" 37 60 fi 38 61 } 39 62 40 63 try_1password_ssh_agent() { 41 - export OP_SSH_AUTH_SOCK="$HOME/.1password/agent.sock" 64 + OP_SSH_AUTH_SOCK="$HOME/.1password/agent.sock" 42 65 if [[ ! -S "$OP_SSH_AUTH_SOCK" ]]; then 43 - echo "[ssh-agent-loader::1password] 1Password SSH agent isn't enabled or desktop app isn't installed yet" 66 + logOps warn "1Password SSH agent isn't enabled or desktop app isn't installed yet" 1password 44 67 return 1 45 68 fi 46 69 47 - echo "[ssh-agent-loader::1password] attempting to use 1Password SSH agent" 70 + logOps info "attempting to use 1Password SSH agent" 1password 48 71 if ! SSH_AUTH_SOCK=$OP_SSH_AUTH_SOCK ssh-add -l >> /dev/null 2>&1; then 49 - echo "[ssh-agent-loader::1password] something went wrong while checking for 1Password SSH agent availability" 50 - echo "[ssh-agent-loader::1password] unlock the desktop app first or enable SSH agent from settings" 72 + logOps warn "something went wrong while checking for 1Password SSH agent availability" 1password 73 + logOps warn "unlock the desktop app first or enable SSH agent from settings" 1password 51 74 return 1 52 75 fi 53 76 export SSH_AUTH_SOCK=$OP_SSH_AUTH_SOCK FF_USE_OP_CLI_PLUGINS=true ··· 57 80 ssh-agent-loader() { 58 81 if [[ $1 == "" || $1 == "auto" ]]; then 59 82 if [[ $SSH_CONNECTION != "" ]] && [[ $VSCODE_IPC_HOOK_CLI != "" ]]; then 60 - echo "[ssh-agent-loader] automatic detection is disabled while you're in a VS Code Remote SSH session" 83 + echo info "automatic detection is disabled while you're in a VS Code Remote SSH session" 61 84 return 62 85 fi 63 86 ··· 71 94 elif try_yubikey_agent; then 72 95 return 73 96 else 74 - echo "[ssh-agent-loader] SSH agent seems to be failed to load at the moment" 75 - echo "[ssh-agent-loader] try again later by manually invoking the shell function" 97 + logOps error "SSH agent seems to be failed to load at the moment" 98 + logOps error "try again later by manually invoking the shell function" 76 99 return 1 77 100 fi 78 101 elif [[ $1 == "1passowrd" || $1 == "op" ]]; then ··· 83 106 elif [[ $1 == "yubikey" ]]; then 84 107 try_yubikey_agent 85 108 else 86 - echo "ssh-agent-loader [auto|[1password|op|1p]|keychain|yubikey]" 109 + echo "Usage: ssh-agent-loader [auto|[1password|op|1p]|keychain|yubikey]" 87 110 return 1 88 111 fi 89 112 } ··· 93 116 # automatically detect things as we source this 94 117 [[ "$FF_SKIP_AUTO_SSH_AGENT_LOADER" == "" ]] && ssh-agent-loader auto 95 118 export SSH_AGENT_LOADED=1 119 + fi 120 + 121 + if [[ $DEBUG == "1" ]]; then 122 + set +x 96 123 fi
+1 -34
shared/home-manager/main.nix
··· 35 35 "$HOME/bin" 36 36 "$HOME/.local/bin" 37 37 "$HOME/.nix-profile/bin" 38 + "$HOME/.local/share/go/bin" 38 39 ]; 39 - 40 - # Home Manager is pretty good at managing dotfiles. The primary way to manage 41 - # plain files is through 'home.file'. 42 - home.file = { 43 - # # Building this configuration will create a copy of 'dotfiles/screenrc' in 44 - # # the Nix store. Activating the configuration will then make '~/.screenrc' a 45 - # # symlink to the Nix store copy. 46 - # ".screenrc".source = dotfiles/screenrc; 47 - 48 - # # You can also set the file content immediately. 49 - # ".gradle/gradle.properties".text = '' 50 - # org.gradle.console=verbose 51 - # org.gradle.daemon.idletimeout=3600000 52 - # ''; 53 - 54 - #".local/lib/bash/ssh-agent-loader".source = ../../misc/bash/lib/ssh-agent-loader; 55 - }; 56 - 57 - # Home Manager can also manage your environment variables through 58 - # 'home.sessionVariables'. These will be explicitly sourced when using a 59 - # shell provided by Home Manager. If you don't want to manage your shell 60 - # through Home Manager then you have to manually source 'hm-session-vars.sh' 61 - # located at either 62 - # 63 - # ~/.nix-profile/etc/profile.d/hm-session-vars.sh 64 - # 65 - # or 66 - # 67 - # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh 68 - # 69 - # or 70 - # 71 - # /etc/profiles/per-user/gildedguy/etc/profile.d/hm-session-vars.sh 72 - # 73 40 74 41 # Let Home Manager install and manage itself. 75 42 programs.home-manager.enable = true;
+4 -3
shared/home-manager/nogui.nix
··· 27 27 home.stateVersion = "24.11"; # Please read the comment before changing. 28 28 29 29 home.sessionPath = [ 30 - "$\{HOME\}/bin" 31 - "$\{HOME\}/.local/bin" 32 - "$\{HOME\}/.nix-profile/bin" 30 + "$HOME/bin" 31 + "$HOME/.local/bin" 32 + "$HOME/.nix-profile/bin" 33 + "$HOME/.local/share/go/bin" 33 34 ]; 34 35 }
+26 -4
shared/home-manager/shell.nix
··· 19 19 fetch = "git fetch"; 20 20 submodules = "git submdoule"; 21 21 submodule = "git submodule"; 22 + ll = "ls -l"; 23 + la = "ls -A"; 24 + l = "ls -CF"; 22 25 }; 23 26 24 27 home.sessionVariables = { ··· 29 32 VISUAL = "nano"; 30 33 # enable buildkit on `docker build` by default 31 34 DOCKER_BUILDKIT = "1"; 35 + # Context: https://drewdevault.com/2021/08/06/goproxy-breaks-go.html 36 + GOPROXY = "direct"; 37 + GOSUMDB = "off"; 38 + # set GOPATH to ~/.local/share/go 39 + GOPATH = "$HOME/.local/share/go"; 32 40 }; 33 41 34 42 programs.bash = { ··· 58 66 FF_SKIP_AUTO_SSH_AGENT_LOADER=true . ${../../misc/bash/lib/ssh-agent-loader} 59 67 60 68 # try to use keychain in this situation 61 - ssh-agent-loader keychain 69 + SSH_AGENT_LOADER_SLIENT=1 ssh-agent-loader keychain 62 70 63 71 if [ -n $BASH_VERSION ]; then 64 72 . $HOME/.bashrc 65 73 fi 66 74 67 - # hackaround for GPG on CLI mode 68 - export GPG_TTY=$(tty) 75 + unset SSH_AGENT_LOADED 69 76 ''; 70 77 bashrcExtra = '' 71 78 # detect if we are inside VS Code 72 79 source ${../../misc/bash/lib/detect-vscode-for-git} 73 80 ''; 74 81 initExtra = '' 82 + # hackaround for GPG on CLI mode 83 + export GPG_TTY=$(tty) 84 + 75 85 # source our ssh-agent-loader first 76 - unset SSH_AGENT_LOADED 77 86 source ${../../misc/bash/lib/ssh-agent-loader} 78 87 79 88 # hack around for 1Password CLI when 1Password desktop app is up ··· 83 92 84 93 # hook in direnv and friends 85 94 eval "$(direnv hook bash)" 95 + 96 + if [ "$(command -v dircolors)" != "" ]; then 97 + test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" 98 + alias ls='ls --color=auto' 99 + alias dir='dir --color=auto' 100 + alias vdir='vdir --color=auto' 101 + 102 + alias grep='grep --color=auto' 103 + alias fgrep='fgrep --color=auto' 104 + alias egrep='egrep --color=auto' 105 + fi 106 + 107 + export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01' 86 108 ''; 87 109 #enableLsColors = true; 88 110 };
+74
shared/hosts-file.nix
··· 1 + # An static list of host entries to be used in networking.hosts configuration. 2 + { self, ... }: 3 + { 4 + directory = { 5 + localNetwork = { 6 + "127.0.0.1" = [ 7 + "localhost" 8 + "localdev.andreijiroh.dev" 9 + "localdev.andreijiroh.eu.org" 10 + ]; 11 + "192.168.254.160" = [ 12 + #"stellapent-cier" 13 + "stellapent-cier.local" 14 + "stellapent.local" 15 + ]; 16 + "192.168.254.179" = [ 17 + "rpi-aether.local" 18 + "aether.local" 19 + ]; 20 + }; 21 + tailnet = { 22 + "100.87.227.94" = [ 23 + "stellapent-cier" 24 + "stellapent-cier.tailnet" 25 + "stellapent-cier.fawn-cod.ts.net" 26 + "stellapent-cier.fawn-cod.tailnet" 27 + "stellapent" 28 + "stellapent.tailnet" 29 + "stellapent.tailnet.andreijiroh.dev" 30 + "stellapent.tailnet.andreijiroh.eu.org" 31 + ]; 32 + "100.120.57.47" = [ 33 + "rpi-aether" 34 + "rpi-aether.tailnet" 35 + "rpi-aether.tailnet.andreijiroh.dev" 36 + "rpi-aether.tailnet.andreijiroh.eu.org" 37 + "aether" 38 + "aether.tailnet" 39 + "aether.tailnet.andreijiroh.dev" 40 + "aether.tailnet.andreijiroh.eu.org" 41 + ]; 42 + "100.102.205.81" = [ 43 + "go" 44 + "go.tailnet" 45 + "go.fawn-cod.ts.net" 46 + ]; 47 + "100.126.238.86" = [ 48 + "paste" 49 + "paste.tailnet" 50 + "paste.fawn-cod.ts.net" 51 + ]; 52 + }; 53 + }; 54 + hosts = { 55 + stellapent-cier = { 56 + "127.0.0.1" = [ 57 + self.directory.localNetwork."127.0.0.1" 58 + "stellapent-cier" 59 + ]; 60 + "192.168.254.160" = [ 61 + "stellapent-cier.local" 62 + ]; 63 + "100.120.57.47" = [ 64 + self.directory.tailnet."100.120.57.47" 65 + ]; 66 + "100.102.205.81" = [ 67 + self.directory.tailnet."100.102.205.81" 68 + ]; 69 + "100.126.238.86" = [ 70 + self.directory.tailnet."100.126.238.86" 71 + ]; 72 + }; 73 + }; 74 + }