Personal Nix setup
Move GPG to home-manager
+62
-77
+28
-27
flake.lock
+28
-27
flake.lock
···
14
14
"systems": "systems"
15
15
},
16
16
"locked": {
17
-
"lastModified": 1723293904,
18
-
"narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
17
+
"lastModified": 1736955230,
18
+
"narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=",
19
19
"owner": "ryantm",
20
20
"repo": "agenix",
21
-
"rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
21
+
"rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c",
22
22
"type": "github"
23
23
},
24
24
"original": {
···
38
38
]
39
39
},
40
40
"locked": {
41
-
"lastModified": 1737058742,
42
-
"narHash": "sha256-akgqrW8z7Nt6SrP56umZRcG4RYUW+nH2WbU4MNF3mPQ=",
41
+
"lastModified": 1738441082,
42
+
"narHash": "sha256-u9VxWHI/tuJOUCxUZwU/OdKDZgWOrh8ub7MKTSjBSK8=",
43
43
"owner": "tadfisher",
44
44
"repo": "android-nixpkgs",
45
-
"rev": "42733564fa7787454437727d09389c8a3663e225",
45
+
"rev": "113ee3d89d2df95ff6b6bc4432852bb880f1df54",
46
46
"type": "github"
47
47
},
48
48
"original": {
···
61
61
"rust-overlay": "rust-overlay"
62
62
},
63
63
"locked": {
64
-
"lastModified": 1735172763,
65
-
"narHash": "sha256-a6n8RsiAolz6p24Fsr/gTndx9xr9USpKqKK6kzBeXQc=",
64
+
"lastModified": 1737610453,
65
+
"narHash": "sha256-OLgl/kgjOmDFrkU04PlqVklXj1m9y8xF7xbD+blAdg8=",
66
66
"owner": "tpwrules",
67
67
"repo": "nixos-apple-silicon",
68
-
"rev": "3daf0637409689d7a1304cedc50d20542bc47905",
68
+
"rev": "1f7bdbb82f6b9ec1d8d206e2c64d36f13bae91a1",
69
69
"type": "github"
70
70
},
71
71
"original": {
···
112
112
]
113
113
},
114
114
"locked": {
115
-
"lastModified": 1736085891,
116
-
"narHash": "sha256-bTl9fcUo767VaSx4Q5kFhwiDpFQhBKna7lNbGsqCQiA=",
115
+
"lastModified": 1738277753,
116
+
"narHash": "sha256-iyFcCOk0mmDiv4ut9mBEuMxMZIym3++0qN1rQBg8FW0=",
117
117
"owner": "lnl7",
118
118
"repo": "nix-darwin",
119
-
"rev": "ba9b3173b0f642ada42b78fb9dfc37ca82266f6c",
119
+
"rev": "49b807fa7c37568d7fbe2aeaafb9255c185412f9",
120
120
"type": "github"
121
121
},
122
122
"original": {
···
328
328
]
329
329
},
330
330
"locked": {
331
-
"lastModified": 1735344290,
332
-
"narHash": "sha256-oJDtWPH1oJT34RJK1FSWjwX4qcGOBRkcNQPD0EbSfNM=",
331
+
"lastModified": 1736373539,
332
+
"narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=",
333
333
"owner": "nix-community",
334
334
"repo": "home-manager",
335
-
"rev": "613691f285dad87694c2ba1c9e6298d04736292d",
335
+
"rev": "bd65bc3cde04c16755955630b344bc9e35272c56",
336
336
"type": "github"
337
337
},
338
338
"original": {
···
352
352
]
353
353
},
354
354
"locked": {
355
-
"lastModified": 1721810896,
356
-
"narHash": "sha256-HuI4ci+0OwWYJsRDPAdzq15OhQ6PrIN957o/ZDRgEPI=",
355
+
"lastModified": 1738491590,
356
+
"narHash": "sha256-4kfFt2XpLQt91rFBzJAn5RwQart1kHwsLp2oljlUETY=",
357
357
"owner": "kitten",
358
358
"repo": "language-servers.nix",
359
-
"rev": "b5783394d5706161ef9d572b514d2c7b7cb4cec9",
359
+
"rev": "98546154224afdc6637ebdb21932cd5a2452337a",
360
360
"type": "github"
361
361
},
362
362
"original": {
···
377
377
"rust-overlay": "rust-overlay_2"
378
378
},
379
379
"locked": {
380
-
"lastModified": 1734994463,
381
-
"narHash": "sha256-S9MgfQjNt4J3I7obdLOVY23h+Yl/hnyibwGfOl+1uOE=",
380
+
"lastModified": 1737639419,
381
+
"narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=",
382
382
"owner": "nix-community",
383
383
"repo": "lanzaboote",
384
-
"rev": "93e6f0d77548be8757c11ebda5c4235ef4f3bc67",
384
+
"rev": "a65905a09e2c43ff63be8c0e86a93712361f871e",
385
385
"type": "github"
386
386
},
387
387
"original": {
388
388
"owner": "nix-community",
389
+
"ref": "v0.4.2",
389
390
"repo": "lanzaboote",
390
391
"type": "github"
391
392
}
···
475
476
},
476
477
"nixos-hardware": {
477
478
"locked": {
478
-
"lastModified": 1736283893,
479
-
"narHash": "sha256-BG1FfTexFwNty5VhYjaQLMR6CMPfI3QRcaZrFQYu2EM=",
479
+
"lastModified": 1738471961,
480
+
"narHash": "sha256-cgXDFrplNGs7bCVzXhRofjD8oJYqqXGcmUzXjHmip6Y=",
480
481
"owner": "NixOS",
481
482
"repo": "nixos-hardware",
482
-
"rev": "4f339f6be2b61662f957c2ee9eda0fa597d8a6d6",
483
+
"rev": "537286c3c59b40311e5418a180b38034661d2536",
483
484
"type": "github"
484
485
},
485
486
"original": {
···
491
492
},
492
493
"nixpkgs": {
493
494
"locked": {
494
-
"lastModified": 1737525964,
495
-
"narHash": "sha256-3wFonKmNRWKq1himW9N3TllbeGIHFACI5vmLpk6moF8=",
495
+
"lastModified": 1738297584,
496
+
"narHash": "sha256-AYvaFBzt8dU0fcSK2jKD0Vg23K2eIRxfsVXIPCW9a0E=",
496
497
"owner": "nixos",
497
498
"repo": "nixpkgs",
498
-
"rev": "5757bbb8bd7c0630a0cc4bb19c47e588db30b97c",
499
+
"rev": "9189ac18287c599860e878e905da550aa6dec1cd",
499
500
"type": "github"
500
501
},
501
502
"original": {
+2
-6
flake.nix
+2
-6
flake.nix
···
18
18
};
19
19
20
20
lanzaboote = {
21
-
url = "github:nix-community/lanzaboote";
21
+
url = "github:nix-community/lanzaboote/v0.4.2";
22
22
inputs.nixpkgs.follows = "nixpkgs";
23
23
};
24
24
···
81
81
inputs.lix-module.overlays.lixFromNixpkgs
82
82
inputs.nvim-plugins.overlays.default
83
83
inputs.android-sdk.overlays.default
84
-
(self: super: {
85
-
inherit (inputs.language-servers.packages.${self.system})
86
-
typescript-language-server
87
-
vscode-langservers-extracted;
88
-
})
84
+
inputs.language-servers.overlays.default
89
85
];
90
86
in {
91
87
darwinConfigurations."sprite" = mkSystem {
+25
-9
home/base/gpg.nix
+25
-9
home/base/gpg.nix
···
1
-
{ lib, config, ... }:
1
+
{ lib, helpers, config, ... }:
2
2
3
3
with lib;
4
4
let
···
14
14
};
15
15
16
16
config = mkIf cfg.enable {
17
-
modules.git.signingKey = mkDefault "303B6A9A312AA035";
17
+
programs.gpg = {
18
+
enable = true;
19
+
homedir = home;
20
+
mutableKeys = true;
21
+
};
18
22
19
-
home.sessionVariables = {
20
-
GNUPGHOME = home;
23
+
services.gpg-agent = {
24
+
enable = true;
25
+
# See: https://github.com/nix-community/home-manager/pull/5901
26
+
enableSshSupport = !helpers.isDarwin;
27
+
verbose = true;
28
+
sshKeys = [
29
+
"E2BFF19637FDC25A02F45583176FAD1ED1F6BDD6"
30
+
"75EF1DBB30A59CFB56BCE06A88CCF363DA63B1A7"
31
+
];
21
32
};
33
+
34
+
# See: https://github.com/nix-community/home-manager/pull/5901
35
+
programs.zsh.initExtra = let
36
+
gpgPkg = config.programs.gpg.package;
37
+
in optionalString helpers.isDarwin ''
38
+
${gpgPkg}/bin/gpg-connect-agent --quiet updatestartuptty /bye > /dev/null 2>&1
39
+
export SSH_AUTH_SOCK=$(${gpgPkg}/bin/gpgconf --list-dirs agent-ssh-socket)
40
+
'';
41
+
42
+
modules.git.signingKey = mkDefault "303B6A9A312AA035";
22
43
23
44
age.secrets."pubring.kbx" = {
24
45
symlink = true;
···
43
64
path = "${home}/private-keys-v1.d/CA84692E3CC846C8EC7272468E962B63FC599E49.key";
44
65
file = ./encrypt/CA84692E3CC846C8EC7272468E962B63FC599E49.key.age;
45
66
};
46
-
47
-
xdg.dataFile."gnupg/sshcontrol".text = ''
48
-
E2BFF19637FDC25A02F45583176FAD1ED1F6BDD6
49
-
75EF1DBB30A59CFB56BCE06A88CCF363DA63B1A7
50
-
'';
51
67
};
52
68
}
+2
-2
home/base/xdg.nix
+2
-2
home/base/xdg.nix
···
13
13
};
14
14
};
15
15
xdg.runtimeDir = mkOption {
16
-
type = types.nullOr types.string;
17
-
default = if helpers.isDarwin then "$(mktemp -d --suffix=$UID)" else null;
16
+
type = types.nullOr types.str;
17
+
default = if helpers.isDarwin then "$(mktemp -d)" else null;
18
18
apply = (val: if val != null then (toString val) else null);
19
19
};
20
20
};
+1
-1
modules/base/certs.nix
+1
-1
modules/base/certs.nix
-1
modules/base/default.nix
-1
modules/base/default.nix
-27
modules/base/gpg.nix
-27
modules/base/gpg.nix
···
1
-
{ lib, config, pkgs, ... }:
2
-
3
-
with lib;
4
-
let
5
-
cfg = config.modules.gpg;
6
-
in {
7
-
options.modules.gpg = {
8
-
enable = mkOption {
9
-
default = true;
10
-
description = "GnuPG";
11
-
type = types.bool;
12
-
};
13
-
};
14
-
15
-
config = mkIf cfg.enable {
16
-
environment.systemPackages = [
17
-
pkgs.gnupg
18
-
];
19
-
20
-
programs.gnupg = {
21
-
agent = {
22
-
enable = true;
23
-
enableSSHSupport = true;
24
-
};
25
-
};
26
-
};
27
-
}
+4
-4
modules/nvim/default.nix
+4
-4
modules/nvim/default.nix
···
12
12
nix_bins = {
13
13
terraformls = '${pkgs.terraform-ls}/bin/terraform-ls',
14
14
tsserver = '${pkgs.typescript-language-server}/bin/typescript-language-server',
15
-
eslintls = '${pkgs.vscode-langservers-extracted}/bin/vscode-eslint-language-server',
16
-
cssls = '${pkgs.vscode-langservers-extracted}/bin/vscode-css-language-server',
17
-
htmlls = '${pkgs.vscode-langservers-extracted}/bin/vscode-html-language-server',
18
-
jsonls = '${pkgs.vscode-langservers-extracted}/bin/vscode-json-language-server',
15
+
eslintls = '${pkgs.vscode-eslint-language-server}/bin/vscode-eslint-language-server',
16
+
cssls = '${pkgs.vscode-css-language-server}/bin/vscode-css-language-server',
17
+
htmlls = '${pkgs.vscode-html-language-server}/bin/vscode-html-language-server',
18
+
jsonls = '${pkgs.vscode-json-language-server}/bin/vscode-json-language-server',
19
19
bunx = '${pkgs.bun}/bin/bunx',
20
20
ripgrep = '${pkgs.ripgrep}/bin/rg',
21
21
rustanalyzer = '${pkgs.rust-analyzer}/bin/rust-analyzer',