From 311ac16dfc3f0acb34944074d1670281a4a8e0c7 Mon Sep 17 00:00:00 2001 From: blake Date: Thu, 16 Oct 2025 00:05:15 -0500 Subject: [PATCH] add ssh keys --- secrets/secrets.yaml | 8 +++-- users/blake/dots/gpg/default.nix | 7 ++-- users/blake/dots/ssh/default.nix | 30 ++++++++--------- users/blake/dots/zsh/default.nix | 56 +++++++++++++++++--------------- users/blake/home.nix | 7 ++++ 5 files changed, 60 insertions(+), 48 deletions(-) diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index e883fe4..b4760b4 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -26,6 +26,10 @@ copyparty_passwd: ENC[AES256_GCM,data:I3UYy4nJ0B6RnIp661O0VVqEmxloxxcroBKmNFcgoQ vpncon_mex_config: ENC[AES256_GCM,data:4i356X97sBoRliskmh5ewcEwZHkpo37IhPcemKVdWJgWFWtA+AhTeEo4KQ3dRA1H/n8VjVX7CKZKPDxpmHfcUlnTLT0agtOjjyjf60kWoL8noJqcbDB4wGiYT910rPToVnYMFk0H2lerYp+/n2bhg8BHxn++VlPOOZsgla4El+FNXUqhScpAawySPSF36ocdRJ3r3DuflIhnTBXxSZukMf9Ux1uaFldSG7KasCQlStKy9O2Odd2AvAuGXOHch5KecRPT3WnonQ8oDJpuxbeaosLmtJKHL9oeXHPId2Unc1GNoOpnDC3Y/xGnrPb9WFXWYOSQ/1A3mNKwnVq0FEhluVbqodES4PVIlCS0koiQJq15P15G2z0jO+OhAQrRI5vn3Fki5A==,iv:tQvTpzhl7F7niigAXl61FMHbg6QqI2R7yGD/C2lwOR4=,tag:c+CVLd6lGrAfm38pFXOXTw==,type:str] #ENC[AES256_GCM,data:ep/Z5O6RNFwTd0I5hvtk5DP9,iv:M7sclKcTR+IfCEsvz0lZaoZBRZlQsN/FhwuzFNXgVew=,tag:Ddo3Qf8tMBX9Amt7C9m5FA==,type:comment] klefki_pub.asc: ENC[AES256_GCM,data:lGfgwhgn2xCb1cNTo0nMP8R3KSDiEn0/k6neDE2dv1DynvXsHWmZSXED6VWBjY3uMU3YtcpXGCtxTU6EiaRKiGnhxslQlBiSypAnXHeh55DZJMJJ/JM7+BCtr33LY2lusF9/aAuKO9tbdpGmu63s5ItZ1/9zMoCJwBfpQZgY2HzZoBhjwqYu2wSkOOVAMjq+jXET7nASieOZXmpQq2uDepuEDa8MP7d6G6kV2KYJPdLYYaY4U2eppEr7ALhhJidYm3P38W47JuLyu/2raG0AY2uDtCQw9d16BcJO3au+T4B4mHzPg1/cPhQ2X4dHTTGHjRZ0sT95DrEYYmcwWVKHKyiuL8WPtQmF0QBfCOPczwJajJejB4DbxEW8U2kuhuoBWr7wZe4y/nbW2hB3pcMYYXc0EXen74IttiUrvksw+hbkLaZDCJgG91SOlWSwI12UlDrJJSzOYm+ODWqK+bKyqAafQTL9xh5heM3nQlR5G6/A/8UG+0q5ZDL+IxJwe+EffJNwrL1mn4Rc3qx068udMJC+qzmft7Ljey7mfoIiwepITpii1IA/CtuEqtpe4I5MUemQ60qAw/PoVbmD8zhOcnRHCBZtQ394I5vMo1qR2a4KeBICexx3IAjpeAQYI3+MAgo/bedqpklLYjbxpv37XwinoLj9ew4hKSjAB1wRRZlswmk+GD4XKlVo8eu88RCXYrsZ2oaOD4qxrtbc7+skGm+EqxL67nLW5n9bSC2u95bFJ1386teSFhsJL9w3EFiBlQRtm5tvee/ipmr6D2W7SyfCnSxImPC4TgTwkAXziQ3XtsUtGqj0Tv1HGayaAQpYzlJaPzf7h8oanH1VaA+AgRq+RY1OjLZGHEz37jSbqhWOiIWxwJ7qFaqGB90cHq3s07qcWrDl2wUawFLTXavZ0IF3gj9KnFSIzW3+ANvedUCXOjai+zOKmpxVFZ4Bi4W3Dcbl9B+qa0Ly0NIgldi7PmqEvL3V4FnJs6WnwdagyhXOzdlKVlrAgGluucgqBpBZZfpN6uB+tdkbrqzsdMbr+H9Hwk3RUxRzAK9k+J9WRgY7eMazH0najJ1PYh9/UZJf0DKWRi2vZTlWW+6ZruJWTohOKm+7MCgvMEttIpNQfvK6+cq7p3vwPe+pmq0DznNg4LO7Uu3cXKq3zHjl08KGE04KZyfoJuZPr+XrF91AywZ03HlT2SBBaZtFld1VapccgB5DqgE1JfFg+TS4is9a8G52Ad9yh/abUmLohsnUpGdYMaj/1FmhSLM7ldHeub8CmL2vKW4f/JTuqmOxq3X5RA+qw5f946ekUz9ZF8EyGvNwaRZ2p5m0MtXQG2IKp8Q61aBSpqbMwKzTW93VycEn7L5ZsoV5eYo0rC4PMawGkfgdNzBpq4NL5bNB82l6qHnWqU7jXh611/ZV4ueX2MLSB3cyhnaFxsH9bat1jGDtUl5umNWNtvN6rWBVsClmYfBLSUCEyftGPlxzAOy6vRHGxAdCNdoiTRGgZru3aYyW9l5XhYH1aZ+dOlTOwngaqqIb3kZoPzcc9xCeZ/I/N6iVuTUI69us8y3LVL6qKa6az5zTTgumoFB5kMugPtumS1U9hzhLtm9+hY6yZVgYredgAwVVIviMAqFFZztFkPiskcwIdrPhXzoXwfuBWDaq+dF9nykjw1F9U2gyDU0YhEOtSmdIWoIma3OmdOZ/h/JbWNrwUoAirmBmWIHQTmA5Ag==,iv:btQ5xmt/AA9vW1njJH4Inj6YmOBx6pGbHbsvCMbg7fI=,tag:DuQ4Wy9wX3mPQAVLLd6t1Q==,type:str] +#ENC[AES256_GCM,data:7V0L0832xewUXU8/Bq469w==,iv:9bCzEpUcNx6qnCMomFweXgYmWwSMzdffDikjA22xu6E=,tag:F4S80e/EPXA0tS20KFRbXw==,type:comment] +id_snowbelle: ENC[AES256_GCM,data:MAw5R2fqVIctN7fB/d3hfCU7W3sxvuy2O3w3n0vD8FxK1DAhqoROlVv04joV1a+U1hof57TYc1cN2ng9BRWxadc8ZIpWakokZYVI0dUG05/hPMyxctWPkOiDd5909aaNUFC2G+Y/VrgAemyrB+AlQgokV0U3fiz+qjg055fzO7ypaeM8okON6rBnigfwetmSm60MxpdYrVlxVaniDVvKKUYZjpHU8SZ+TYj6Jmm/bVuKWOJ2DXZbmM0CeKeIgnA9HML1wSXojMv2IMGulxq5mmdaiiJTPoL1q17OA5zZkkVW3Dx1y6SbEeBAQTPG32RHseAxXK6qdU6lftRQZKyivuyjdCVfBBw/VzqTxbWjSXXsjDdK/Ti09051w6znA1uvRX65XsOq6zPKt4BNwR+yMDF+xR9AElBTHES/TDf7TRc5YDyovlH2PhGNg12Coy3zfb6WESLyaz3/GYZxF0IjvBnDkN65CRjstut0CgKXcWY8x+CuKVysU+U4c0A2ucDnsf3HuITrdIufhAwRNNZMka7LWVsaaR/tnvcf,iv:agf/LEjohw1XAXsOJJ78kiBVJnTT95IUmWzYUujSlJI=,tag:a55o9L85a9Z7gG9s5BEfIw==,type:str] +#ENC[AES256_GCM,data:ozhgyE+IyqR10KT8vI9x,iv:+ZOTucRlCZRQ9ZbxZgySPMOJ/qU4gXbhSyLAMgt4QMs=,tag:mQ3X+dqCet1Yk1gZ5pZ5gw==,type:comment] +id_snowbelle.pub: ENC[AES256_GCM,data:rQ32bqwknbVssJDN4TW72YrusMPQJRFTfpoH2M2ELsAf3DkXtchGwOSjEbeR9ezUgHkTD96rFm5JvjDFQukAOpBHfMP5aRVy6RjTtb8j7aAD+EGUEpBSAVspZKQAWAqyDQ==,iv:8bEgvJgWpu7QwsrWhkjUw3GtRI92Pn7TT0rXCQ/i2Js=,tag:EnUehKMncN5v4dZZ/es3Qw==,type:str] #ENC[AES256_GCM,data:lS++LQwlDVP0aYcdaaudBkKxNB3P3UBE,iv:UqGcXcX/Jvf60o409Cxj7VJCDh63uUxy45PuZbHK2l8=,tag:OXdMwuJwdN8DQaLXACpcRA==,type:comment] ssl_blakedheld_crt: ENC[AES256_GCM,data:EvImZ3y5lrmD2P2Cehd4yAyranHRBkejbnad1qmH9KbKeLNFsTcqW4L3NDYydbKurWCWYa/jJAL/BwT2xmUhwdFlarCiTFGnLXxMFhd6Tq+5if8r6BfSLCCS4IXcXnXP4k96ZR2fdD+lnDN1ljb7pI5hekz+HoVwBoLVVrfvQvqj72Kr5rfm5ttLN21yfi5DbgfX7n9AO6X32wzpIAXxQaYIFdPpm12WMpEX+zfxjjcpOR+Xv8npbs4AlopFaZ1N8d2AlM19ChwTZm/Zmq3BQt5Z2bhGsQD/s357F5ofmSfQ8BGXdeUguLj0BtZw6zrxQlySmJMNroBxrQresE7cdeoeEagZXXxJd0S64HcvonV3jjp4s5817YWLxGD8rws2fH9Ci91DEMlI+4/U9Jb/fWz7nxXSMekpNkGRrKPm6L+3/dxpvbkv9UyQi3OVTcx642WYyFaZnP6J6qcbH+itwfuPE1Fu+fe9IlIbAopDrvau0CGisU4FhX+NYMEmFu6N/+unFyMpj9qsqS8UFAXfgvSPRQTULqcaaOK7MRVh3JGOfR9qnbbPjt+aJRrkTW7q/8OWcqvxLgPnZlpPkvsg9PjcZmwxV4ooh3FC85vsrEc8tEqzzbrSWrJRXpL2ZJxsO2AfpHICexyjJium2Dm0hfR9EP5b4ltzeqg0rBeczec7/Tckafy3cGk1jCkPoDYN857Kl6oHi/9TduYvqReKJTV8dLB256M3TBeAYNQypCGceemPtcYrAgG+yMC8tnR57k5QjXsCmT69fAlPibvZdHUxh6Hqlx9sj5WU1NhGRCQsAj362UzGsEcVoF5/zcXVf4i2yCT+axNRyK/JU4JW6GaldJQ8PV+ay5RhNHtErgP18IaY7RjwTA0PVd5G839qbHZlJXiO/EvqrVpuy7UthQlvN+9Y+YM5jQMi64ahEcdWXYSjhqnbh6cZ3xfOXK0egTpy1/xG+FXpFMIvqK2gPZrB1B1Wc0XSvpOBFxTRaWlfDYeVwDtw9QCbM/7jhD9jaopdhMoPH5J/guLxMhRtRw0CJUemnTX1KJ8dGpvDfaCdj+I7ptb7vQ0wAfU/ferpfLX07j6g8MMa4p9jzI9BtXyd9OEOtyFfV5X5Mls9FfhmNi4+ES8LmawsLiyptKKUA7db4GZ4CLJqeR3khh/sej/ESgeXTfLXlOQbIALOdfrPo1t0fDRlW0H42FhmyHeily7KCBFS/pcziTVkM1YPrfyCXH6p8hVBNJ/JYWlEoS5qAxfcXP6cS+/3L16Y5XEP2Aea02qhim02C3qIX+6CQAc5QmuMfl+itnmWdTdwpPzEwVExoUQLCNTU610mkkKtSdMe3aLzmMrfQskEwjMhfXCwVsO+HWugi7im5GAezs+3wuK8j4GYai2sMerKesl4mJXIZWTLJqG8Vj7yKMHJ5mCiOPPYQ3AL++s916kRu3gO1evxfzul7ndh1GypVbX66QZotV9/MN4wSGxw/RCRscZrM+XzmlrhiKT3uezF9KKiw9J1F3zDrtcjmIqll2WVn+U5uzPYEj6TeC5ty/q3OdhYY58U7qe84Pj5zq72bLegBMMK8sG685ylPWD5l79+3D+JGCbjRTwu2oNaIdy9wem0rl56YX+kcGQC2IQcWXcIDASVhAQjguTU/mmMzLNZb3effZ4ZNAmnWgra4hnjEqChuxKlEM7blm057K2G7HP/j82Xy9VsBOTTc0Q2KJZpdb9t+vfDUNJtNdog5w5SnObRqIkUdDrFx04tGUDp/8eqqSHZWZOLq+G4jzarn6YhvNpEote89cARCqdZGhREJFi+zeFWhguasltfSjXhQrYc2p46GlV4USKuWiyIUny5I5/HR2/0Ci5vK2wh1jZ+JC53sKxA3MHg5Udyqkt8tLK+5X5NL6F9EBCRSzCqXDCds6mGu26X5Qt10UZdLTxJs3M0x3bSbN1qJUnv6K0iKgAVw09jeXzKcVXbmFQUDJoVEErIcg1Oed8EwfJu274rF8Nfxh+29LE0CO3q/pR0P91eiUKLKK6oy9tpGnGrnRViAZS3LvVsNVdlWBSEm6WSiwM97hDH3CFqwUHPYzM830DZS6bfIL0OfT9lH5a1f7+Uywi3O3EaJaR0lr5esGJImOQG02yjCvqmdS+igFMKzdAyxQO1WSXDwHXZGTYZbhqyGYK+zc89lKdBaXiC91POQIiz5/xciXqb77YnXKeg4g==,iv:VQIqXN3r7DOVREX4fP5/OR8xECXLjYKfhd6XP3ghMaY=,tag:eVdyxrw/w5zBGxV6Tai2Pg==,type:str] #ENC[AES256_GCM,data:3G8XqUKua1QgUxv2YJkW0fDnQPX7+v8GDC9BHg==,iv:BkESkMmMalgesy9why9eaKkOOvwSsN2EhNCRRRmZNtA=,tag:x95zt2B2M19BkzeMpAlXIg==,type:comment] @@ -41,7 +45,7 @@ sops: U0tmdFBuZnJES3piOTZNV0VKQmQ0eVUKCWRQ/flLzmpC64WyLoipklZBmrkpYiUg PRu+itNolpPTHm96pe+P93g2iP0wgekG0cX21wkiU2xaLF3dY2FEIA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-10-14T19:45:38Z" - mac: ENC[AES256_GCM,data:bxMEJTiMZQo4eXmTzamCQALYSdAj7buciSra1kozyahbeD0xkDco5Pgr6AuvnITKcxvINBfS7qJ0GJCwkQ4DNtPqt/b2T9P8QvtYq7iKMbDou81Vni4C24IlHrh/oSl+gF/8G8KVKjeCc2g94xaMrHZfpdSyceNKkr/vSoOkyrk=,iv:Mn46bU1fFxztgFjYSNkGIz4Izi4CiDRlonizfuxNU50=,tag:SlYtnP2bdbwogeQ8h1rHEQ==,type:str] + lastmodified: "2025-10-16T05:02:49Z" + mac: ENC[AES256_GCM,data:IU3J61qH0zCeSSrCdIdhrZ0IVl4F6AdhQ6enJl652PBNauqyNb+6ph+RnKbTVa6f1yDI1v75YHQmGgeZjOW7OWLH91rOwP0CsH59j1xeoLA1vWsUFNbEHnYowdcBb+tz4i6FMR2u4Nb5dLlOqKm2Xi3IT8ZPo1JDb7KB868jQ+4=,iv:yWxX1zFXG/FwnRoe3+7z9bAUu8qnM4M6w7KNfKHS3DQ=,tag:gmpZK3azAopujGlaBwnYnQ==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 diff --git a/users/blake/dots/gpg/default.nix b/users/blake/dots/gpg/default.nix index 641a26b..1b50a71 100644 --- a/users/blake/dots/gpg/default.nix +++ b/users/blake/dots/gpg/default.nix @@ -1,5 +1,6 @@ { pkgs, + lib, config, ... }: { @@ -12,6 +13,8 @@ pinentry.package = pkgs.pinentry-qt; pinentry.program = "pinentry-qt"; }; - # install pinentry programs - home.packages = with pkgs; [pinentry-qt pinentry_mac]; + # install pinentry programs conditionaly based on os + home.packages = + lib.optional pkgs.stdenv.isDarwin pkgs.pinentry_mac + ++ lib.optional pkgs.stdenv.isLinux pkgs.pinentry-qt; } diff --git a/users/blake/dots/ssh/default.nix b/users/blake/dots/ssh/default.nix index f7f1ca7..49d8b87 100644 --- a/users/blake/dots/ssh/default.nix +++ b/users/blake/dots/ssh/default.nix @@ -23,24 +23,20 @@ }; # import sshkeys from keyring - home.file.".ssh/id_snowbelle".source = config.lib.file.mkOutOfStoreSymlink /home/blake/.nix/.keyring/ssh/id_snowbelle; - home.file.".ssh/id_snowbelle.pub".source = config.lib.file.mkOutOfStoreSymlink /home/blake/.nix/.keyring/ssh/id_snowbelle.pub; + #home.file.".ssh/id_snowbelle".source = config.lib.file.mkOutOfStoreSymlink /home/blake/.nix/.keyring/ssh/id_snowbelle; + #home.file.".ssh/id_snowbelle.pub".source = config.lib.file.mkOutOfStoreSymlink /home/blake/.nix/.keyring/ssh/id_snowbelle.pub; - # # manage secrets with sops - # sops.secrets = { - # "id_snowbelle" = { - # owner = "blake"; - # group = "blake"; - # mode = "0600"; - # path = "/home/blake/.ssh/id_snowbelle"; - # }; - # "id_snowbelle.pub" = { - # owner = "blake"; - # group = "blake"; - # mode = "644"; - # path = "/home/blake/.ssh/id_snowbelle.pub"; - # }; - # }; + # manage secrets with sops + sops.secrets = { + "id_snowbelle" = { + mode = "0600"; + path = "/home/blake/.ssh/id_snowbelle"; + }; + "id_snowbelle.pub" = { + mode = "644"; + path = "/home/blake/.ssh/id_snowbelle.pub"; + }; + }; } diff --git a/users/blake/dots/zsh/default.nix b/users/blake/dots/zsh/default.nix index 69bf0c7..4b59ba9 100644 --- a/users/blake/dots/zsh/default.nix +++ b/users/blake/dots/zsh/default.nix @@ -20,33 +20,6 @@ highlight = "fg=#45494f,underline"; }; - syntaxHighlighting = { - enable = true; - highlighters = ["main" "brackets" "pattern" "regexp" "cursor" "root"]; - styles = { - "default" = "none"; - "unknown-token" = "fg=red"; - "reserved-word" = "fg=red"; - "alias" = "fg=cyan,underline"; - "suffix-alias" = "fg=cyan,underline"; - "builtin" = "fg=cyan"; - "function" = "fg=cyan"; - "command" = "fg=cyan,bold"; - "path" = "fg=cyan,underline"; - "precommand" = "fg=cyan,underline"; - "commandseparator" = "fg=white"; - "globbing" = "fg=white"; - "history-expansion" = "fg=white"; - "hashed-command" = "fg=magenta"; - "single-hyphen-option" = "fg=blue"; - "double-hyphen-option" = "fg=blue"; - "back-quoted-argument" = "fg=yellow"; - "single-quoted-argument" = "fg=white"; - "double-quoted-argument" = "fg=white"; - "dollar-double-quoted-argument" = "fg=blue"; - "back-double-quoted-argument" = "fg=blue"; - }; - }; history = { size = 10000; @@ -105,6 +78,7 @@ pull = "git pull"; dotfiles = "/usr/bin/git --git-dir=$HOME/.dotfiles --work-tree=$HOME"; dtf = "/usr/bin/git --git-dir=$HOME/.dotfiles --work-tree=$HOME"; + sec = "sops ~/.nix/secrets/secrets.yaml"; # --- systemd --- stat = "sudo systemctl status"; @@ -131,6 +105,34 @@ ''; + syntaxHighlighting = { + enable = true; + highlighters = ["main" "brackets" "pattern" "regexp" "cursor" "root"]; + styles = { + "default" = "none"; + "unknown-token" = "fg=red"; + "reserved-word" = "fg=red"; + "alias" = "fg=cyan,underline"; + "suffix-alias" = "fg=cyan,underline"; + "builtin" = "fg=cyan"; + "function" = "fg=cyan"; + "command" = "fg=cyan,bold"; + "path" = "fg=cyan,underline"; + "precommand" = "fg=cyan,underline"; + "commandseparator" = "fg=white"; + "globbing" = "fg=white"; + "history-expansion" = "fg=white"; + "hashed-command" = "fg=magenta"; + "single-hyphen-option" = "fg=blue"; + "double-hyphen-option" = "fg=blue"; + "back-quoted-argument" = "fg=yellow"; + "single-quoted-argument" = "fg=white"; + "double-quoted-argument" = "fg=white"; + "dollar-double-quoted-argument" = "fg=blue"; + "back-double-quoted-argument" = "fg=blue"; + }; + }; + # zplug = { # enable = true; # zplugHome = "$XDG_STATE_HOME/zsh/zplug"; diff --git a/users/blake/home.nix b/users/blake/home.nix index 79fc9b0..3ce582f 100644 --- a/users/blake/home.nix +++ b/users/blake/home.nix @@ -6,6 +6,7 @@ ... }: { imports = [ + inputs.sops-nix.homeManagerModules.sops ./dots/neovim ./dots/lf ./dots/zsh @@ -32,4 +33,10 @@ # for macos programs.home-manager.enable = true; + + sops = { + defaultSopsFile = ../../secrets/secrets.yaml; + defaultSopsFormat = "yaml"; + age.keyFile = "/home/blake/.config/sops/age/keys.txt"; + }; }