add ssh keys

2025-10-16 00:05:15 -05:00
parent 270f3cc9ee
commit 311ac16dfc
5 changed files with 60 additions and 48 deletions
--- a/users/blake/dots/gpg/default.nix
+++ b/users/blake/dots/gpg/default.nix
@@ -1,5 +1,6 @@
 {
  pkgs,
+  lib,
  config,
  ...
 }: {
@@ -12,6 +13,8 @@
    pinentry.package = pkgs.pinentry-qt;
    pinentry.program = "pinentry-qt";
  };
-  # install pinentry programs
-  home.packages = with pkgs; [pinentry-qt pinentry_mac];
+  # install pinentry programs conditionaly based on os
+  home.packages =
+    lib.optional pkgs.stdenv.isDarwin pkgs.pinentry_mac
+    ++ lib.optional pkgs.stdenv.isLinux pkgs.pinentry-qt;
 }
--- a/users/blake/dots/ssh/default.nix
+++ b/users/blake/dots/ssh/default.nix
@@ -23,24 +23,20 @@
  };

  # import sshkeys from keyring
-  home.file.".ssh/id_snowbelle".source = config.lib.file.mkOutOfStoreSymlink /home/blake/.nix/.keyring/ssh/id_snowbelle;
-  home.file.".ssh/id_snowbelle.pub".source = config.lib.file.mkOutOfStoreSymlink /home/blake/.nix/.keyring/ssh/id_snowbelle.pub;
+  #home.file.".ssh/id_snowbelle".source = config.lib.file.mkOutOfStoreSymlink /home/blake/.nix/.keyring/ssh/id_snowbelle;
+  #home.file.".ssh/id_snowbelle.pub".source = config.lib.file.mkOutOfStoreSymlink /home/blake/.nix/.keyring/ssh/id_snowbelle.pub;


-  #  # manage secrets with sops
-  #  sops.secrets = {
-  #    "id_snowbelle" = {
-  #      owner = "blake";
-  #      group = "blake";
-  #      mode = "0600";
-  #      path = "/home/blake/.ssh/id_snowbelle";
-  #    };
-  #    "id_snowbelle.pub" = {
-  #      owner = "blake";
-  #      group = "blake";
-  #      mode = "644";
-  #      path = "/home/blake/.ssh/id_snowbelle.pub";
-  #    };
-  #  };
+  # manage secrets with sops
+  sops.secrets = {
+    "id_snowbelle" = {
+      mode = "0600";
+      path = "/home/blake/.ssh/id_snowbelle";
+    };
+    "id_snowbelle.pub" = {
+      mode = "644";
+      path = "/home/blake/.ssh/id_snowbelle.pub";
+    };
+  };

 }
--- a/users/blake/dots/zsh/default.nix
+++ b/users/blake/dots/zsh/default.nix
@@ -20,33 +20,6 @@
      highlight = "fg=#45494f,underline";
    };

-    syntaxHighlighting = {
-      enable = true;
-      highlighters = ["main" "brackets" "pattern" "regexp" "cursor" "root"];
-      styles = {
-        "default" = "none";
-        "unknown-token" = "fg=red";
-        "reserved-word" = "fg=red";
-        "alias" = "fg=cyan,underline";
-        "suffix-alias" = "fg=cyan,underline";
-        "builtin" = "fg=cyan";
-        "function" = "fg=cyan";
-        "command" = "fg=cyan,bold";
-        "path" = "fg=cyan,underline";
-        "precommand" = "fg=cyan,underline";
-        "commandseparator" = "fg=white";
-        "globbing" = "fg=white";
-        "history-expansion" = "fg=white";
-        "hashed-command" = "fg=magenta";
-        "single-hyphen-option" = "fg=blue";
-        "double-hyphen-option" = "fg=blue";
-        "back-quoted-argument" = "fg=yellow";
-        "single-quoted-argument" = "fg=white";
-        "double-quoted-argument" = "fg=white";
-        "dollar-double-quoted-argument" = "fg=blue";
-        "back-double-quoted-argument" = "fg=blue";
-      };
-    };

    history = {
      size = 10000;
@@ -105,6 +78,7 @@
      pull = "git pull";
      dotfiles = "/usr/bin/git --git-dir=$HOME/.dotfiles --work-tree=$HOME";
      dtf = "/usr/bin/git --git-dir=$HOME/.dotfiles --work-tree=$HOME";
+      sec = "sops ~/.nix/secrets/secrets.yaml";

      # --- systemd ---
      stat = "sudo systemctl status";
@@ -131,6 +105,34 @@

    '';

+    syntaxHighlighting = {
+      enable = true;
+      highlighters = ["main" "brackets" "pattern" "regexp" "cursor" "root"];
+      styles = {
+        "default" = "none";
+        "unknown-token" = "fg=red";
+        "reserved-word" = "fg=red";
+        "alias" = "fg=cyan,underline";
+        "suffix-alias" = "fg=cyan,underline";
+        "builtin" = "fg=cyan";
+        "function" = "fg=cyan";
+        "command" = "fg=cyan,bold";
+        "path" = "fg=cyan,underline";
+        "precommand" = "fg=cyan,underline";
+        "commandseparator" = "fg=white";
+        "globbing" = "fg=white";
+        "history-expansion" = "fg=white";
+        "hashed-command" = "fg=magenta";
+        "single-hyphen-option" = "fg=blue";
+        "double-hyphen-option" = "fg=blue";
+        "back-quoted-argument" = "fg=yellow";
+        "single-quoted-argument" = "fg=white";
+        "double-quoted-argument" = "fg=white";
+        "dollar-double-quoted-argument" = "fg=blue";
+        "back-double-quoted-argument" = "fg=blue";
+      };
+    };
+
    #    zplug = {
    #      enable = true;
    #      zplugHome = "$XDG_STATE_HOME/zsh/zplug";
--- a/users/blake/home.nix
+++ b/users/blake/home.nix
@@ -6,6 +6,7 @@
  ...
 }: {
  imports = [
+    inputs.sops-nix.homeManagerModules.sops
    ./dots/neovim
    ./dots/lf
    ./dots/zsh
@@ -32,4 +33,10 @@

  # for macos
  programs.home-manager.enable = true;
+
+  sops = {
+    defaultSopsFile = ../../secrets/secrets.yaml;
+    defaultSopsFormat = "yaml";
+    age.keyFile = "/home/blake/.config/sops/age/keys.txt";
+  };
 }