diff options
Diffstat (limited to '')
| -rw-r--r-- | files/keys/wsl.pub | 1 | ||||
| -rw-r--r-- | files/keys/yubikey.pub (renamed from files/keys/ssh.pub) | 0 | ||||
| -rw-r--r-- | flake.nix | 4 | ||||
| -rw-r--r-- | home/gpg.nix | 9 | ||||
| -rw-r--r-- | home/neovim/config.nix | 4 | ||||
| -rw-r--r-- | home/neovim/default.nix | 4 | ||||
| -rw-r--r-- | home/ssh/config | 9 | ||||
| -rw-r--r-- | hosts/wsl/default.nix | 7 | ||||
| -rw-r--r-- | lib/default.nix | 5 | ||||
| -rw-r--r-- | lib/files.nix | 23 | ||||
| -rw-r--r-- | lib/lua.nix | 10 | ||||
| -rw-r--r-- | system/default.nix | 7 | ||||
| -rw-r--r-- | system/sshd.nix | 6 |
13 files changed, 57 insertions, 32 deletions
diff --git a/files/keys/wsl.pub b/files/keys/wsl.pub new file mode 100644 index 0000000..02b7331 --- /dev/null +++ b/files/keys/wsl.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPu1tcXlU6rKw8HKWnDhKq52BhKXf4KIyzYzvYyL2eZK freya@wsl diff --git a/files/keys/ssh.pub b/files/keys/yubikey.pub index e2e88e8..e2e88e8 100644 --- a/files/keys/ssh.pub +++ b/files/keys/yubikey.pub @@ -33,7 +33,7 @@ nixos-wsl.inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = {nixpkgs, ...} @ inputs: let + outputs = {self, nixpkgs, ...} @ inputs: let options = import ./options.nix; systems = ["x86_64-linux"]; perSystem = func: @@ -49,7 +49,7 @@ buildSystem = file: system: inputs.nixpkgs.lib.nixosSystem { inherit system; - specialArgs = {inherit inputs;}; + specialArgs = {inherit self inputs;}; modules = [ options ./home diff --git a/home/gpg.nix b/home/gpg.nix index a2deed2..e40ad92 100644 --- a/home/gpg.nix +++ b/home/gpg.nix @@ -2,12 +2,9 @@ config, lib, pkgs, + self, ... -}: let - keysDir = ../files/keys; - keys = lib.attrsets.mapAttrsToList (name: type: "${keysDir}/${name}") (builtins.readDir keysDir); - gpgKeys = builtins.filter (path: lib.strings.hasSuffix "asc" path) keys; -in { +}: { home-manager.users.${config.user} = { # install keys into gpg keyring programs.gpg = { @@ -17,7 +14,7 @@ in { source = path; trust = 5; }) - gpgKeys; + self.lib.gpgKeys; }; # global gpg agent diff --git a/home/neovim/config.nix b/home/neovim/config.nix index ae10243..4ded0e9 100644 --- a/home/neovim/config.nix +++ b/home/neovim/config.nix @@ -1,8 +1,8 @@ { config, - inputs, + self, }: -inputs.self.lib.lua.fmt { +self.lib.toLua { # Width of tabs in the editor tabwidth = 4; # If tabs should be expanded to spaces diff --git a/home/neovim/default.nix b/home/neovim/default.nix index c1ed000..559bdf0 100644 --- a/home/neovim/default.nix +++ b/home/neovim/default.nix @@ -1,11 +1,11 @@ { - inputs, config, lib, pkgs, + self, ... }: let - lua_cfg = import ./config.nix {inherit config inputs;}; + lua_cfg = import ./config.nix {inherit config self;}; lua = builtins.readFile ./init.lua; in { environment.variables.EDITOR = "nvim"; diff --git a/home/ssh/config b/home/ssh/config index d1a3d1d..f240610 100644 --- a/home/ssh/config +++ b/home/ssh/config @@ -1,3 +1,7 @@ +HostkeyAlgorithms +ssh-rsa +PubkeyAcceptedKeyTypes +ssh-rsa +KexAlgorithms -sntrup761x25519-sha512@openssh.com + Match Host * exec "gpg-connect-agent UPDATESTARTUPTTY /bye" Host *.in.freya.cat cid.freya.cat alivemc.net @@ -8,8 +12,3 @@ Host *.cs.rit.edu Host *.redcom.com User fmurphy - -Host * - HostkeyAlgorithms +ssh-rsa - PubkeyAcceptedKeyTypes +ssh-rsa - KexAlgorithms -sntrup761x25519-sha512@openssh.com diff --git a/hosts/wsl/default.nix b/hosts/wsl/default.nix index 55feeb2..dae77b5 100644 --- a/hosts/wsl/default.nix +++ b/hosts/wsl/default.nix @@ -16,4 +16,11 @@ sphinx inputs.self.packages.${system}.arcanist ]; + + # wsl ssh key + home-manager.users.${config.user} = { + programs.ssh = { + extraConfig = "IdentityFile ~/.ssh/id_wsl\n"; + }; + }; } diff --git a/lib/default.nix b/lib/default.nix index 574a348..d342bf8 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,5 +1,8 @@ {...} @ inputs: let callLibs = file: import file inputs; -in { lua = callLibs ./lua.nix; + files = callLibs ./files.nix; +in { + inherit (lua) toLua; + inherit (files) getFiles certs sshKeys gpgKeys; } diff --git a/lib/files.nix b/lib/files.nix new file mode 100644 index 0000000..18439d9 --- /dev/null +++ b/lib/files.nix @@ -0,0 +1,23 @@ +{lib, ...}: let + + # gets list of files from a directory + getFiles = folder: + lib.attrsets.mapAttrsToList (name: type: "${folder}/${name}") (builtins.readDir folder); + + # gets custom set of root certs + certs = getFiles ../files/certs; + + # set of ssh keys + sshKeys = builtins.filter + (path: lib.strings.hasSuffix "pub" path) (getFiles ../files/keys); + + # set of gpg keys + gpgKeys = builtins.filter + (path: lib.strings.hasSuffix "asc" path) (getFiles ../files/keys); + +in { + inherit getFiles; + inherit certs; + inherit sshKeys; + inherit gpgKeys; +} diff --git a/lib/lua.nix b/lib/lua.nix index 704cdfa..6f6389e 100644 --- a/lib/lua.nix +++ b/lib/lua.nix @@ -1,6 +1,6 @@ {lib, ...}: let - fmt = val: - # nil + toLua = val: + # nil if val == null then "nil" # boolean @@ -17,16 +17,16 @@ then "'${val}'" # table (array) else if builtins.isList val - then "{ " + (lib.concatStringsSep ", " (map fmt val)) + " }" + then "{ " + (lib.concatStringsSep ", " (map toLua val)) + " }" # table (object) else if builtins.isAttrs val then "{ " + (lib.concatStringsSep ", " - (lib.mapAttrsToList (k: v: "${k} = ${fmt v}") val)) + (lib.mapAttrsToList (k: v: "${k} = ${toLua v}") val)) + " }" # invalid else throw "Unsupported value: ${toString val}"; in { - fmt = fmt; + inherit toLua; } diff --git a/system/default.nix b/system/default.nix index 1a710d7..ae04066 100644 --- a/system/default.nix +++ b/system/default.nix @@ -1,7 +1,7 @@ { - inputs, config, pkgs, + self, ... }: { imports = [ @@ -136,8 +136,5 @@ }; # certs - security.pki.certificateFiles = [ - ../files/certs/freyanet.crt - ../files/certs/tinternet.crt - ]; + security.pki.certificateFiles = self.lib.certs; } diff --git a/system/sshd.nix b/system/sshd.nix index 0e0f1a2..d9e11f3 100644 --- a/system/sshd.nix +++ b/system/sshd.nix @@ -1,4 +1,4 @@ -{config, ...}: { +{config, self, ...}: { # sshd services.openssh = { enable = true; @@ -26,8 +26,6 @@ # add authorized keys users.users.${config.user} = { - openssh.authorizedKeys.keyFiles = [ - ../files/keys/ssh.pub - ]; + openssh.authorizedKeys.keyFiles = self.lib.sshKeys; }; } |