From f97dffa027242809da97520cd5aec43de10d0b7e Mon Sep 17 00:00:00 2001 From: sstent Date: Sat, 25 Feb 2023 14:11:26 +0000 Subject: [PATCH] sync --- .sops.yaml | 4 +- flake.nix | 2 +- .../home-manager => home-manager}/beets.nix | 16 -- home-manager/global/default.nix | 26 +++ home-manager/home.nix | 63 ------ .../{sstent.nix => users/sstent/default.nix} | 75 ++------ home-manager/users/sstent/secrets.yaml | 66 +++++++ hosts/common/configuration.nix | 100 ---------- hosts/common/default.nix | 8 +- hosts/common/mnt-public.nix | 23 ++- hosts/common/secrets.yaml | 6 +- hosts/common/user-sstent.nix | 7 +- hosts/wsl2/default.nix | 13 +- mods-old/base.nix | 22 --- mods-old/default.nix | 9 - mods-old/home-manager/default.nix | 9 - mods-old/home-manager/nicotine.nix | 13 -- mods-old/modules-list.nix | 6 - modules/home-manager/ssh-proxy.nix | 2 +- {mods-old => modules/nixos}/ssh.nix | 0 pkgs-old/wsl-ssh-agent-relay/default.nix | 26 --- .../wsl-ssh-agent-relay/wsl-ssh-agent-relay | 180 ------------------ shell.nix | 2 +- test | 4 + 24 files changed, 158 insertions(+), 524 deletions(-) rename {mods-old/home-manager => home-manager}/beets.nix (89%) delete mode 100644 home-manager/home.nix rename home-manager/{sstent.nix => users/sstent/default.nix} (68%) create mode 100644 home-manager/users/sstent/secrets.yaml delete mode 100644 hosts/common/configuration.nix delete mode 100644 mods-old/base.nix delete mode 100644 mods-old/default.nix delete mode 100644 mods-old/home-manager/default.nix delete mode 100644 mods-old/home-manager/nicotine.nix delete mode 100644 mods-old/modules-list.nix rename {mods-old => modules/nixos}/ssh.nix (100%) delete mode 100644 pkgs-old/wsl-ssh-agent-relay/default.nix delete mode 100644 pkgs-old/wsl-ssh-agent-relay/wsl-ssh-agent-relay create mode 100644 test diff --git a/.sops.yaml b/.sops.yaml index ab88950..ca273b4 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -3,6 +3,7 @@ keys: - &STUPC_WSL_UBUNTU_2204 age1jvf8rd8krchw3ph0w2let8clvyuzcdhq2ug6sm7tx86refc2z5vq4w6lxr - &STUPC_WSL_NIXOS age1e0g0rrfdmp5f8f4xgkyp8zgxw2v5t3ldlm2t822xekdz0z6qj49q6aesuw - &GO3_WSL_NIXOS age187fdx6pc2559tjh03jrcwp6yj8whd70h666g8a0ptyr0z49tfcsssdx6au + - &STU_ID age1r86w07gy3nm2ltkqx7wcv94wzneeqmqvcm88nzw4g902kdgwgvdqvjumrj creation_rules: - path_regex: secrets.yaml$ key_groups: @@ -10,4 +11,5 @@ creation_rules: - *adminkey - *STUPC_WSL_UBUNTU_2204 - *STUPC_WSL_NIXOS - - *GO3_WSL_NIXOS \ No newline at end of file + - *GO3_WSL_NIXOS + - *STU_ID \ No newline at end of file diff --git a/flake.nix b/flake.nix index eac73d5..48284e7 100644 --- a/flake.nix +++ b/flake.nix @@ -65,7 +65,7 @@ extraSpecialArgs = { inherit inputs outputs; }; modules = [ # > Our main home-manager configuration file < - ./home-manager/sstent.nix + ./home-manager/users/sstent ]; }; }; diff --git a/mods-old/home-manager/beets.nix b/home-manager/beets.nix similarity index 89% rename from mods-old/home-manager/beets.nix rename to home-manager/beets.nix index 4013da2..a238967 100644 --- a/mods-old/home-manager/beets.nix +++ b/home-manager/beets.nix @@ -1,21 +1,6 @@ { config, pkgs, lib, ... }: { - home-manager.users."sstent" = { - # xdg.configFile."beets/discogs_token.test".source = "/run/secrets/discogs_json"; - # xdg.configFile."beets/discogs_token.test".source = config.sops.secrets.discogs_json.path; - # xdg.configFile."beets/discogs_token.test".source = config.lib.file.mkOutOfStoreSymlink "${config.sops.secrets.discogs_json.path}"; -# home.activation.afterWriteBoundary = { -# after = [ "writeBoundary" ]; -# before = []; -# data = '' -# if [ ! -L "~/.config/beets/t3" ]; then -# echo "=> File doesn't exist" -# ln -s /run/secrets/discogs_json ~/.config/beets/discogs_token.json -# fi -# ''; -# }; - programs.beets = { enable = true; settings = { @@ -162,6 +147,5 @@ }; }; - }; } diff --git a/home-manager/global/default.nix b/home-manager/global/default.nix index e69de29..9b9b40f 100644 --- a/home-manager/global/default.nix +++ b/home-manager/global/default.nix @@ -0,0 +1,26 @@ +{ inputs, lib, pkgs, config, outputs, ... }: +{ + imports = [ + ] ++ (builtins.attrValues outputs.homeManagerModules); + + nixpkgs = { + overlays = builtins.attrValues outputs.overlays; + config = { + allowUnfree = true; + allowUnfreePredicate = (_: true); + }; + }; + + nix = { + package = lib.mkDefault pkgs.nix; + settings = { + experimental-features = [ "nix-command" "flakes" "repl-flake" ]; + warn-dirty = false; + }; + }; + + programs = { + home-manager.enable = true; + git.enable = true; + }; +} \ No newline at end of file diff --git a/home-manager/home.nix b/home-manager/home.nix deleted file mode 100644 index 1b03689..0000000 --- a/home-manager/home.nix +++ /dev/null @@ -1,63 +0,0 @@ -# This is your home-manager configuration file -# Use this to configure your home environment (it replaces ~/.config/nixpkgs/home.nix) - -{ inputs, outputs, lib, config, pkgs, ... }: { - # You can import other home-manager modules here - imports = [ - # If you want to use modules your own flake exports (from modules/home-manager): - # outputs.homeManagerModules.example - - # Or modules exported from other flakes (such as nix-colors): - # inputs.nix-colors.homeManagerModules.default - - # You can also split up your configuration and import pieces of it here: - # ./nvim.nix - ]; - - nixpkgs = { - # You can add overlays here - overlays = [ - # Add overlays your own flake exports (from overlays and pkgs dir): - outputs.overlays.additions - outputs.overlays.modifications - outputs.overlays.unstable-packages - - # You can also add overlays exported from other flakes: - # neovim-nightly-overlay.overlays.default - - # Or define it inline, for example: - # (final: prev: { - # hi = final.hello.overrideAttrs (oldAttrs: { - # patches = [ ./change-hello-to-hi.patch ]; - # }); - # }) - ]; - # Configure your nixpkgs instance - config = { - # Disable if you don't want unfree packages - allowUnfree = true; - # Workaround for https://github.com/nix-community/home-manager/issues/2942 - allowUnfreePredicate = (_: true); - }; - }; - - # TODO: Set your username - home = { - username = "your-username"; - homeDirectory = "/home/your-username"; - }; - - # Add stuff for your user as you see fit: - # programs.neovim.enable = true; - # home.packages = with pkgs; [ steam ]; - - # Enable home-manager and git - programs.home-manager.enable = true; - programs.git.enable = true; - - # Nicely reload system units when changing configs - systemd.user.startServices = "sd-switch"; - - # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion - home.stateVersion = "22.11"; -} diff --git a/home-manager/sstent.nix b/home-manager/users/sstent/default.nix similarity index 68% rename from home-manager/sstent.nix rename to home-manager/users/sstent/default.nix index 04be7ac..5c8ef7d 100644 --- a/home-manager/sstent.nix +++ b/home-manager/users/sstent/default.nix @@ -3,13 +3,28 @@ { inputs, outputs, lib, config, pkgs, ... }: { imports = [ - ./global + ../../global + ../../beets.nix ]; - home.username = "sstent"; home.homeDirectory = "/home/sstent"; home.stateVersion = "23.05"; + sops = { + age.sshKeyPaths = [ "/home/sstent/.ssh/" ]; + defaultSopsFile = ./secrets.yaml; + secrets.test = { + # sopsFile = ./secrets.yml.enc; # optionally define per-secret files + + # %r gets replaced with a runtime directory, use %% to specify a '%' + # sign. Runtime dir is $XDG_RUNTIME_DIR on linux and $(getconf + # DARWIN_USER_TEMP_DIR) on darwin. + path = "%r/test.txt"; + }; + }; + + + # Let Home Manager install and manage itself. programs.home-manager.enable = true; home.packages = with pkgs; [ @@ -74,23 +89,6 @@ programs = { export PATH=$PATH:/bin #Fix for wslpath ''; }; -# zsh = { -# enable = true; -# shellAliases = { -# ll = "ls -l"; -# update = "sudo nixos-rebuild switch"; -# }; -# # history = { -# # size = 10000; -# # path = "${config.xdg.dataHome}/zsh/history"; -# # }; -# oh-my-zsh = { -# enable = true; -# plugins = [ "git" "thefuck" ]; -# theme = "robbyrussell"; -# }; -# }; - git = { enable = true; @@ -107,47 +105,8 @@ programs = { }; }; -# systemd.user = { - -# startServices = true; - -# services.ssh-proxy = { -# Unit = { Description = "WSL Proxy"; }; -# Service = { -# ExecStart = "${pkgs.writeShellScript "start-proxy" '' -# set -x -# ${pkgs.coreutils}/bin/rm -f /home/sstent/.ssh/wsl-ssh-agent.sock -# ${pkgs.util-linux}/bin/setsid ${pkgs.socat}/bin/socat UNIX-LISTEN:/home/sstent/.ssh/wsl-ssh-agent.sock,fork EXEC:"${pkgs.npiperelay}/bin/npiperelay.exe -ei -s //./pipe/openssh-ssh-agent",nofork -# ''}"; -# }; -# #Install = { WantedBy = [ "default.target" ]; }; -# }; -# }; } - # homeage = { - # # Absolute path to identity (created not through home-manager) - # identityPaths = [ "~/.ssh/id_ed25519" ]; - - # # "activation" if system doesn't support systemd - # installationType = "systemd"; - - # file."pijulsecretkey" = { - # # Path to encrypted file tracked by the git repository - # source = ./secretkey.json.age; - # symlinks = [ "${config.xdg.configHome}/pijul/secretkey.json" ]; - # copies = [ "${config.xdg.configHome}/no-symlink-support/secretkey.json" ]; - # }; - # }; - - # imports = [ homeage.homeManagerModules.homeage ]; - - - - -# }; ### endf home-manager - - #######If Gnome # config = lib.mkIf config.mymods.gnome.enable { # programs.bash.enable = true; diff --git a/home-manager/users/sstent/secrets.yaml b/home-manager/users/sstent/secrets.yaml new file mode 100644 index 0000000..0eeeb48 --- /dev/null +++ b/home-manager/users/sstent/secrets.yaml @@ -0,0 +1,66 @@ +test: ENC[AES256_GCM,data:MXrxw3LMjCGBi0FL2+dkD0X9Zy5rg+YwUJ5awXtHyU2THPT9FCq91GXE46w3Kw==,iv:TPdKm1OA3wkDpAsluNLkV4+UxcWJccrM4RxEwgZYdeY=,tag:6ZGgi7yj08ahYVDEDSTRdg==,type:str] +example_key: ENC[AES256_GCM,data:fdvxCEw8a7dIN7DEBQ==,iv:y48ctWttnKAmk17hv8LYghj/ls3Z6Pmf9uYM2Fa4k7U=,tag:GWQk49rU3w4KN+vXfsolTw==,type:str] +#ENC[AES256_GCM,data:lZfFV3V634IPjn1Hl4XbbQ==,iv:jsU7QrW4hpYDimllcHUsJI8as8eqvUUf9It5YB2qyR0=,tag:lGgki5ETk88DcWDoYCGLlw==,type:comment] +example_array: + - ENC[AES256_GCM,data:Uygqu3jmGb24gUd62fM=,iv:rxu8qWHlniR5QPwMISGTrX3f2fJvnpW0ot6JVdLmwbc=,tag:IFLRHU2nbceQMHL8BH+SGA==,type:str] + - ENC[AES256_GCM,data:QrYVdSUufPqh1Z4PdK4=,iv:Aa4g8erpPmYI480nPFHAZqm0To+kReHlYXX3ksBmtFg=,tag:BakZ4i0cfvCgee7uE/CijQ==,type:str] +example_number: ENC[AES256_GCM,data:dgBeAvtODesgKQ==,iv:r42I6isKq+1sAMUy9aHlSyEaCd6YgRNjxjUOv2PWgCg=,tag:tu9MvwnlI2PYHZAXoP1qBQ==,type:float] +example_booleans: + - ENC[AES256_GCM,data:A+CplA==,iv:+IurcetC1JzfbhTDdVZX4x3cqSQ+Pf14h4yyJNnb/+E=,tag:UKPcp6Ox52AcXheSGbfvKw==,type:bool] + - ENC[AES256_GCM,data:1VT8RWc=,iv:QWfC9a2W4XR6fQVWTmyv+blEgVswXQY4vRPLyL+ZCUg=,tag:sfF2WoBuDx2NhTPY/8wTIQ==,type:bool] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1jvqe2j70h97844nkz34z9k4epx3uahx50cx75ss8mty2dnxlrf7qqv9a0g + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3Rm41Q3UyUllMU3dMbk0y + Mi9Ndk1jRkNkNjVkUDdvYlVjTUh6R2dOTUFNClNHbzZZY05NVlhWZUNGK28wRG9T + dk5kUS90TXJmY0ROQk03VWhVTVpxQ28KLS0tIHV4NVpadW41eU1yRkF1eXVscHlp + czVmRmFtVUd6VDFHQkZJL3NTZUZFWFkKEuFAX+Ggwy8rpJBVeV1mLUXGw1gG9xor + a0qkRQ3VNiGtbmGD+Pra6tFKxEfs0q04qOa7sBuyNqwkmK2VJmlf2g== + -----END AGE ENCRYPTED FILE----- + - recipient: age1jvf8rd8krchw3ph0w2let8clvyuzcdhq2ug6sm7tx86refc2z5vq4w6lxr + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3VGwwR1BBTlBPZkloS09N + dUFnc0Jaa08wS1N5V3JQd3pMSDk2cUp2WkVZCjIxcDIvRjNjVXJUY2l6dTl3amNL + UVFlVUtmcUtTN0hHakNxT04xeXZHMU0KLS0tIG9tQ0JhdThJRnFVZGVWbVJoUGR3 + ZHRZeGVET09hV3NiWjFJamxOdklCSE0K2ceTz1Y7QS6eqbEpI9Z7nF5wsv/33+fX + eUYpAhdJVEe7ClSADJyQ/sZUwOdd2w2+YcpDBlRUD/z562BcxZtNww== + -----END AGE ENCRYPTED FILE----- + - recipient: age1e0g0rrfdmp5f8f4xgkyp8zgxw2v5t3ldlm2t822xekdz0z6qj49q6aesuw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYcENQM3RkSU5WVGtVeldW + VG42aFphRjJjRXZKN0tXZ3RHV1lrY3JMNWljCm9pUlZ0U2pGNUh1RVA4NktBVFhX + TFJsWUhHZ0dXTzNibFgyYnRWaEx1b2sKLS0tIG80QlRoOFliWFcxYWtrZnVkZU15 + bHhPYkJQVzkxbmJ0dDVoaUVXK1I0akEKG5IaeRGUaxe9SUPl6JMVRrIu5zj4Uztx + c1rajIUsqdElRFZQaGIimXRYv63MJQrQnmDl6Q1VmoozDZTLbHW87g== + -----END AGE ENCRYPTED FILE----- + - recipient: age187fdx6pc2559tjh03jrcwp6yj8whd70h666g8a0ptyr0z49tfcsssdx6au + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSSHRKa2gzc0I4bENiakZR + RVVjVHc5bTI2UXBuZHNneXE3TkdMWHNWZEFBCjVPQm91V0Mzd2RTV3RSMnlkVXE0 + WFA1VzNEdkJUUi9SMldxaVNyQ0tIVHMKLS0tIGZwbHRIdW43WkZ1VGZXTkhjMVJH + YXhVRlpXVC8zVHFVMUprdm1maFZXSDgK8wsMa8MX2cXcmLMLqsm1jg5VWQ9cMJgp + 24uz6/KiXj2bKaKWilG1A+2bwEzaYr2/Nr/Oy5FOsNOQ4f070dDuyw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1r86w07gy3nm2ltkqx7wcv94wzneeqmqvcm88nzw4g902kdgwgvdqvjumrj + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqRnlTbjRxTUxDSjQ5T0Rk + K0JDeFNMaGJSL3V0RjdlZitKazFpTDFaUEg0Ckp5bVg3allyQmlJb3dReW42VXZ0 + QzdDcFRRbW8yU21RQ3hYZGc3Mlk5M3MKLS0tIDNPR0o1ZXFEdkpTVjJ4cjZ4VWhl + YmJrOWxXZEtnZkVoRVh6WUlWcStrS1kK7pr+7ymzpr8hiKULpeojmzpadSCufiFQ + It7c2aVHslB8406U3oJ6k6wgMxIkcqIAaVfPklNir9rGAphSlCkVrg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-02-25T14:11:19Z" + mac: ENC[AES256_GCM,data:ZQ6xfGZCkp/C+QVDQt9q6L6UNBxcVPhOhnUUVFmmMvH9qrt3vekhg3AIg5FmcNhOKEbZ9r+N0F+24EBZT4a0txnHUJQAHK1XC7iuKB44UpR1obrOKON8XN+Zl/tXvQkTjzo52MwiV/S8tOtmjiG+NTOUESbtQSBFIYSx2uAMQGk=,iv:5U3BIuom17XmbbsZ+mehzkRz88YM9KBctPm3WonePfY=,tag:22YMbAO22M5m8bimjsQOng==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/hosts/common/configuration.nix b/hosts/common/configuration.nix deleted file mode 100644 index 265a010..0000000 --- a/hosts/common/configuration.nix +++ /dev/null @@ -1,100 +0,0 @@ -# This is your system's configuration file. -# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix) - -{ inputs, outputs, lib, config, pkgs, ... }: { - # You can import other NixOS modules here - imports = [ - # If you want to use modules your own flake exports (from modules/nixos): - # outputs.nixosModules.example - - # Or modules from other flakes (such as nixos-hardware): - # inputs.hardware.nixosModules.common-cpu-amd - # inputs.hardware.nixosModules.common-ssd - - # You can also split up your configuration and import pieces of it here: - # ./users.nix - - # Import your generated (nixos-generate-config) hardware configuration - ./hardware-configuration.nix - ]; - - nixpkgs = { - # You can add overlays here - overlays = [ - # Add overlays your own flake exports (from overlays and pkgs dir): - outputs.overlays.additions - outputs.overlays.modifications - outputs.overlays.unstable-packages - - # You can also add overlays exported from other flakes: - # neovim-nightly-overlay.overlays.default - - # Or define it inline, for example: - # (final: prev: { - # hi = final.hello.overrideAttrs (oldAttrs: { - # patches = [ ./change-hello-to-hi.patch ]; - # }); - # }) - ]; - # Configure your nixpkgs instance - config = { - # Disable if you don't want unfree packages - allowUnfree = true; - }; - }; - - nix = { - # This will add each flake input as a registry - # To make nix3 commands consistent with your flake - registry = lib.mapAttrs (_: value: { flake = value; }) inputs; - - # This will additionally add your inputs to the system's legacy channels - # Making legacy nix commands consistent as well, awesome! - nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry; - - settings = { - # Enable flakes and new 'nix' command - experimental-features = "nix-command flakes"; - # Deduplicate and optimize nix store - auto-optimise-store = true; - }; - }; - - # FIXME: Add the rest of your current configuration - - # TODO: Set your hostname - networking.hostName = "your-hostname"; - - # TODO: This is just an example, be sure to use whatever bootloader you prefer - boot.loader.systemd-boot.enable = true; - - # TODO: Configure your system-wide user settings (groups, etc), add more users as needed. - users.users = { - # FIXME: Replace with your username - your-username = { - # TODO: You can set an initial password for your user. - # If you do, you can skip setting a root password by passing '--no-root-passwd' to nixos-install. - # Be sure to change it (using passwd) after rebooting! - initialPassword = "correcthorsebatterystaple"; - isNormalUser = true; - openssh.authorizedKeys.keys = [ - # TODO: Add your SSH public key(s) here, if you plan on using SSH to connect - ]; - # TODO: Be sure to add any other groups you need (such as networkmanager, audio, docker, etc) - extraGroups = [ "wheel" ]; - }; - }; - - # This setups a SSH server. Very important if you're setting up a headless system. - # Feel free to remove if you don't need it. - services.openssh = { - enable = true; - # Forbid root login through SSH. - permitRootLogin = "no"; - # Use keys only. Remove if you want to SSH using password (not recommended) - passwordAuthentication = false; - }; - - # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion - system.stateVersion = "22.11"; -} diff --git a/hosts/common/default.nix b/hosts/common/default.nix index e1f58e3..4f29498 100644 --- a/hosts/common/default.nix +++ b/hosts/common/default.nix @@ -11,6 +11,11 @@ home-manager = { useUserPackages = true; extraSpecialArgs = { inherit inputs outputs; }; + sharedModules = [ + inputs.sops-nix.homeManagerModules.sops + ]; + + }; nixpkgs = { @@ -21,7 +26,8 @@ }; programs.fuse.userAllowOther = true; - + security.sudo.wheelNeedsPassword = false; + # nixpkgs.overlays = overlays; # Enable nix flakes nix.package = pkgs.nixFlakes; diff --git a/hosts/common/mnt-public.nix b/hosts/common/mnt-public.nix index a82c53c..fbe9287 100644 --- a/hosts/common/mnt-public.nix +++ b/hosts/common/mnt-public.nix @@ -7,4 +7,25 @@ # options = ["uid=0,gid=1000"]; options = ["guest" "uid=1000"]; }; -} \ No newline at end of file +} + + + +# { lib, pkgs, config, ... }: +# with lib; + +# let cfg = config.services.ssh-proxy; +# in { +# options.services.ssh-proxy = { +# enable = mkOption { +# type = types.bool; +# default = false; +# description = '' +# Enable Mnt Public for WSL +# ''; +# }; +# }; + +# config = mkIf cfg.enable { + +# } \ No newline at end of file diff --git a/hosts/common/secrets.yaml b/hosts/common/secrets.yaml index 85e3a3d..387e397 100644 --- a/hosts/common/secrets.yaml +++ b/hosts/common/secrets.yaml @@ -1,4 +1,4 @@ -hello: ENC[AES256_GCM,data:YCv2DmmbLK0J/bfIETFAigdBYNA4ngz/hjxurUenY+8X0k/nFfPFMYo2T2SJgek=,iv:EwMz6ZkRZrPkGLUmTEkAVaqFXpBLP3Ur4A7buPOlmyE=,tag:9mKTqjVawZBXDxx1iUx65Q==,type:str] +sstent_password: ENC[AES256_GCM,data:WBVW5fBqfKqI,iv:v/MHSgaCM5F2++OPbidVF75UH6fJeWJlj5PaZhZRiTU=,tag:9CNHHvQBHUmVhZ29bo8dOg==,type:str] example_key: ENC[AES256_GCM,data:nFMTN2mxDyCuWTB3CQ==,iv:1C2I7tSW15sGOdfiL1GvIOmCUeH5QgNI3zUWUBiqz3U=,tag:M3jaoS71WOTRe7JH2IFoow==,type:str] #ENC[AES256_GCM,data:kmiX4PQr6LCSeIAnaWg5Vg==,iv:bYDdcMQyfKWgw6nqMaVTRPdKaukinOVifRcissdN7EI=,tag:An6CITxn5+g2DH2yxRKnnw==,type:comment] example_array: @@ -50,8 +50,8 @@ sops: NVRURnUyUFA4OC80K2NqWDNlcW1nSVkKJDwadryzf4gpv+Ije54EL4XCiJh8DCVa Kw9VPkU6WbpT8DMEUkvaydVhJm9QkT7XVAPd8xNh/INsCWhMHZsD2g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-25T04:46:09Z" - mac: ENC[AES256_GCM,data:J/BYh7T+5uXVE3BHj6uQ/o1c3p9B+M5oqBD6v8qxirEAlfCtMcciE93nXF0Gx9fln4rD3tt6YU24oT6/546F2TrWViAamRTDiyACs0gCbE+W7kp0AdcpjlBj4rL4pyYUGwDXZfLXKLpVWztx2O0XwIwoRX+FhjEpvkVvmy/6Acg=,iv:A5xEdkvuD9IO7QL7ZMtdSsxXP6NThgmBwquF14T/HGg=,tag:SzrscVaBPIg+gbMuwMcROA==,type:str] + lastmodified: "2023-02-25T12:39:29Z" + mac: ENC[AES256_GCM,data:s/GL2GLHc40rJpi8E1mf8O3WMr0wl8M2E4wYlmf42U4Jzta3dXADieBPm/Ezb8Gz3PHehtsmpn7xqJR4eIg7f6aAA5+Twcq3yRrHdALrjiW9c2sK8zso4JrRLGhXvCXqbYyFh5qXl1QmOX7dndVEvgWu3GGLe2FY1UMUhgbn6Dc=,iv:64NAs7pT0CvRJ/3/NYgml0G3sYx2L9spvjDBFl9srws=,tag:X8Eeqo2K+fnQ1hOHuNU9zw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/hosts/common/user-sstent.nix b/hosts/common/user-sstent.nix index f5a034a..03d5568 100644 --- a/hosts/common/user-sstent.nix +++ b/hosts/common/user-sstent.nix @@ -1,10 +1,15 @@ { inputs, lib, config, ... }: { + sops.secrets.sstent_password = { + #sopsFile = ./secrets.yaml; + neededForUsers = true; + }; users.users = { sstent = { - initialPassword = "farscape5"; + # initialPassword = "farscape5"; + passwordFile = config.sops.secrets.sstent_password.path; isNormalUser = true; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+D4o3mL4BQsRr0UIhB1hn0brSTIJ9Lr0m2fMMVGF3tIuEihnmwGTeAX78q5/bmoo4gZy7G+CHal54S1lY8LY1KvmIDCpPJ8848HvLbTiTX3qZ7Mjaav+Ox9eHMwX+7zkPwdhfP8TDvmNe12j1GEKBhAm+FhdBQCbEV7cbm1SkX0+WBGoVvI2qbRm1RF0mOuTAmO3Lr2YeAcKJ21YxwNMv1Qrj7oxGYH9rLHLNwZ/0soIdTC9cikl4DHyvCs4HRYcVw36uuCVc/AyIT2GeETRapAQr8nzT89Haa1IThgZ9ztjSsSSOtrUhxatlMIfTIpVjl/gWq7GLfqd/ei/evTal sstent@StuPC" diff --git a/hosts/wsl2/default.nix b/hosts/wsl2/default.nix index fc286d6..6b8aa22 100644 --- a/hosts/wsl2/default.nix +++ b/hosts/wsl2/default.nix @@ -3,6 +3,7 @@ imports = [ ../common ../common/mnt-public.nix + ../common/user-sstent.nix inputs.nixos-wsl.nixosModules.wsl ]; @@ -22,18 +23,6 @@ # docker-desktop.enable = true; }; - # environment.systemPackages = [ - # pkgs.socat - # pkgs.npiperelay - # #pkgs.wsl-ssh-agent-relay - # ]; - - # nixpkgs.config.packageOverrides = pkgs: - # with pkgs; rec { - # npiperelay = callPackage ../../pkgs/npiperelay { }; - # #wsl-ssh-agent-relay = callPackage ../../pkgs/wsl-ssh-agent-relay { }; - # }; - systemd.services.nixs-wsl-systemd-fix = { description = "Fix the /dev/shm symlink to be a mount"; unitConfig = { diff --git a/mods-old/base.nix b/mods-old/base.nix deleted file mode 100644 index bfb0558..0000000 --- a/mods-old/base.nix +++ /dev/null @@ -1,22 +0,0 @@ -# This is your system's configuration file. -# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix) - -{ lib, config, pkgs, inputs, ... }: { - security.sudo.wheelNeedsPassword = false; - - environment.systemPackages = - [ pkgs.cifs-utils]; - - users.users = { - sstent = { - initialPassword = "farscape5"; - isNormalUser = true; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+D4o3mL4BQsRr0UIhB1hn0brSTIJ9Lr0m2fMMVGF3tIuEihnmwGTeAX78q5/bmoo4gZy7G+CHal54S1lY8LY1KvmIDCpPJ8848HvLbTiTX3qZ7Mjaav+Ox9eHMwX+7zkPwdhfP8TDvmNe12j1GEKBhAm+FhdBQCbEV7cbm1SkX0+WBGoVvI2qbRm1RF0mOuTAmO3Lr2YeAcKJ21YxwNMv1Qrj7oxGYH9rLHLNwZ/0soIdTC9cikl4DHyvCs4HRYcVw36uuCVc/AyIT2GeETRapAQr8nzT89Haa1IThgZ9ztjSsSSOtrUhxatlMIfTIpVjl/gWq7GLfqd/ei/evTal sstent@StuPC" - ]; - extraGroups = [ "wheel" "video" ]; - }; - }; - - -} diff --git a/mods-old/default.nix b/mods-old/default.nix deleted file mode 100644 index 8414fea..0000000 --- a/mods-old/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{...}: { - imports = [ - # New module organization - ./gnome - ./home-manager - ./base.nix - ./ssh.nix - ]; -} \ No newline at end of file diff --git a/mods-old/home-manager/default.nix b/mods-old/home-manager/default.nix deleted file mode 100644 index 00acb92..0000000 --- a/mods-old/home-manager/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{...}: { - imports = [ - # New module organization - ./sstent.nix - ./beets.nix - # homeage.homeManagerModules.homeage - - ]; -} \ No newline at end of file diff --git a/mods-old/home-manager/nicotine.nix b/mods-old/home-manager/nicotine.nix deleted file mode 100644 index fedf49f..0000000 --- a/mods-old/home-manager/nicotine.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ lib, config, pkgs, ... }: - -{ -options.mymods.nicotine.enable = lib.mkEnableOption "Enable Nicotine"; - - # config.home-manager = lib.mkIf config.mymods.nicotine.enable { - - # home.packages = with pkgs; [ - # nicotine-plus - # ]; - # xdg.configFile."nicotine/config.old".source = ./configs/nicotine; - # }; -} \ No newline at end of file diff --git a/mods-old/modules-list.nix b/mods-old/modules-list.nix deleted file mode 100644 index 9fd72db..0000000 --- a/mods-old/modules-list.nix +++ /dev/null @@ -1,6 +0,0 @@ -[ - ./gnome - ./home-manager - ./base.nix - ./ssh.nix -] diff --git a/modules/home-manager/ssh-proxy.nix b/modules/home-manager/ssh-proxy.nix index cd1fbe1..0b29df9 100644 --- a/modules/home-manager/ssh-proxy.nix +++ b/modules/home-manager/ssh-proxy.nix @@ -29,7 +29,7 @@ in { Unit = { Description = "WSL Proxy"; }; Service = { ExecStart = "${pkgs.writeShellScript "start-proxy" '' - set -x + # set -x ${pkgs.coreutils}/bin/rm -f /home/sstent/.ssh/wsl-ssh-agent.sock ${pkgs.util-linux}/bin/setsid ${pkgs.socat}/bin/socat UNIX-LISTEN:/home/sstent/.ssh/wsl-ssh-agent.sock,fork EXEC:"${pkgs.npiperelay}/bin/npiperelay.exe -ei -s //./pipe/openssh-ssh-agent",nofork ''}"; diff --git a/mods-old/ssh.nix b/modules/nixos/ssh.nix similarity index 100% rename from mods-old/ssh.nix rename to modules/nixos/ssh.nix diff --git a/pkgs-old/wsl-ssh-agent-relay/default.nix b/pkgs-old/wsl-ssh-agent-relay/default.nix deleted file mode 100644 index 7df64de..0000000 --- a/pkgs-old/wsl-ssh-agent-relay/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ lib, stdenv, pkgs }: - -stdenv.mkDerivation rec { - name = "wsl-ssh-agent-relay"; - version = "0.1"; - src = ./wsl-ssh-agent-relay; - nativeBuildInputs = [pkgs.makeWrapper pkgs.dpkg]; - # phases = ["installPhase" ]; - unpackCmd = '' - # $curSrc is the variable that contains the path to our source. - mkdir wsl-ssh-agent-relay-src - - # We rename the file here, because when nix adds files to the - # store it adds a hash, which obviously we don't want for our - # shell script. - cp $curSrc wsl-ssh-agent-relay-src/wsl-ssh-agent-relay - ''; - - installPhase = '' - install -Dm755 wsl-ssh-agent-relay $out/bin/wsl-ssh-agent-relay - wrapProgram $out/bin/wsl-ssh-agent-relay --prefix PATH : $out/bin - ''; - - - -} diff --git a/pkgs-old/wsl-ssh-agent-relay/wsl-ssh-agent-relay b/pkgs-old/wsl-ssh-agent-relay/wsl-ssh-agent-relay deleted file mode 100644 index 334d4a5..0000000 --- a/pkgs-old/wsl-ssh-agent-relay/wsl-ssh-agent-relay +++ /dev/null @@ -1,180 +0,0 @@ -#!/bin/bash - -#### Add following lines to your shell rc file (.zshrc .bashrc) -# ${HOME}/.local/bin/wsl-ssh-agent-relay start -# export SSH_AUTH_SOCK=${HOME}/.ssh/wsl-ssh-agent.sock - -# If you do not want the ssh agent relay require your ssh agent -# to be running at the time relay is started add the option -s -# to wsl-ssh-agent-relay. - -# For debugging startup problems uncomment next line -exec 2> >(tee -a -i "$HOME/error.log") - -#### Assuming ~/winhome links to %USERPROFILE on Windows side -RELAY_BIN="/mnt/c/ProgramData/chocolatey/bin/npiperelay.exe" - -PIDFILE="${HOME}/.ssh/wsl-ssh-agent-relay.pid" -WSL_AGENT_SSH_SOCK="${HOME}/.ssh/wsl-ssh-agent.sock" - -log() { - echo >&2 "$@" -} - -is_pid_running() { - if [[ -z "$1" ]]; then - return 1 - fi - ps -p "$1" >/dev/null - return $? -} - -_cleanup() { - log "Cleaning up relay to ${WSL_AGENT_SSH_SOCK}..." - if is_pid_running "${SOCAT_WSL_AGENT_SSH_PID}"; then - kill -SIGTERM "${SOCAT_WSL_AGENT_SSH_PID}" || log "Failed." - fi -} - -die() { - if [[ -n "$1" ]]; then - log "$1" - fi - log "Exiting." - exit 1 -} - -usage() { - log "Usage: wsl-ssh-agent-relay [OPTIONS] COMMAND" - log "" - log " SUMMARY: Relay Windows openssh named pipe to local SSH socket in order to integrate WSL2 and host." - log " To debug use foreground command" - log "" - log " OPTIONS:" - log " -h|--help this page" - log "" - log " -v|--verbose verbose mode" - log "" - log " -s|--skip-test skip ssh-agent communication test" - log "" - log " COMMAND: start, stop, foreground" -} - -fg_opts() { - FG_OPTS=() - # Generate opts for passing it to foreground version - if [[ -n "$VERBOSE" ]]; then - FG_OPTS+=("-v") - fi - if [[ -n "$NO_COM_TEST" ]]; then - FG_OPTS+=("-c") - fi -} - -main() { - - POSITIONAL=() - VERBOSE="" - SKIP_SSH_TEST="" - while (($# > 0)); do - case "$1" in - -v | --verbose) - VERBOSE="ENABLED" - shift # shift once since flags have no values - ;; - - -s | --skip-test) - SKIP_SSH_TEST="TRUE" - shift - ;; - - -h | --help) - usage - exit 0 - ;; - - *) # unknown flag/switch - POSITIONAL+=("$1") - shift - if [[ "${#POSITIONAL[@]}" -gt 1 ]]; then - usage - die - fi - ;; - esac - done - - set -- "${POSITIONAL[@]}" # restore positional params - - if [[ -z "$VERBOSE" ]]; then - QUIET="QUIET" - fi - - case "${POSITIONAL[0]}" in - start) - fg_opts - start-stop-daemon --start --oknodo --pidfile "${PIDFILE}" --name wsl-ssh-agent-r --make-pidfile --background --startas "$0" ${VERBOSE:+--verbose} ${QUIET:+--quiet} -- foreground "${FG_OPTS[@]}" - ;; - - stop) - start-stop-daemon --pidfile "${PIDFILE}" --stop --remove-pidfile ${VERBOSE:+--verbose} ${QUIET:+--quiet} - ;; - - status) - start-stop-daemon --pidfile "${PIDFILE}" --status ${VERBOSE:+--verbose} ${QUIET:+--quiet} - local result=$? - case $result in - 0) log "$0 is running" ;; - 1 | 3) log "$0 is not running" ;; - 4) log "$0 unable to determine status" ;; - esac - return $result - ;; - - foreground) - relay - ;; - - *) - usage - die - ;; - esac -} - -relay() { - - trap _cleanup EXIT - - # [[ -f "${RELAY_BIN}" ]] || die "Unable to access ${RELAY_BIN}" - - if pgrep -fx "^ssh-agent\s.+" >/dev/null; then - log "Killing previously started local ssh-agent..." - SSH_AGENT_PID="$(pidof ssh-agent)" ssh-agent -k >/dev/null 2>&1 - fi - - if [ -e "${WSL_AGENT_SSH_SOCK}" ]; then - log "WSL has been shutdown ungracefully, leaving garbage behind" - rm "${WSL_AGENT_SSH_SOCK}" - fi - - socat UNIX-LISTEN:"\"${WSL_AGENT_SSH_SOCK}\"",fork EXEC:"\"\'${RELAY_BIN}\' -ei -s \'//./pipe/openssh-ssh-agent\'\"",nofork 1>/dev/null 2>&1 & - SOCAT_WSL_AGENT_SSH_PID="$!" - if ! is_pid_running "${SOCAT_WSL_AGENT_SSH_PID}"; then - log "Relay for ${SOCAT_WSL_AGENT_SSH_PID} failed" - return 1 - fi - log "Relay is running with PID: ${SOCAT_WSL_AGENT_SSH_PID}" - - if [[ -z "$SKIP_SSH_TEST" ]]; then - log -n "Polling remote ssh-agent..." - SSH_AUTH_SOCK="${WSL_AGENT_SSH_SOCK}" ssh-add -L >/dev/null 2>&1 || die "[$?] Failure communicating with ssh-agent" - log "OK" - fi - - # Everything necessary checks, we are ready for actions - log "Entering wait..." - wait ${SOCAT_WSL_AGENT_SSH_PID} -} - -main "$@" \ No newline at end of file diff --git a/shell.nix b/shell.nix index 9525915..22e0f44 100644 --- a/shell.nix +++ b/shell.nix @@ -5,6 +5,6 @@ default = pkgs.mkShell { # Enable experimental features without having to specify the argument NIX_CONFIG = "experimental-features = nix-command flakes"; - nativeBuildInputs = with pkgs; [ nix home-manager git ]; + nativeBuildInputs = with pkgs; [ nix home-manager git ssh-to-age sops age ]; }; } diff --git a/test b/test new file mode 100644 index 0000000..a24d5cb --- /dev/null +++ b/test @@ -0,0 +1,4 @@ +TEST +TEST +TEST +