diff --git a/users/myuser/default.nix b/users/myuser/default.nix index e17d2ab..3eaf145 100644 --- a/users/myuser/default.nix +++ b/users/myuser/default.nix @@ -5,6 +5,10 @@ ... }: let myuser = config.repo.secrets.global.myuser.name; + mkUserDirs = map (directory: { + inherit directory; + mode = "700"; + }); in { users.groups.${myuser}.gid = config.users.users.${myuser}.uid; users.users.${myuser} = { @@ -20,19 +24,61 @@ in { shell = pkgs.zsh; }; + # Needed for gtk + programs.dconf.enable = true; + + # TODO age.secrets = mapAttrs user.hmConfig.cfg.age.secrets users + age.secrets.my-gpg-pubkey-yubikey = { + rekeyFile = ./yubikey.gpg.age; + group = myuser; + mode = "640"; + }; + + # TODO numlock default on in sway and kernel console + # TODO make dataset for safe/persist/ and automount it + # TODO modularized based on hmConfig + environment.persistence."/state".users.${myuser}.directories = + mkUserDirs + [ + ".cache/fontconfig" + ".cache/mozilla" + ".cache/nix" # nix eval cache + ".cache/nix-index" + ".cache/nvidia" # GLCache + ".cache/nvim" + ".local/share/nvim" + ".local/state/direnv" + ".local/state/nix" + ".local/state/nvim" + ".local/state/wireplumber" + "Downloads" + ]; + + environment.persistence."/persist".users.${myuser}.directories = + mkUserDirs + [ + ".mozilla" + ".config/discord" # Bad Discord! BAD! Saves state in ,config tststs + ".config/Signal" # L take, electron. + ".local/share/atuin" + ".local/share/nix" # Repl history + "projects" + ]; + home-manager.users.${myuser} = { imports = [ - #impermanence.home-manager.impermanence ../common + ./graphical + ./dev.nix ./gpg.nix ./ssh.nix ]; home = { - inherit (config.system) stateVersion; inherit (config.users.users.${myuser}) uid; username = config.users.users.${myuser}.name; + # TODO this shall be moved! shellAliases = { p = "cd ~/projects"; zf = "zathura --fork"; diff --git a/users/myuser/gpg.nix b/users/myuser/gpg.nix index b0e2b18..51f7ef0 100644 --- a/users/myuser/gpg.nix +++ b/users/myuser/gpg.nix @@ -1,7 +1,17 @@ -{lib, ...}: { +{ + lib, + nixosConfig, + ... +}: { programs.gpg = { enable = true; scdaemonSettings.disable-ccid = true; + publicKeys = [ + { + source = nixosConfig.age.secrets.my-gpg-pubkey-yubikey.path; + trust = 5; + } + ]; settings = { # https://github.com/drduh/config/blob/master/gpg.conf # https://www.gnupg.org/documentation/manuals/gnupg/GPG-Configuration-Options.html @@ -47,29 +57,7 @@ use-agent = true; # Disable recipient key ID in messages throw-keyids = true; - # Default/trusted key ID to use (helpful with throw-keyids) - #default-key 0xFF3E7D88647EBCDB - #trusted-key 0xFF3E7D88647EBCDB - # Group recipient keys (preferred ID last) - #group keygroup = 0xFF00000000000001 0xFF00000000000002 0xFF3E7D88647EBCDB - # Keyserver URL - #keyserver hkps://keys.openpgp.org - #keyserver hkps://keyserver.ubuntu.com:443 - #keyserver hkps://hkps.pool.sks-keyservers.net - #keyserver hkps://pgp.ocf.berkeley.edu - # Proxy to use for keyservers - #keyserver-options http-proxy=socks5-hostname://127.0.0.1:9050 - # Verbose output - #verbose - # Show expired subkeys - #list-options show-unusable-subkeys }; - # TODO publicKeys = [ - # TODO { - # TODO source = ./yubikey.gpg; - # TODO trust = 5; - # TODO } - # TODO ]; }; services.gpg-agent = { enable = true; diff --git a/users/myuser/yubikey.gpg.age b/users/myuser/yubikey.gpg.age new file mode 100644 index 0000000..d2c3b89 Binary files /dev/null and b/users/myuser/yubikey.gpg.age differ