diff options
Diffstat (limited to 'home/environ')
| -rw-r--r-- | home/environ/default.nix | 17 | ||||
| -rw-r--r-- | home/environ/gpg.nix | 37 | ||||
| -rw-r--r-- | home/environ/pass.nix | 34 | ||||
| -rw-r--r-- | home/environ/path.nix | 52 | ||||
| -rw-r--r-- | home/environ/source.nix | 27 | ||||
| -rw-r--r-- | home/environ/ssh-match.nix | 1 | ||||
| -rw-r--r-- | home/environ/ssh.nix | 27 | ||||
| -rw-r--r-- | home/environ/tmux.nix | 45 | ||||
| -rw-r--r-- | home/environ/units.nix | 37 | ||||
| -rw-r--r-- | home/environ/vtmp.nix | 99 |
10 files changed, 376 insertions, 0 deletions
diff --git a/home/environ/default.nix b/home/environ/default.nix new file mode 100644 index 0000000..fcd4dd0 --- /dev/null +++ b/home/environ/default.nix @@ -0,0 +1,17 @@ +{lib, ...}: +with lib; { + imports = [ + ./gpg.nix + ./pass.nix + ./path.nix + ./source.nix + ./ssh.nix + ./tmux.nix + ./units.nix + ./vtmp.nix + ]; + + options.local.environ = { + enable = mkEnableOption "local environment"; + }; +} diff --git a/home/environ/gpg.nix b/home/environ/gpg.nix new file mode 100644 index 0000000..a8173b7 --- /dev/null +++ b/home/environ/gpg.nix @@ -0,0 +1,37 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.local.environ; +in { + config = mkIf cfg.enable { + programs.gpg = { + enable = true; + scdaemonSettings.disable-ccid = true; + }; + + services.gpg-agent = { + enable = true; + + enableBashIntegration = true; + enableZshIntegration = true; + + enableExtraSocket = true; + enableSshSupport = true; + + defaultCacheTtl = 3600 * 3; + defaultCacheTtlSsh = 3600 * 3; + + maxCacheTtl = 3600 * 6; + maxCacheTtlSsh = 3600 * 6; + + pinentry = { + package = pkgs.pinentry-gtk2; + program = "pinentry-gtk-2"; + }; + }; + }; +} diff --git a/home/environ/pass.nix b/home/environ/pass.nix new file mode 100644 index 0000000..ad071f3 --- /dev/null +++ b/home/environ/pass.nix @@ -0,0 +1,34 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.local.environ; +in { + config = mkIf cfg.enable { + programs.password-store = { + enable = true; + package = pkgs.pass.withExtensions (exts: + (with exts; [ + pass-audit + pass-genphrase + pass-import + pass-otp + pass-tomb + pass-update + ]) + ++ [ + pkgs.local.pass-bcr + pkgs.local.pass-tail + ]); + + settings = { + PASSWORD_STORE_DIR = "${config.home.homeDirectory}/pass"; + PASSWORD_STORE_TOMB_KEY = "${config.home.homeDirectory}/tomb/pass.key.gpg"; + PASSWORD_STORE_TOMB_FILE = "${config.home.homeDirectory}/tomb/pass.tomb"; + }; + }; + }; +} diff --git a/home/environ/path.nix b/home/environ/path.nix new file mode 100644 index 0000000..39c56ce --- /dev/null +++ b/home/environ/path.nix @@ -0,0 +1,52 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.local.environ; + + py = pkgs.python3Packages; +in { + config = mkIf cfg.enable { + home.packages = [ + pkgs.calc + pkgs.cloc + pkgs.diceware + pkgs.gcc + pkgs.gnome-screenshot + (pkgs.gajim.overrideAttrs (super: {buildInputs = super.buildInputs ++ [pkgs.gsound];})) + pkgs.gnucash + pkgs.gruvbox-dark-icons-gtk + pkgs.nerd-fonts.hack + pkgs.imagemagick + py.ipython + pkgs.jq + pkgs.libreoffice-fresh + pkgs.loupe # 'gpicview' has been removed due to lack of maintenance upstream + pkgs.lsof + pkgs.mosh + pkgs.mpv + pkgs.kdePackages.okular + pkgs.pavucontrol + pkgs.pciutils + py.python + pkgs.pv + pkgs.rustup + pkgs.local.scripts + pkgs.local.st + pkgs.telegram-desktop + pkgs.local.tmux-lift + pkgs.tomb + pkgs.units + pkgs.usbutils + pkgs.waypipe + pkgs.wl-clipboard + pkgs.xsel + pkgs.xournalpp + pkgs.yubikey-manager + pkgs.zoom-us + ]; + }; +} diff --git a/home/environ/source.nix b/home/environ/source.nix new file mode 100644 index 0000000..57b990e --- /dev/null +++ b/home/environ/source.nix @@ -0,0 +1,27 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.local.environ; + + py = pkgs.python3Packages; +in { + config = mkIf cfg.enable { + nix.registry."system".to = { + type = "path"; + path = "${config.home.homeDirectory}/nix"; + }; + + programs = { + git.signing.signByDefault = true; + home-manager.enable = true; + }; + + xdg.configFile."home-manager" = { + source = config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nix"; + }; + }; +} diff --git a/home/environ/ssh-match.nix b/home/environ/ssh-match.nix new file mode 100644 index 0000000..1bb3788 --- /dev/null +++ b/home/environ/ssh-match.nix @@ -0,0 +1 @@ +# This file has been lustrated. diff --git a/home/environ/ssh.nix b/home/environ/ssh.nix new file mode 100644 index 0000000..d363baf --- /dev/null +++ b/home/environ/ssh.nix @@ -0,0 +1,27 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.local.environ; +in { + config = mkIf cfg.enable { + programs.ssh = { + enable = true; + + compression = true; + controlMaster = "auto"; + controlPath = "/run/user/%i/ssh/master-%r@%n:%p"; + + extraOptionOverrides.AddKeysToAgent = "true"; + + matchBlocks = import ./ssh-match.nix; + }; + + systemd.user.tmpfiles.rules = [ + "d %t/ssh 0700" + ]; + }; +} diff --git a/home/environ/tmux.nix b/home/environ/tmux.nix new file mode 100644 index 0000000..8d7b96f --- /dev/null +++ b/home/environ/tmux.nix @@ -0,0 +1,45 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.local.environ; +in { + options.local.environ.tmuxPass = { + enable = mkEnableOption "tmux-pass plugin"; + }; + + config = mkIf cfg.enable { + programs.tmux = { + enable = true; + aggressiveResize = true; + clock24 = true; + escapeTime = 10; + terminal = "xterm-256color"; + keyMode = "vi"; + + plugins = optional cfg.tmuxPass.enable { + plugin = pkgs.local.tmux-pass; + extraConfig = '' + set -g @pass-key BSpace + set -g @pass-copy-to-clipboard on + set -g @pass-window-size 15 + set -g @pass-hide-pw-from-preview 'on' + set -g @pass-hide-preview on + ''; + }; + + extraConfig = '' + set -g mouse on + set -ga update-environment " LIFT_PID" + set -g set-titles on + set -g renumber-windows on + set -sa terminal-overrides ',xterm-termite:RGB' + set -g status-right "#{?window_bigger,[#{window_offset_x}#,#{window_offset_y}] ,} %H:%M %d-%b-%y" + bind-key X set-window-option synchronize-panes\; display-message "synchronize-panes is now #{?pane_synchronized,on,off}" + ''; + }; + }; +} diff --git a/home/environ/units.nix b/home/environ/units.nix new file mode 100644 index 0000000..ae4e680 --- /dev/null +++ b/home/environ/units.nix @@ -0,0 +1,37 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.local.environ; +in { + config = mkIf cfg.enable { + systemd.user = { + timers = { + units-cur = { + Install.WantedBy = ["timers.target"]; + Timer.OnCalendar = "daily"; + Unit.Description = "Update currency information for 'units'"; + }; + }; + + services = { + units-cur = { + Unit.Description = "Update currency information for 'units'"; + + Service = { + Type = "exec"; + ExecStart = "${pkgs.units}/bin/units_cur .units"; + }; + }; + }; + }; + + home.file = { + #TODO: .calc_history + ".units_history".source = config.lib.file.mkOutOfStoreSymlink "/dev/null"; + }; + }; +} diff --git a/home/environ/vtmp.nix b/home/environ/vtmp.nix new file mode 100644 index 0000000..e15778d --- /dev/null +++ b/home/environ/vtmp.nix @@ -0,0 +1,99 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.local.environ; + + vtmp-sync = pkgs.writeShellScript "vtmp-sync" '' + if [ $# -ne 3 ]; then + echo "usage: $0 <remote hostname> <local hostname> <boot id>" >&2 + exit 1 + fi + + local="$2" + remote="$1" + boot_id="$(echo "$3" | ${pkgs.coreutils}/bin/head -c8)" + + rsync="${lib.getExe pkgs.rsync}" + + cd "$HOME/vtmp" + mkdir -p "$remote" + + declare -a rsync_opts + rsync_opts+=("-glprtxz") + rsync_opts+=("--open-noatime") + rsync_opts+=("--preallocate") + rsync_opts+=("--max-size=1G") + rsync_opts+=("--rsh=${lib.getExe pkgs.openssh} -o BatchMode=yes") + rsync_opts+=("--log-file=$remote/.rsync.log") + rsync_opts+=("--filter=- /$local.$boot_id/") + rsync_opts+=("--filter=- /$remote/") + + # Push to $remote from $local + "$rsync" "''${rsync_opts[@]}" -- ./ "$remote:vtmp/$local.$boot_id/" + + # Pull from $remote to $local + "$rsync" "''${rsync_opts[@]}" -- "$remote:vtmp/" "./$remote/" + ''; +in { + options.local.environ = { + vtmpSyncHost = mkOption { + type = with lib.types; nullOr str; + default = null; + }; + }; + + config = mkMerge [ + (mkIf cfg.enable { + systemd.user.tmpfiles.rules = [ + "d %t/vtmp 0700" + ]; + + home.file = { + "vtmp".source = config.lib.file.mkOutOfStoreSymlink "/run/user/${toString config.local.uid}/vtmp"; + }; + + gtk.gtk3.bookmarks = [ + "file://${config.home.homeDirectory}/vtmp" + "file://${config.home.homeDirectory}/tmp" + ]; + }) + (mkIf (cfg.enable && cfg.vtmpSyncHost != null) { + programs.ssh = { + extraOptionOverrides.PermitLocalCommand = "yes"; + + matchBlocks.${cfg.vtmpSyncHost}.extraOptions.LocalCommand = + "systemctl --user import-environment SSH_AUTH_SOCK; " + + "systemctl --user start vtmp-sync.timer"; + }; + + systemd.user = { + targets.vtmp-sync-failure = { + Unit = { + Conflicts = ["vtmp-sync.timer"]; + }; + }; + + services.vtmp-sync = { + Unit = { + OnFailure = ["vtmp-sync-failure.target"]; + }; + + Service = { + ExecStart = "${vtmp-sync} ${cfg.vtmpSyncHost} %l %b"; + }; + }; + + timers.vtmp-sync = { + Timer = { + OnActiveSec = "15s"; + OnUnitInactiveSec = "1h"; + }; + }; + }; + }) + ]; +} |