DerGrumpf/cyper-nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added Github Private key; Added SSH Config

Browse Source
This commit is contained in:
DerGrumpf
2026-04-05 21:03:42 +02:00
parent 8d85687dce
commit d1b35c5abc
8 changed files with 108 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
darwin/default.nix
View File

@@ -1,10 +1,24 @@
{ pkgs, inputs, self, primaryUser, ... }: { {
imports = [ ./homebrew.nix ./settings.nix ./yabai.nix ]; pkgs,
inputs,
self,
primaryUser,
...
}:
{
imports = [
./homebrew.nix
./settings.nix
./yabai.nix
];
# nix config # nix config
nix = { nix = {
settings = { settings = {
experimental-features = [ "nix-command" "flakes" ]; experimental-features = [
"nix-command"
"flakes"
];
max-jobs = "auto"; # Use all CPU cores max-jobs = "auto"; # Use all CPU cores
cores = 0; # Use all cores per build cores = 0; # Use all cores per build
# disabled due to https://github.com/NixOS/nix/issues/7273 # disabled due to https://github.com/NixOS/nix/issues/7273
@@ -15,12 +29,14 @@
# Garbage collection # Garbage collection
gc = { gc = {
automatic = true; automatic = true;
interval = { Weekday = 7; }; # Run weekly interval = {
Weekday = 7;
}; # Run weekly
options = "--delete-older-than 30d"; options = "--delete-older-than 30d";
}; };
}; };
# Disable Docs # Disable Docs
documentation = { documentation = {
enable = true; enable = true;
doc.enable = false; # Skip large documentation doc.enable = false; # Skip large documentation
@@ -28,7 +44,9 @@
info.enable = false; # Skip info pages info.enable = false; # Skip info pages
}; };
nixpkgs.config = { allowUnfree = true; }; nixpkgs.config = {
allowUnfree = true;
};
# homebrew installation manager # homebrew installation manager
nix-homebrew = { nix-homebrew = {
user = primaryUser; user = primaryUser;
@@ -43,6 +61,7 @@
users.users.${primaryUser} = { users.users.${primaryUser} = {
home = "/Users/${primaryUser}"; home = "/Users/${primaryUser}";
shell = pkgs.fish; shell = pkgs.fish;
openssh.authorizedKeys.keyFiles = [ ../secrets/ssh-key ];
}; };
environment = { environment = {
systemPath = [ "/opt/homebrew/bin" ]; systemPath = [ "/opt/homebrew/bin" ];

33
home/default.nix
View File

@@ -1,4 +1,13 @@
{ config, primaryUser, inputs, self, lib, isDarwin, ... }: { {
config,
primaryUser,
inputs,
self,
lib,
isDarwin,
...
}:
{
imports = [ imports = [
./packages.nix ./packages.nix
./git.nix ./git.nix
@@ -11,7 +20,9 @@
./floorp.nix ./floorp.nix
./obsidian.nix ./obsidian.nix
inputs.sops-nix.homeManagerModules.sops inputs.sops-nix.homeManagerModules.sops
] ++ lib.optionals (!isDarwin) [ ./desktop ] ++ lib.optionals isDarwin [ ]
++ lib.optionals (!isDarwin) [ ./desktop ]
++ lib.optionals isDarwin [
./desktop/sketchybar ./desktop/sketchybar
inputs.catppuccin.homeModules.catppuccin inputs.catppuccin.homeModules.catppuccin
]; ];
@@ -97,19 +108,21 @@
sops = { sops = {
defaultSopsFile = ../secrets/secrets.yaml; defaultSopsFile = ../secrets/secrets.yaml;
defaultSopsFormat = "yaml"; defaultSopsFormat = "yaml";
age.keyFile = if isDarwin then age.keyFile =
"/Users/${primaryUser}/.config/nix/secrets/keys.txt" if isDarwin then
else "/Users/${primaryUser}/.config/nix/secrets/keys.txt"
"/home/${primaryUser}/.config/nix/secrets/keys.txt"; else
"/home/${primaryUser}/.config/nix/secrets/keys.txt";
secrets = { secrets = {
GROQ_API_KEY = { }; GROQ_API_KEY = { };
OPENWEATHER_API_KEY = { }; OPENWEATHER_API_KEY = { };
ssh_private_key = { ssh_private_key = {
path = if isDarwin then path = if isDarwin then "/Users/${primaryUser}/.ssh/ssh" else "/home/${primaryUser}/.ssh/ssh";
"/Users/${primaryUser}/.ssh/ssh" mode = "0600";
else };
"/home/${primaryUser}/.ssh/ssh"; ssh_github_key = {
path = if isDarwin then "/Users/${primaryUser}/.ssh/github" else "/home/${primaryUser}/.ssh/github";
mode = "0600"; mode = "0600";
}; };
}; };

31
home/git.nix
View File

@@ -1,13 +1,25 @@
{ primaryUser, pkgs, ... }: { {
primaryUser,
pkgs,
...
}:
{
home.packages = with pkgs; [ gh gnupg ]; home.packages = with pkgs; [
gh
gnupg
];
programs = { programs = {
git = { git = {
enable = true; enable = true;
settings = { settings = {
github = { user = primaryUser; }; github = {
init = { defaultBranch = "main"; }; user = primaryUser;
};
init = {
defaultBranch = "main";
};
user = { user = {
name = "DerGrumpf"; # TODO replace name = "DerGrumpf"; # TODO replace
email = "phil.keier@hotmail.com"; # TODO replace email = "phil.keier@hotmail.com"; # TODO replace
@@ -15,8 +27,15 @@
}; };
lfs.enable = true; lfs.enable = true;
ignores = [ "**/.DS_STORE" "result" ]; ignores = [
"**/.DS_STORE"
"result"
];
}; };
lazygit = { enable = true; };
lazygit = {
enable = true;
};
}; };
} }

13
home/packages.nix
View File

@@ -1,6 +1,8 @@
{ pkgs, lib, ... }: { { pkgs, lib, ... }:
{
home = { home = {
packages = with pkgs; packages =
with pkgs;
[ [
# dev tools # dev tools
curl curl
@@ -29,10 +31,12 @@
zstd zstd
gnutar gnutar
unrar unrar
sops
# Nix tools # Nix tools
nix-index nix-index
] ++ lib.optionals (!pkgs.stdenv.isDarwin) [ ]
++ lib.optionals (!pkgs.stdenv.isDarwin) [
# dev tools # dev tools
pciutils pciutils
usbutils usbutils
@@ -60,6 +64,7 @@
xonotic xonotic
irssi irssi
blender blender
] ++ lib.optionals pkgs.stdenv.isDarwin [ graphite-cli ]; ]
++ lib.optionals pkgs.stdenv.isDarwin [ graphite-cli ];
}; };
} }

18
home/ssh.nix Normal file
View File

@@ -0,0 +1,18 @@
{ primaryUser, isDarwin, ... }:
{
ssh = {
enable = true;
matchBlock = {
"*.cyperpunk.de" = {
identityFile =
if isDarwin then "/Users/${primaryUser}/.ssh/ssh" else "/home/${primaryUser}/.ssh/ssh";
user = primaryUser;
};
"github.com" = {
identityFile =
if isDarwin then "/Users/${primaryUser}/.ssh/github" else "/home/${primaryUser}/.ssh/github";
user = "git";
};
};
};
}

4
nixos/ssh.nix
View File

@@ -1,5 +1,4 @@
{ ... }: _: {
{
services.openssh = { services.openssh = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
@@ -7,6 +6,7 @@
PasswordAuthentication = false; PasswordAuthentication = false;
PermitRootLogin = "no"; PermitRootLogin = "no";
}; };
authorizedKeys.keyFiles = [ ../secrets/ssh-key ];
}; };
programs.ssh.startAgent = true; programs.ssh.startAgent = true;

7
secrets/secrets.yaml
View File

@@ -1,6 +1,7 @@
GROQ_API_KEY: ENC[AES256_GCM,data:OyuC4jfw67sCDa0XBGr78S6pzPV1ruy7KiIqPMgWWcOCVm3Y/khXEYPMjUTGrq9YLOw1MLso0OE=,iv:0y9klMYVtGsqAaLc2JidjZYSLhhbcbWbnBf8sZiC3rM=,tag:r6G2pzZn2d9JIaS+ozKnmg==,type:str] GROQ_API_KEY: ENC[AES256_GCM,data:OyuC4jfw67sCDa0XBGr78S6pzPV1ruy7KiIqPMgWWcOCVm3Y/khXEYPMjUTGrq9YLOw1MLso0OE=,iv:0y9klMYVtGsqAaLc2JidjZYSLhhbcbWbnBf8sZiC3rM=,tag:r6G2pzZn2d9JIaS+ozKnmg==,type:str]
OPENWEATHER_API_KEY: ENC[AES256_GCM,data:bcuLz70u40nZfNgPTaeNRXdR/zjx0SQjwMbMNNFqROI=,iv:VCzse1a1/k1ZDIpFPL1QhjuS6YaDyohWi61JZaoc0Ws=,tag:UJSNyniNNLfGGRY/uiJcRA==,type:str] OPENWEATHER_API_KEY: ENC[AES256_GCM,data:bcuLz70u40nZfNgPTaeNRXdR/zjx0SQjwMbMNNFqROI=,iv:VCzse1a1/k1ZDIpFPL1QhjuS6YaDyohWi61JZaoc0Ws=,tag:UJSNyniNNLfGGRY/uiJcRA==,type:str]
ssh_private_key: ENC[AES256_GCM,data:R511mVFVk1ogAd5CKk/2P6rtT4NnHIFfKyqeCen545QgcvDqDFmW0rFBmPJyipaya2srJNoWvKJbnvxWtTYeJh2tPAybRMoUicStIFMUn3FPNfjx/WuQFLhKLoU3UOHHPJnkFqkQ9MBqLq2k5K7MVsNNFTxIDCKS1jPgkTmAWjRZ0EFiRXLa+Gvnz3GP5ltgfjDwdPeb5xp0/AqKPD8jea9w5ClR6ckrRHCLsfXhL2e9IaF4B96JlIv4rICLX3HmeIgM2PKl2MnSt8we5z39bBoLSA0yWG6BvpiMBaFqbo7jeHf1SxI6R404/emHhwW3pwSCDrq2ZE1ATG2UmA5NssFcVuaBPBoQer+n5haVYMNpNUp6rtKZeAIbf5JEOXJ6CJqiInfnnzOMNGhGFkGUYkhsy3p6Ti/lmNMPX/xtY+8ZqMwXf5drssm5KgnQ5nDbVqnTWAhoT/D3t+cJVAaXGTGw88fU0X95dZr8vaL/5nBCj1uUdv5cRBJ8PGhqbBX8PoiXrtGooBGhxf6nHbxIneSzG1++MZGo3e1G,iv:D1lgCnZKm3Gyv6cZpQ7zGW7JXN5RCwoaas+LroTkhPc=,tag:WI6Nr1cX8gm5pjFpu/Ok0w==,type:str] ssh_private_key: ENC[AES256_GCM,data:R511mVFVk1ogAd5CKk/2P6rtT4NnHIFfKyqeCen545QgcvDqDFmW0rFBmPJyipaya2srJNoWvKJbnvxWtTYeJh2tPAybRMoUicStIFMUn3FPNfjx/WuQFLhKLoU3UOHHPJnkFqkQ9MBqLq2k5K7MVsNNFTxIDCKS1jPgkTmAWjRZ0EFiRXLa+Gvnz3GP5ltgfjDwdPeb5xp0/AqKPD8jea9w5ClR6ckrRHCLsfXhL2e9IaF4B96JlIv4rICLX3HmeIgM2PKl2MnSt8we5z39bBoLSA0yWG6BvpiMBaFqbo7jeHf1SxI6R404/emHhwW3pwSCDrq2ZE1ATG2UmA5NssFcVuaBPBoQer+n5haVYMNpNUp6rtKZeAIbf5JEOXJ6CJqiInfnnzOMNGhGFkGUYkhsy3p6Ti/lmNMPX/xtY+8ZqMwXf5drssm5KgnQ5nDbVqnTWAhoT/D3t+cJVAaXGTGw88fU0X95dZr8vaL/5nBCj1uUdv5cRBJ8PGhqbBX8PoiXrtGooBGhxf6nHbxIneSzG1++MZGo3e1G,iv:D1lgCnZKm3Gyv6cZpQ7zGW7JXN5RCwoaas+LroTkhPc=,tag:WI6Nr1cX8gm5pjFpu/Ok0w==,type:str]
ssh_github_key: ENC[AES256_GCM,data:vZAH4cRDsgGXLAppQKOyUPOvmBJZ27bujMGz4hQ8tt0xhGFUP28llwGZz/VRuU02Yv4alLgVWBAIPuyhZT9f35KnjIR1Mmb7HXk/6oaNM59/lBiISLrnOpC10WmJ9O5krKdxwP8ZDvHA34B0s+oYNkTNXiU0S8AVg3icploax7ylKH5Dorj53kjdYSTjd8KN6ZsgCKmcz97+GnP0IgdmauyNL7e+kv9WIfE8Xx1kGvC8WVnidX2YhSxm6vt8l60eUj9etRigU88oFYTDZ+mIf4lucSpzaLZutz2fM/16D/o9SS7mmTrEllj2S+IXc9ZZTRKKDLbW+yv0XUi0XZi+OHAdZScjS54NZKyT9uWrc/IDJHammGsoHRQpHZtbGhkeFi/KdJsYBsWItslXjM0xJVtFIM2tMnd10kv9UGuXsSl9J4NC0rpz3aXnQqG4ZAhMjN9D/DTJpB4K0pcFyd2FDWdrbKq5iPfnU/V6ecnHPML6wCt6gua/LdK1MWoG3l2SqwMLYj1r7UW5fQZqSw1EK0BAtp9cQMLBL/2w8ykMfWpLekE=,iv:gcinU7xOoXQkFVkLNB3sQYHAcZy3pZN+bDRIq4sspys=,tag:yawgAHBKIkGpnKPHsRId4g==,type:str]
sops: sops:
age: age:
- recipient: age10pyhca0jy75wtqv5hrn0gf0jcam5272zx9h73a8xwwaxyfq89c0qs5dr9t - recipient: age10pyhca0jy75wtqv5hrn0gf0jcam5272zx9h73a8xwwaxyfq89c0qs5dr9t
@@ -12,7 +13,7 @@ sops:
N3I5dzUwc3JtYzczMUhyT04vSHlZamMKT+FzYcDLmlEFYxm/XoBpJb8XaZzBH1v9 N3I5dzUwc3JtYzczMUhyT04vSHlZamMKT+FzYcDLmlEFYxm/XoBpJb8XaZzBH1v9
6fuez+zApathZfl14w41kAUojPWBznnxDqYtNvzVVLXwnpp3BMx+7w== 6fuez+zApathZfl14w41kAUojPWBznnxDqYtNvzVVLXwnpp3BMx+7w==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2026-03-27T10:23:01Z" lastmodified: "2026-04-05T18:43:43Z"
mac: ENC[AES256_GCM,data:mRI5VLjUDMhRpR5fmN6MMxaJdbXuMBNcXFX7ItDe1U3H3px+4k0hxhx/anO+VX+Qq4i9kTrqEVkkRY4rzQBEqZaSIlGgzpj4nwdC8469/PBVUCqZ6X47pc+TfG6PP8Iv9nyN+zk4whS+O6c2ZTGVQ+Cok+KIa6r5tlNu/3r85u0=,iv:eK/TDEJctNiMp1eW4b605bvvNHAqBBf6Ybgdg4jQyR4=,tag:D4oW5lTBd1z8Ey0EKhTvmQ==,type:str] mac: ENC[AES256_GCM,data:iWEd+beMs10MBc8v7EPo3W2uPKsWtlgePsq195T6FpYjNP5BMfW4p6yo2HG2VEzSFWoi16HR1aB+oUUGSSlctaurjCifGsKyB4rKSk5gAyin9G7qTJ1KPC1SZfTVlj75RLyV9r/wtEGd4Arom2UiYk0A2NWWdKx+CUGgESQyt0c=,iv:6sb0ejM5Y9iFSr2MtoV94tvFu0Hrt/5aiEoNKBqQKr8=,tag:6lmkvQQFzItR91x0Yuj1aA==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.11.0 version: 3.12.2

2
secrets/ssh-github Normal file
View File

@@ -0,0 +1,2 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIInrZgSE/iECNt+SrzmFXU32QdAeNplV1sax5c94gstr p.keier@beyerstedt-it.de