diff options
| -rw-r--r-- | home/mun/programs/git.nix | 11 | ||||
| -rw-r--r-- | home/mun/programs/zsh.nix | 8 | ||||
| -rw-r--r-- | system/encryption.nix | 79 | ||||
| -rw-r--r-- | system/packages.nix | 2 |
4 files changed, 60 insertions, 40 deletions
diff --git a/home/mun/programs/git.nix b/home/mun/programs/git.nix index a716b80..3e2e0a4 100644 --- a/home/mun/programs/git.nix +++ b/home/mun/programs/git.nix @@ -1,9 +1,14 @@ {...}: { programs.git = { enable = true; - settings.user = { - name = "mun"; - email = "natasha@256phi.eu"; + settings = { + user = { + name = "Natasha Moongrave"; + email = "natasha@256phi.eu"; + signingKey = "2A842249816B698B!"; + }; + commit.gpgSign = true; + gpg.program = "gpg"; }; }; } diff --git a/home/mun/programs/zsh.nix b/home/mun/programs/zsh.nix index 9953550..816ea1b 100644 --- a/home/mun/programs/zsh.nix +++ b/home/mun/programs/zsh.nix @@ -19,10 +19,14 @@ initContent = '' fastfetch --config examples/9.jsonc + export GPG_TTY=$(tty) + SSH_AUTH_SOCK=/run/user/1000/ssh-agent.socket ''; - + }; + programs.bash = { initExtra = '' - export SSH_AUTH_SOCK=/run/user/1000/ssh-agent.socket + export GPG_TTY=$(tty) + SSH_AUTH_SOCK=/run/user/1000/ssh-agent.socket ''; }; } diff --git a/system/encryption.nix b/system/encryption.nix index 111f5ef..69de31b 100644 --- a/system/encryption.nix +++ b/system/encryption.nix @@ -2,48 +2,57 @@ # The encrypted USB is NOT part of boot anymore # We do NOT use crypttab or systemd-cryptsetup units at all + systemd.tmpfiles.rules = [ + "d /mnt/ssh-keys 0755 root root -" + "d /mnt/nixos-config 0755 root root -" + "d /mnt/storage 0755 root root -" + "d /mnt/tools 0755 root root -" + "d /mnt/isos 0755 root root -" + ]; + environment.systemPackages = with pkgs; [ cryptsetup - # 🔓 Mount + unlock + load SSH key (writeShellScriptBin "keys-mount" '' - set -e - - DEVICE="/dev/disk/by-uuid/d5aa2823-2023-410b-a83e-a4f707db5f7c" - NAME="ssh-keys" - MNT="/mnt/ssh-keys" - - echo "🔐 Unlocking encrypted USB..." - sudo cryptsetup open "$DEVICE" "$NAME" - - echo "📂 Mounting..." - sudo mount "/dev/mapper/$NAME" "$MNT" - - echo "🔑 Adding SSH key..." - ssh-add "$MNT/poseidon" - ssh-add "$MNT/apollo" - - echo "✅ Done" + set -e + DEVICE="/dev/disk/by-uuid/d5aa2823-2023-410b-a83e-a4f707db5f7c" + NAME="ssh-keys" + MNT="/mnt/ssh-keys" + MNT_CONFIG="/mnt/nixos-config" + MNT_STORAGE="/mnt/storage" + MNT_TOOLS="/mnt/tools" + echo "🔐 Unlocking encrypted USB..." + sudo cryptsetup open "$DEVICE" "$NAME" + echo "📂 Mounting partitions..." + sudo mount "/dev/mapper/$NAME" "$MNT" + sudo mount -L nixos-config "$MNT_CONFIG" + sudo mount -L storage "$MNT_STORAGE" + sudo mount -L tools "$MNT_TOOLS" + echo "🔑 Adding SSH keys..." + ssh-add "$MNT/poseidon" + ssh-add "$MNT/apollo" + echo "🔑 Importing GPG key..." + gpg --import "$MNT/gpg-privkey.asc" + echo "✅ Done" '') - # 🔒 Clean unmount + lock (writeShellScriptBin "keys-umount" '' - set -e - - MNT="/mnt/ssh-keys" - NAME="ssh-keys" - - echo "🔑 Removing SSH key..." - ssh-add -d "$MNT/poseidon" 2>/dev/null || true - ssh-add -d "$MNT/apollo" 2>/dev/null || true - - echo "📤 Unmounting..." - sudo umount "$MNT" || true - - echo "🔒 Closing encrypted device..." - sudo cryptsetup close "$NAME" || true - - echo "✅ Done" + set -e + MNT="/mnt/ssh-keys" + NAME="ssh-keys" + echo "🔑 Removing SSH keys..." + ssh-add -d "$MNT/poseidon" 2>/dev/null || true + ssh-add -d "$MNT/apollo" 2>/dev/null || true + echo "🔑 Clearing GPG key..." + gpgconf --kill gpg-agent + echo "📤 Unmounting..." + sudo umount /mnt/nixos-config || true + sudo umount /mnt/storage || true + sudo umount /mnt/tools || true + sudo umount "$MNT" || true + echo "🔒 Closing encrypted device..." + sudo cryptsetup close "$NAME" || true + echo "✅ Done" '') ]; } diff --git a/system/packages.nix b/system/packages.nix index 95a7909..fcc194d 100644 --- a/system/packages.nix +++ b/system/packages.nix @@ -7,6 +7,8 @@ wget git lazygit + gnupg + pinentry-curses # CLI utilities tree |