youthlic/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

move some config to user level module

Browse source
This commit is contained in:
ulic-youthlic 2025-02-01 17:07:03 +08:00
parent 61fc53145c
commit b57832e13a
Signed by: youthlic
GPG key ID: 63E86C3C14A0D721
6 changed files with 78 additions and 91 deletions
Download patch file Download diff file Expand all files Collapse all files

45
home/david/configurations/Akun/default.nix
View file

@ -28,6 +28,7 @@
david = { david = {
wallpaper.enable = true; wallpaper.enable = true;
programs.openssh.enable = true;
}; };
xdg.userDirs = { xdg.userDirs = {
@ -85,27 +86,6 @@
just just
]; ];
programs.ssh = {
enable = true;
hashKnownHosts = true;
extraOptionOverrides = {
HostKeyAlgorithms = "ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256";
KexAlgorithms = "curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256";
MACs = "hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com";
Ciphers = "chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr";
};
matchBlocks = {
"github.com" = {
hostname = "ssh.github.com";
port = 443;
user = "git";
extraOptions = {
AddKeysToAgent = "yes";
};
};
};
includes = [ config.sops.secrets.ssh-config.path ];
};
programs.chromium = { programs.chromium = {
enable = true; enable = true;
commandLineArgs = [ commandLineArgs = [
@ -114,27 +94,4 @@
"--enable-features=UseOzonePlatform" "--enable-features=UseOzonePlatform"
]; ];
}; };
sops.secrets = {
"ssh-private-key/tytonidae" = {
mode = "0600";
path = "${config.home.homeDirectory}/.ssh/id_ed25519_tytonidae";
};
"ssh-private-key/akun" = {
mode = "0600";
path = "${config.home.homeDirectory}/.ssh/id_ed25519_akun";
};
"ssh-private-key/cape" = {
mode = "0600";
path = "${config.home.homeDirectory}/.ssh/id_ed25519_cape";
};
"ssh-private-key/deploy" = {
mode = "0600";
path = "${config.home.homeDirectory}/.ssh/id_ed25519_deploy";
};
"ssh-config" = {
mode = "0400";
format = "yaml";
sopsFile = rootPath + "/secrets/ssh-config.yaml";
};
};
} }

48
home/david/configurations/Tytonidae/default.nix
View file

@ -37,6 +37,7 @@
david = { david = {
wallpaper.enable = true; wallpaper.enable = true;
programs.openssh.enable = true;
}; };
xdg.userDirs = { xdg.userDirs = {
@ -92,27 +93,7 @@
viu viu
just just
]; ];
programs.ssh = {
enable = true;
hashKnownHosts = true;
extraOptionOverrides = {
HostKeyAlgorithms = "ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256";
KexAlgorithms = "curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256";
MACs = "hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com";
Ciphers = "chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr";
};
matchBlocks = {
"github.com" = {
hostname = "ssh.github.com";
port = 443;
user = "git";
extraOptions = {
AddKeysToAgent = "yes";
};
};
};
includes = [ config.sops.secrets.ssh-config.path ];
};
programs.chromium = { programs.chromium = {
enable = true; enable = true;
commandLineArgs = [ commandLineArgs = [
@ -127,29 +108,4 @@
uris = [ "qemu:///system" ]; uris = [ "qemu:///system" ];
}; };
}; };
sops.secrets = {
"ssh-private-key/tytonidae" = {
mode = "0600";
path = "${config.home.homeDirectory}/.ssh/id_ed25519_tytonidae";
};
"ssh-private-key/akun" = {
mode = "0600";
path = "${config.home.homeDirectory}/.ssh/id_ed25519_akun";
};
"ssh-private-key/cape" = {
mode = "0600";
path = "${config.home.homeDirectory}/.ssh/id_ed25519_cape";
};
"ssh-private-key/deploy" = {
mode = "0600";
path = "${config.home.homeDirectory}/.ssh/id_ed25519_deploy";
};
"ssh-config" = {
mode = "0400";
format = "yaml";
sopsFile = rootPath + "/secrets/ssh-config.yaml";
};
};
} }

3
home/david/modules/default.nix
View file

@ -1,7 +1,8 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
imports = [ imports = [
./wallpaper ./wallpaper.nix
./programs
]; ];
config = { config = {
home.packages = with pkgs; [ home.packages = with pkgs; [

6
home/david/modules/programs/default.nix Normal file
View file

@ -0,0 +1,6 @@
{ ... }:
{
imports = [
./openssh.nix
];
}

67
home/david/modules/programs/openssh.nix Normal file
View file

@ -0,0 +1,67 @@
{
rootPath,
config,
lib,
...
}:
let
cfg = config.david.programs.openssh;
in
{
options = {
david.programs.openssh = {
enable = lib.mkEnableOption "openssh";
};
};
config = lib.mkMerge [
(lib.mkIf cfg.enable {
programs.ssh = {
enable = true;
hashKnownHosts = true;
extraOptionOverrides = {
HostKeyAlgorithms = "ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256";
KexAlgorithms = "curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256";
MACs = "hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com";
Ciphers = "chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr";
};
matchBlocks = {
"github.com" = {
hostname = "ssh.github.com";
port = 443;
user = "git";
extraOptions = {
AddKeysToAgent = "yes";
};
};
};
};
})
(lib.mkIf (cfg.enable && config.youthlic.programs.sops.enable) {
programs.ssh.includes = [ config.sops.secrets.ssh-config.path ];
sops.secrets = {
"ssh-private-key/tytonidae" = {
mode = "0600";
path = "${config.home.homeDirectory}/.ssh/id_ed25519_tytonidae";
};
"ssh-private-key/akun" = {
mode = "0600";
path = "${config.home.homeDirectory}/.ssh/id_ed25519_akun";
};
"ssh-private-key/cape" = {
mode = "0600";
path = "${config.home.homeDirectory}/.ssh/id_ed25519_cape";
};
"ssh-private-key/deploy" = {
mode = "0600";
path = "${config.home.homeDirectory}/.ssh/id_ed25519_deploy";
};
"ssh-config" = {
mode = "0400";
format = "yaml";
sopsFile = rootPath + "/secrets/ssh-config.yaml";
};
};
})
];
}

0
home/david/modules/wallpaper/default.nix → home/david/modules/wallpaper.nix
View file