From a018670eaea5254b8a17a9dfbdd5cc9809ee9625 Mon Sep 17 00:00:00 2001 From: Henri Dohmen Date: Mon, 14 Jul 2025 21:55:44 +0200 Subject: [PATCH] git signing --- common/shell.nix | 6 +++--- desktop/software/default.nix | 25 ++++++++++++++++++++++++- host/roam/default.nix | 1 + host/roam/git.nix | 13 +++++++++++++ host/roam/services.nix | 32 ++++++++++++++++++++++++++++---- 5 files changed, 69 insertions(+), 8 deletions(-) create mode 100644 host/roam/git.nix diff --git a/common/shell.nix b/common/shell.nix index 8ccc850..2027afa 100644 --- a/common/shell.nix +++ b/common/shell.nix @@ -6,16 +6,16 @@ ]; environment.systemPackages = with pkgs; [ + colmena + dnsutils docker-compose fd htop killall ripgrep + unison unzip wget - colmena - unison - dnsutils ]; programs = { diff --git a/desktop/software/default.nix b/desktop/software/default.nix index f8b5954..6250307 100644 --- a/desktop/software/default.nix +++ b/desktop/software/default.nix @@ -44,7 +44,6 @@ in programs = { firefox.enable = true; - git.enable = true; kdeconnect.enable = true; }; @@ -57,6 +56,30 @@ in withExternalGnupg = true; }; }; + programs.git = { + enable = true; + signing = { + signByDefault = true; + signer = "openpgp"; + key = "AB79213B044674AE"; + }; + userName = "Henri Dohmen"; + userEmail = "henridohmen@posteo.com"; + extraConfig = { + color.ui = "auto"; + column.ui = "auto"; + branch.sort = "-committerdate"; + alias = { + staash = "stash --all"; + }; + core = { + editor = "nvim"; + autocrlf = "input"; + }; + init.defaultBranch = "main"; + credential.helper = "libsecret"; + }; + }; }; # Some excludes diff --git a/host/roam/default.nix b/host/roam/default.nix index 51eb2de..0cd2475 100644 --- a/host/roam/default.nix +++ b/host/roam/default.nix @@ -3,6 +3,7 @@ networking.hostName = "roam"; imports = [ + ./git.nix ./hardware-configuration.nix ./networking.nix ./services.nix diff --git a/host/roam/git.nix b/host/roam/git.nix new file mode 100644 index 0000000..c10f3bf --- /dev/null +++ b/host/roam/git.nix @@ -0,0 +1,13 @@ +{ pkgs, var, ... }: +{ + programs.git.enable = true; + users.groups.git = { }; + users.users.git = { + isSystemUser = true; + home = "/git"; + createHome = true; + group = "git"; + shell = "${pkgs.git}/bin/git-shell"; + openssh.authorizedKeys.keys = var.ssh-keys.unprivileged; + }; +} diff --git a/host/roam/services.nix b/host/roam/services.nix index ea5ca67..b1b7fda 100644 --- a/host/roam/services.nix +++ b/host/roam/services.nix @@ -1,7 +1,9 @@ -{ var, config, ... }: -let - headscale-domain = "headscale.hdohmen.de"; -in +{ + var, + config, + pkgs, + ... +}: { services = { nginx = { @@ -34,4 +36,26 @@ in 443 ]; }; + + systemd = { + timers."backup-rclone" = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = "daily"; + Persistent = true; + Unit = "backup-rclone.service"; + }; + }; + services."backup-rclone" = { + script = '' + ${pkgs.rclone}/bin/rclone copy /home/hd/Documents odc:Documents + ${pkgs.rclone}/bin/rclone copy /git odc:git + ''; + path = [ pkgs.rclone ]; + serviceConfig = { + Type = "oneshot"; + User = "root"; + }; + }; + }; }