git signing

2025-07-14 21:55:44 +02:00 · 2025-07-14 21:55:44 +02:00 · a018670eae
commit a018670eae
parent fc85e43c82
5 changed files with 69 additions and 8 deletions
--- a/common/shell.nix
+++ b/common/shell.nix
@ -6,16 +6,16 @@
  ];

  environment.systemPackages = with pkgs; [
+    colmena
+    dnsutils
    docker-compose
    fd
    htop
    killall
    ripgrep
+    unison
    unzip
    wget
-    colmena
-    unison
-    dnsutils
  ];

  programs = {
--- a/desktop/software/default.nix
+++ b/desktop/software/default.nix
@ -44,7 +44,6 @@ in

    programs = {
      firefox.enable = true;
-      git.enable = true;
      kdeconnect.enable = true;
    };

@ -57,6 +56,30 @@ in
          withExternalGnupg = true;
        };
      };
+      programs.git = {
+        enable = true;
+        signing = {
+          signByDefault = true;
+          signer = "openpgp";
+          key = "AB79213B044674AE";
+        };
+        userName = "Henri Dohmen";
+        userEmail = "henridohmen@posteo.com";
+        extraConfig = {
+          color.ui = "auto";
+          column.ui = "auto";
+          branch.sort = "-committerdate";
+          alias = {
+            staash = "stash --all";
+          };
+          core = {
+            editor = "nvim";
+            autocrlf = "input";
+          };
+          init.defaultBranch = "main";
+          credential.helper = "libsecret";
+        };
+      };
    };

    # Some excludes
--- a/host/roam/default.nix
+++ b/host/roam/default.nix
@ -3,6 +3,7 @@
  networking.hostName = "roam";

  imports = [
+    ./git.nix
    ./hardware-configuration.nix
    ./networking.nix
    ./services.nix
--- a/host/roam/git.nix
+++ b/host/roam/git.nix
@ -0,0 +1,13 @@
+{ pkgs, var, ... }:
+{
+  programs.git.enable = true;
+  users.groups.git = { };
+  users.users.git = {
+    isSystemUser = true;
+    home = "/git";
+    createHome = true;
+    group = "git";
+    shell = "${pkgs.git}/bin/git-shell";
+    openssh.authorizedKeys.keys = var.ssh-keys.unprivileged;
+  };
+}
--- a/host/roam/services.nix
+++ b/host/roam/services.nix
@ -1,7 +1,9 @@
-{ var, config, ... }:
-let
-  headscale-domain = "headscale.hdohmen.de";
-in
+{
+  var,
+  config,
+  pkgs,
+  ...
+}:
 {
  services = {
    nginx = {
@ -34,4 +36,26 @@ in
      443
    ];
  };
+
+  systemd = {
+    timers."backup-rclone" = {
+      wantedBy = [ "timers.target" ];
+      timerConfig = {
+        OnCalendar = "daily";
+        Persistent = true;
+        Unit = "backup-rclone.service";
+      };
+    };
+    services."backup-rclone" = {
+      script = ''
+        ${pkgs.rclone}/bin/rclone copy /home/hd/Documents odc:Documents
+        ${pkgs.rclone}/bin/rclone copy /git odc:git
+      '';
+      path = [ pkgs.rclone ];
+      serviceConfig = {
+        Type = "oneshot";
+        User = "root";
+      };
+    };
+  };
 }