diff --git a/README.md b/README.md index 43a0f0c..01ca08c 100644 --- a/README.md +++ b/README.md @@ -107,6 +107,11 @@ The directions below are all a bit dated and likely incomplete 😔 They will be 11. run `mkdir modules/home-manager/hosts/$(hostname -s)` 12. run `nix run nixpkgs#sops -- modules/home-manager/hosts/$(hostname -s)/secrets.yaml` 13. Add entries for + - `local_git_config` containing something like this: + ``` + [user] + email = me@example.com + ``` - `local_private_env` containing anything you want exported as env vars or local aliases that you want to keep private - `tailscale_key` 14. create `modules/home-manager/hosts/darwin/$(hostname -s)/.nix` based on needs for this machine diff --git a/flake.lock b/flake.lock index e3b1e41..ffca018 100644 --- a/flake.lock +++ b/flake.lock @@ -658,11 +658,11 @@ ] }, "locked": { - "lastModified": 1775792859, - "narHash": "sha256-P5HpijPm33VcUHpBW43rloFzK/LhS7wxLA7KDcN1kUg=", + "lastModified": 1775077724, + "narHash": "sha256-LGifKfUhZr99hX+vRZZhDDT6+6AyjTbqomq2SgL/Pv8=", "owner": "genebean", "repo": "private-flake", - "rev": "c45584341f1f06d90ab3424cd4dfd61ed7266a42", + "rev": "aef30e8ac1ae465de8d5747931bea4402d042113", "type": "github" }, "original": { diff --git a/lib/mkDarwinHost.nix b/lib/mkDarwinHost.nix index cbe6f87..02c0236 100644 --- a/lib/mkDarwinHost.nix +++ b/lib/mkDarwinHost.nix @@ -33,14 +33,11 @@ useGlobalPkgs = true; useUserPackages = true; users.${username}.imports = [ + inputs.sops-nix.homeManagerModule # user-level secrets management ../modules/shared/home/general ../modules/shared/home/general/all-gui.nix ../modules/hosts/darwin/home.nix ../modules/hosts/darwin/${hostname}/home-${username}.nix - - inputs.private-flake.homeManagerModules.private.git - (inputs.private-flake.homeManagerModules.private.${hostname} or { }) - inputs.sops-nix.homeManagerModule # user-level secrets management ]; }; } diff --git a/lib/mkHomeConfig.nix b/lib/mkHomeConfig.nix index 1ab768a..f71a7b7 100644 --- a/lib/mkHomeConfig.nix +++ b/lib/mkHomeConfig.nix @@ -35,7 +35,6 @@ } inputs.nix-flatpak.homeManagerModules.nix-flatpak - inputs.private-flake.homeManagerModules.private.git inputs.sops-nix.homeManagerModules.sops ]; }; diff --git a/lib/mkNixosHost.nix b/lib/mkNixosHost.nix index a1ab80c..9d4a35b 100644 --- a/lib/mkNixosHost.nix +++ b/lib/mkNixosHost.nix @@ -29,9 +29,6 @@ ../modules/shared/home/general ../modules/shared/home/linux ../modules/hosts/nixos/${hostname}/home-${username}.nix - - inputs.private-flake.homeManagerModules.private.git - (inputs.private-flake.homeManagerModules.private.${hostname} or { }) ]; }; } diff --git a/modules/hosts/darwin/AirPuppet/home-gene.nix b/modules/hosts/darwin/AirPuppet/home-gene.nix index 644ebef..2643ed1 100644 --- a/modules/hosts/darwin/AirPuppet/home-gene.nix +++ b/modules/hosts/darwin/AirPuppet/home-gene.nix @@ -5,6 +5,7 @@ sops = { defaultSopsFile = ./secrets.yaml; secrets = { + local_git_config.path = "/Users/${username}/.gitconfig-local"; local_private_env.path = "/Users/${username}/.private-env"; }; }; diff --git a/modules/hosts/darwin/Blue-Rock/home-gene.liverman.nix b/modules/hosts/darwin/Blue-Rock/home-gene.liverman.nix index 4a203b7..2ed7e0a 100644 --- a/modules/hosts/darwin/Blue-Rock/home-gene.liverman.nix +++ b/modules/hosts/darwin/Blue-Rock/home-gene.liverman.nix @@ -13,6 +13,7 @@ sops = { defaultSopsFile = ./secrets.yaml; secrets = { + local_git_config.path = "/Users/${username}/.gitconfig-local"; local_private_env.path = "/Users/${username}/.private-env"; }; }; diff --git a/modules/hosts/darwin/mightymac/default.nix b/modules/hosts/darwin/mightymac/default.nix index ba86d99..074ca67 100644 --- a/modules/hosts/darwin/mightymac/default.nix +++ b/modules/hosts/darwin/mightymac/default.nix @@ -36,7 +36,7 @@ "terraform-docs" ]; casks = [ - "antigravity" + "alacritty" "boinc" "discord" "elgato-stream-deck" diff --git a/modules/hosts/darwin/mightymac/home-gene.liverman.nix b/modules/hosts/darwin/mightymac/home-gene.liverman.nix index 32e9c9b..49aaea2 100644 --- a/modules/hosts/darwin/mightymac/home-gene.liverman.nix +++ b/modules/hosts/darwin/mightymac/home-gene.liverman.nix @@ -14,6 +14,7 @@ defaultSopsFile = ./secrets.yaml; secrets = { i2cssh_config.path = "${config.home.homeDirectory}/.i2csshrc"; + local_git_config.path = "${config.home.homeDirectory}/.gitconfig-local"; local_private_env.path = "${config.home.homeDirectory}/.private-env"; user_nix_conf.path = "${config.home.homeDirectory}/.config/nix/nix.conf"; }; diff --git a/modules/hosts/darwin/mightymac/secrets.yaml b/modules/hosts/darwin/mightymac/secrets.yaml index 3631b11..d12fc69 100644 --- a/modules/hosts/darwin/mightymac/secrets.yaml +++ b/modules/hosts/darwin/mightymac/secrets.yaml @@ -1,7 +1,7 @@ tailscale_key: ENC[AES256_GCM,data:rWN6mW6LC/EjMTbMjXkCmMQYEehEbViScKeaLEOpR6VSZJFD0aZI9wh5yKcQeaUT0BiJIzITsUxj,iv:aCqdsW7JPq6Q2kFl6ZciwIQfzAbs9LvhWilbEI8okAc=,tag:U0p4UND/n26ZF17keSL0DA==,type:str] user_nix_conf: ENC[AES256_GCM,data:1PCMb2Xyq7G/ROrk39UcfC9Ktj+fhh5j2/EAi4ganLIyk3chzifk265XLxK5eFIVjys9mdGikaepcJky3cgnKl8HOX8=,iv:7/cxkyl3QgwzkT8Fi3/+CqRZu91l287TxeVYQcH0P5I=,tag:bMo3RJchirQSJTjXPds8Ag==,type:str] i2cssh_config: ENC[AES256_GCM,data:MwYLGFribitABOcQJFsEgd3vD4qsEdz0grg2ISE0LB3IT2usVRgUfnI/5g7pK4ON/bxz+mpkncDCZep8wBrd4+c316320u/HkxTEQYFU+zXGuFnkF380fx8klQdBel7JsJJKwa5b1M20Sqj9QYNXtwEw8zs+vG/VGdzWLKHlQosvUrdhT0LGntu+/RIgVhC3B6aEp79mbz8xOh8BrCpi4hVPFm8x5sUC++wR+aBvIg+bsOOU8T9OoW3bnEs8ucnvni9RYN7r5YCOllyhaFekNp6KiFBLd4h3A2r2UWBnRjlg5LKJc5aG6Z6XMHaz6NaGpZUw+fMHVZx7t7QL7IwvNpFp/+8oeWzBz/qecfxzVkGvBYqtPPsnv9mNUYZux6Fd0FETMbPI7dmUQrmUK2Y+L8Qw55cpL+BVJkV693DaKIJwQL3VIC6Z/NKqTXPdBBS9hWHjYWfGBmbiAiaU5X2Z3cz8YaEsCnC4OMqqlALLmzZ0crD/HXc6756U/i63GVsx4GiBTfs8Rvy+7GZOyjBhgvHZK6g4ShVZHDtNMInHlfyFzOGC03smZhgseF9ivVVXAMa6AI8OHU5678Fkb6/lD4e0Vqk77Icaj+Yte6EKmHK3Pq9ctYyJLNBFlFCreBWTcxrV+a6WLxh6QkcHmUYLfHKp/cG3nypPKRIaBkvbYOUYLuPI1IRrzdndALv5uRBhxKJEL+ukBv0EVm9y9sR1uimTQYB9tCRE7+2JfgBhcQwbUbIlW4NmZeOx9/9jAoqlID0PTS/2QsnbYI00X7c3GibGpLVVY86X6S4hW/HaHEq8jB5JiFDlQRGDLy/YV8MM1USsqZpjJHlZy8AWQRH3Ta47cXYfwCOD2eTC2pouS938qAaq48m3mPMuzCWlbiExXRrdE2Noek49/pfwCduplEebxb3FLr16lRHdcI+M8Hb9W5iXAJFYBx9FzFkIewDKz4UxL+MKX88K4t5l5ZTG6IT0OqCekZ3M/9scYbhrpgU2sWp3ADgmLRwL8iMxgwFygl1ZxdQ9C0IS8LwgLCfAn3wVKZlUogRdBkV52iHbkUVG4tEqUZxhJUALFW3P1A==,iv:udLgI4t3M3KDNfcA+WkUFLAe523/+O9tE/LGol1UBQA=,tag:6v1XUPTpgcjfmcgak9YKAQ==,type:str] -local_git_config: ENC[AES256_GCM,data:QyGLazd0dcO3ywpd0DiQOaQ+/t8+2dJbvnUQykzE/2g+y08idWZyQ+DLsfDJ,iv:fi772uq3L1mKTMfH1ulxiMCnU6p6S1v6DSHLpypoajY=,tag:y/e4E8YgZRie3GVC7XBlfw==,type:str] +local_git_config: ENC[AES256_GCM,data:DjLFwnglZuH2Piami9gHUd5fmlW3luXDCxx7cEuTPRPM4Y4fr2PmXXWSIvZEo6FuVC8tAMr4Z9wbgWQumB4Ul4lIHpwHrbvS2ccOI/ye4Q9OQ/Ki9OEbVFg8nBHsz57RnD0uh3Fk+9gV0yoTmjxP2A==,iv:7Z2d/pgc4uarGe0/BAcIFGLMdBdNwhxr6wGOaZvUqxw=,tag:HgOW/RF9/QEfm+xkEV75+Q==,type:str] local_private_env: ENC[AES256_GCM,data:vaa2MKSzCs2s2mzRkFSkz2CT2hCRfad+mqkLW/PCulcw8x6TYRWWjfYicqdCh+lmeMlRgoukH45qTq2YaKo8lvm0jOPnk1Z6ZOYCafm6JX8Cn+hpxRq/nw0OjtytLrVIh6CCqe8IJM5nK6EC5dXJDO/08AaiRdlYqRG7HhKFSa0nODlQpWGXiwYz3ajkCmlgl3qR+6HpZxjMKAGAyLZr9g5n8rNHN7oXe0Kf06wmoMnFNKvuZ9kliJe5x3gUbiDN85UNXNKnMs6SFk7Hr+jE3RIGUjYL6XCUgWgvt9gL0VDWjt3KfJbASJMBwBU9B4Jj02pxyHeQovyK2CjAm7Qm2s40JYsdsbfV4QaTBRCT5DdIQiB3FI/ELuwKdEo8MlpSvk5DqyxipAvicOa216x4N+FG/N311vExq4gNIjO+6w191ymRk4YCxWjUIk7GwiftsVBp+Jo6M27Xe7k7yYCBblEyAtq7NDbcxrh9YoXs+K409wBE6U81bJbMWwRzwG7Sfhrzx1X+C1SGe+VYSmh1EqHEbJbkHXxEF35vfNGwQoIAVOQ+ePlYyGhvNkbLTxxf2Ni6orl/tKnLejmMSwhUrv5R1RgQqxyiK7aSl0bf89+hxb2WWdGpmFEMUCns4hoFzN+ob1h7oH3aD33CMKuoOFAhsDkELS08Bvx2RMyKEv7ktU6KmaOEvO99soRQAMZvznM0/8H6v11ua1sAvzN5of+9bdA31Yt2fj1lMpAxuc/jc/fjlSpdr+TkEIoAP1R/z4xhlR4QoxlnBkLJU2y699dPBChl52k8S5W53/XW0NoXptpf8+BKgnQCjXRASHBxN2ChjjpUFLyKV/0x8lbrs+NbNb4wJP4HK1625R9278hcD02KcfzofPtr/sglSGEWOla7vsNlyQiwRp0ZfbGrrfvQ3QhKVx/shPL7BkmGGDapkiT0YqWIWo/gOtRnDGIcsjER5DMZQwez27eqaZq7jwQv4He1Tj/UelR1eOurlPE7NKIDXXCR14vfsVCX/5mNPuNDZ+hhEpp8xAqAsnv6TCHHZ7q1ngrIe/uxJZLGE3oWxmjxn1FGP3m42IT59RMXHNmzZwPYmPZK8cjSNqViP2Krsvca0p+Jf7+1hP17UwLFneo6bf3um891sF0X40R9uNA+7fuP4rbBwrJZaNwSojxXyk9kVpXATwk9JMaXijU78KZ+59ucl5lVsu1OQTYtcZxSecGr21ATSi2EydhaHNM/hsamAeyy3EbiVfDD6Bv9V2uwoEWRIApnCoKN9zcpdjMuVIZUKywuAyEzCaaOuDfrFLsgR051ijqkOQnmuZNJ+DRmdC1siUPqNQawRqvewKN5FbHJFuI7X6Zxfa3OxZFqnsWdipuL/+3sy8hGjaH5y1RIHeJzL/ZnQNoEkBMep6zeLmQHoGV3iXjmbobUpJMpHKG3yt92zw8hyckPO+tEvOjYW2RR+6NfbArWTqaW7e4FHYpDtX3Oh3a1SzX+fK5lEUglN3+wx6uDDXczG7IZwQDQc9kfL2rt45s8uHw9MZL/kH8Ssdhk4Ha2JIXXyyoxyFHH5OaZCaQFveVjvo70E394AU5oJ5YmvlKIMZEJxnL9TdtshTPVvKeL3DBjEzIocv9/MWQJLfltnaU2ieIQFsvG8ma7za8YOvFVgr1Z3DfRsusQOmnJB3Umm18YfST0U1u1DpiCsvdGoRuySqAjp4OdmxTvKLRHKkNzRzmS8NnewFjUitJy1WjXmcoVRc8+hm2IJxQl3iGm1In2zuGtyklbban7+84ygV2XvhGpv5MLE0ooKHTXLU7da9jUgvRgCQ9EZWGh/Xqg/OA7mK3C9ojeuJKCgtKwDm2QeHKswRzgUpSTtYlgS3TmTQOdgMo7N7w9uWTTjU9ozXnJHZlKF7264XaIOmLZGwcIPwjQb6+onv0xvDDgKaDU2QpHA1MMXrJAPnyAP3xjpttEggHcY9i+t0ZlvrzS1Ux7Tv2qKnabJEuzw5mX7RyjmUOp89mXK/Ot/hTwMKf2Rm7QsoSMl3NqTFHUMYnxzN8TyVAWvcXh1iS24ryvgMqE+Et2EFW2+lz3XffS+hKJ49osu3ZX53QDLCXhWRK7xnCj3JGNVtnyMkRH7eRVpQwbxl7DuYSx8xrzDyLItOOVyUeif+XiIzsjDWfitTV0+SDhsuJpvCm3hh1+SDUwL9abgOJ0Hv0Y8EtvkoAUlkC5O3+qVFVQ2gmdTWvZ5eIci4wKvv4jXyljW7uDGCjqoGL3yi9JUGWhJGVe0gFvUyP/k6ThxjbrpERVOCpiPZDfwU31ACVVEagwdLjs2vJB1oRs2dJWwwXMPR4lbslgDUXkD4j0hodOvbrqa9teBB1Q48mAZ/CqhOgwFjEymLmXUEcauBHSuLywQkff7TYVmyWzGZAH0gZB7aVuwZ1ZRj59PuFdMKcRoqNC8/yb4Nj9HDprE8l7gS5jaELkm6G/lo7jbei7CLdYB5zNW9qSypKv6QvqYbxhpCazsPAvjIXj0O3k24Q8U6CROuxWwNe7hCPaYaC1wI/lr+QEoG//3sRMRMBYJ5M2deFSXhKFstcoOAinkESMgwLc2eeTmqYS14e4qtCIMzAy9YOt0SaKUVjnCgj9vkoJNPgqdVEnszDThBS2Rhe3f/CrfFdoWf/nWisy3NwCWcdj8cjR2sAGcu8ImxRciXYuUS9XAdGiUUVv9+BF1wf2VCWVJQ895WQ7dxBtHZdrh7SRtlR0qKTQuSPzEzSYwve0Xm1Kw6VbgrcQnpvafS2unS+3VlGH+gjv3swHWaiot0IbvoG7K4guVfUFORTlsqlktg2UdfskhVpXliJub1B91q6Ocuponi6NI0ytmNGgNKoxNU8Bfi8zruCak2lwKK1lwqR9Q2Xhg0xHW/bjsX37HHC6hS5WoB3KpwouwSdY7bbZttyq3EdODHz4P7FdsrirSgt9U/1ue9shbDQmBwImPAr7KttRMZUcuCWYoxSzZbqz5OdIinVgonOkqPWvsxSb1+PjpWFkYwMzeOlcYRGylD8VZ5TMn/p0DVpzWK4zTbmY1s6nvu+gPPgLWBM0soj33UY7vSlJMgzOXEc4dFGspfVbkbjBx/qbtN3wS7WnI1RP0oTszSacVkuJvsDZURecNUIyNxaKTYOIOrxErTBJwZ1mYUDh0KWprAirzTD1p+4soiGiMwYQdKZd6MwgD0HmjzPwi+DpoBfo1Y7R6BeefFvSLT2dZhilwlh496FQX/DNOqPd/5ZiMOGC8JvG6pBred5r2QFCFgN7F9BIFoLHpF8DjRkvcQC4bf/IQrQBGJGMk2o3fG+cjPxB5c7Ce9BzCUY5+AAcm7/u2oMZvCiUc91OKV/l3S5J+ZmUutXIrFvJIlE4FUJi6QFtDI4fygzxI84wbTtnrQzYWOvWZlKEmXDQyn6iRxqu1pcJq38cX3UpouMXlbqA+pGsc1xAkt7a295qYBcVrm1RjQWwVW1okNF9bgswF3X8HCEx8tCFsZdM+lHE4/+ytqTOMvPrgodbUeCBORwpsKN4TzBCGzQI/1Fs++ucL6EwwgN95goW4gvqgk2sEdSGqO7fk4pwzfHNLdoZmosblsHFTmCefHURmeM+rakbZLIyERBSEWzW8uSMFqdqQtFjx2cMEcavSj3xO69p6YuK4baRVV1ATLeYfpMnSkt6wM5TCowXBiA67TQUzEl0+rTG4kPc2PYLFCkKzjxM2ngA+P2gyx5jRPtztLLDe669sUecsNCDfs1h8nLDJyL9zDF/K3Iw8AlsMgqYDhDcFVW9sZ+to7UGL0VToRMFKrP+zW3MSSC9sXQIX+aZeI0yjgxYU4zH4MB4JlP/dgPvqBKkAU+lCD0EesdXaL3hUQQ6+8BY2wsO3ws77rFYDWCq0lzjXHH+BtyihWF194ZEXxNzkq3mH5uBHqipWZ4EMnoHbzfq4CI11VK0Kgu6atw0xDCApA+0auom7jayFvL6HvhSW+lWhOTSlOktXzFula1iNKqJI1y6bLig94HEJ13z+3HSKsyA,iv:c81f5M5cmElhm6Yb/p7JkX0mJacbatqm3qmIba/LMcs=,tag:V2FVsGqf9G18VimH2rsSRg==,type:str] sops: age: @@ -14,7 +14,7 @@ sops: YndNc25Xemxrd2VXSStlbTJjZFBOR0UKe6wxJBlS7YZJXW3f/rlmKanqu9SeYXYB qxEU+fMDfQ/R+jRo6fGRtNnnY3nowZP+hSYYuGT9SRFwqYR1M3xeqw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-04-10T01:57:32Z" - mac: ENC[AES256_GCM,data:+lw8USB9aUYBWyvK9B1UM/5FiwM7N8wdblLDDBW2rX5qHmnDuKDqoQTaH/ncWdxTo/LkDrQ4HExC5wFNb9V1o6naKAqTmI1gDgxwMIips9Ul+jk8KltWObu3HAUqLBpdkaCe61Hb5/EOVzfcs8lCX0d/C3X2ltg1lqQhOUoYZZ8=,iv:1gw1hJf5mYSch03FZGmaewAD8oxXb1/kXmqBfvm97Ho=,tag:mn7ePcem63bfI3JLcvXTOQ==,type:str] + lastmodified: "2026-03-19T15:01:09Z" + mac: ENC[AES256_GCM,data:FKz9GZZfLnBFiVuyn3xmhR0p6NpPxlJBZlGL6PrqsiJWmIrzZBq6x5fj9fWprYuzeAJYRrwSX8X5fYKdatrW2aLIYrXclZl1yw3afnP65lJZvJxlhD9gD3gPZ9eMbmRUOqrhLn8OeQ+mY4WBXg0G6WNOxsp/bAQf7Xjkj1eItBI=,iv:duqy8YcrhfPmiTHJBYnFbMyv1jCxLPtU1Gbo1F/YkHs=,tag:3TNSf3BLu6Wm38RmReihwg==,type:str] unencrypted_suffix: _unencrypted version: 3.12.1 diff --git a/modules/hosts/home-manager-only/default.nix b/modules/hosts/home-manager-only/default.nix index a32f5dc..107163f 100644 --- a/modules/hosts/home-manager-only/default.nix +++ b/modules/hosts/home-manager-only/default.nix @@ -34,6 +34,7 @@ age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ]; defaultSopsFile = ./secrets.yaml; secrets = { + local_git_config.path = "${config.home.homeDirectory}/.gitconfig-local"; local_private_env.path = "${config.home.homeDirectory}/.private-env"; }; }; diff --git a/modules/hosts/nixos/bigboy/default.nix b/modules/hosts/nixos/bigboy/default.nix index 182a0bc..7aeeebe 100644 --- a/modules/hosts/nixos/bigboy/default.nix +++ b/modules/hosts/nixos/bigboy/default.nix @@ -110,6 +110,10 @@ in age.keyFile = "${config.users.users.${username}.home}/.config/sops/age/keys.txt"; defaultSopsFile = ./secrets.yaml; secrets = { + local_git_config = { + owner = "${username}"; + path = "${config.users.users.${username}.home}/.gitconfig-local"; + }; local_private_env = { owner = "${username}"; path = "${config.users.users.${username}.home}/.private-env"; diff --git a/modules/hosts/nixos/hetznix01/post-install/default.nix b/modules/hosts/nixos/hetznix01/post-install/default.nix index e1efbe3..3aaa909 100644 --- a/modules/hosts/nixos/hetznix01/post-install/default.nix +++ b/modules/hosts/nixos/hetznix01/post-install/default.nix @@ -156,6 +156,10 @@ in age.keyFile = "${config.users.users.${username}.home}/.config/sops/age/keys.txt"; defaultSopsFile = ../secrets.yaml; secrets = { + local_git_config = { + owner = "${username}"; + path = "${config.users.users.${username}.home}/.gitconfig-local"; + }; local_private_env = { owner = "${username}"; path = "${config.users.users.${username}.home}/.private-env"; diff --git a/modules/hosts/nixos/hetznix02/post-install/default.nix b/modules/hosts/nixos/hetznix02/post-install/default.nix index 30e0c00..823dabb 100644 --- a/modules/hosts/nixos/hetznix02/post-install/default.nix +++ b/modules/hosts/nixos/hetznix02/post-install/default.nix @@ -10,6 +10,10 @@ age.keyFile = "${config.users.users.${username}.home}/.config/sops/age/keys.txt"; defaultSopsFile = ../secrets.yaml; secrets = { + local_git_config = { + owner = "${username}"; + path = "${config.users.users.${username}.home}/.gitconfig-local"; + }; local_private_env = { owner = "${username}"; path = "${config.users.users.${username}.home}/.private-env"; diff --git a/modules/hosts/nixos/kiosk-entryway/default.nix b/modules/hosts/nixos/kiosk-entryway/default.nix index 8728ef2..f3b88a7 100644 --- a/modules/hosts/nixos/kiosk-entryway/default.nix +++ b/modules/hosts/nixos/kiosk-entryway/default.nix @@ -96,6 +96,10 @@ age.keyFile = "${config.users.users.${username}.home}/.config/sops/age/keys.txt"; defaultSopsFile = ./secrets.yaml; secrets = { + local_git_config = { + owner = "${username}"; + path = "${config.users.users.${username}.home}/.gitconfig-local"; + }; local_private_env = { owner = "${username}"; path = "${config.users.users.${username}.home}/.private-env"; diff --git a/modules/hosts/nixos/kiosk-gene-desk/default.nix b/modules/hosts/nixos/kiosk-gene-desk/default.nix index ca594bb..57033ee 100644 --- a/modules/hosts/nixos/kiosk-gene-desk/default.nix +++ b/modules/hosts/nixos/kiosk-gene-desk/default.nix @@ -114,6 +114,10 @@ age.keyFile = "${config.users.users.${username}.home}/.config/sops/age/keys.txt"; defaultSopsFile = ./secrets.yaml; secrets = { + local_git_config = { + owner = "${username}"; + path = "${config.users.users.${username}.home}/.gitconfig-local"; + }; local_private_env = { owner = "${username}"; path = "${config.users.users.${username}.home}/.private-env"; diff --git a/modules/hosts/nixos/nixnas1/default.nix b/modules/hosts/nixos/nixnas1/default.nix index 799a8f2..6ab4184 100644 --- a/modules/hosts/nixos/nixnas1/default.nix +++ b/modules/hosts/nixos/nixnas1/default.nix @@ -72,6 +72,10 @@ age.keyFile = "${config.users.users.${username}.home}/.config/sops/age/keys.txt"; defaultSopsFile = ./secrets.yaml; secrets = { + local_git_config = { + owner = "${username}"; + path = "${config.users.users.${username}.home}/.gitconfig-local"; + }; local_private_env = { owner = "${username}"; path = "${config.users.users.${username}.home}/.private-env"; diff --git a/modules/hosts/nixos/nixnuc/default.nix b/modules/hosts/nixos/nixnuc/default.nix index d43fd0d..d2172dd 100644 --- a/modules/hosts/nixos/nixnuc/default.nix +++ b/modules/hosts/nixos/nixnuc/default.nix @@ -677,6 +677,10 @@ in owner = config.users.users.nginx.name; restartUnits = [ "nginx.service" ]; }; + local_git_config = { + owner = "${username}"; + path = "${config.users.users.${username}.home}/.gitconfig-local"; + }; local_private_env = { owner = "${username}"; path = "${config.users.users.${username}.home}/.private-env"; diff --git a/modules/hosts/nixos/rainbow-planet/default.nix b/modules/hosts/nixos/rainbow-planet/default.nix index a768fce..142389b 100644 --- a/modules/hosts/nixos/rainbow-planet/default.nix +++ b/modules/hosts/nixos/rainbow-planet/default.nix @@ -168,6 +168,10 @@ age.keyFile = "${config.users.users.${username}.home}/.config/sops/age/keys.txt"; defaultSopsFile = ./secrets.yaml; secrets = { + local_git_config = { + owner = "${username}"; + path = "${config.users.users.${username}.home}/.gitconfig-local"; + }; local_private_env = { owner = "${username}"; path = "${config.users.users.${username}.home}/.private-env"; diff --git a/modules/shared/home/general/default.nix b/modules/shared/home/general/default.nix index a0f2b2f..9ff8f69 100644 --- a/modules/shared/home/general/default.nix +++ b/modules/shared/home/general/default.nix @@ -138,6 +138,7 @@ in "*.swp" ".DS_Store" ]; + includes = [ { path = "~/.gitconfig-local"; } ]; lfs.enable = true; package = pkgs.gitFull; settings = { @@ -151,9 +152,6 @@ in }; gpg = { format = "ssh"; - ssh = { - allowedSignersFile = "${config.home.homeDirectory}/.config/git/allowed_signers"; - }; }; merge = { conflictStyle = "diff3"; @@ -318,6 +316,7 @@ in history.size = 1000000; initContent = '' [ -f ~/.private-env ] && source ~/.private-env || echo '~/.private-env is missing' + [ -f ~/.gitconfig-local ] || echo '~/.gitconfig-local is missing. Create it and set user.email' # Start GPG agent # Some tips from https://hedberg.io/yubikey-for-ssh/ helped simplify this: