From fba9237dba3cbaae01dd6a8b02990f2fc112511f Mon Sep 17 00:00:00 2001 From: Tigor Hutasuhut Date: Mon, 17 Jun 2024 16:26:56 +0700 Subject: [PATCH] neovim: config now comes from a git repository instead of embedded in the nixos configuration. --- home/config/nvim/default.nix | 106 +++++++++++++++++++++++++---------- home/default.nix | 17 ++++++ options/default.nix | 5 ++ secrets/ssh.yaml | 24 ++++++++ 4 files changed, 123 insertions(+), 29 deletions(-) create mode 100644 secrets/ssh.yaml diff --git a/home/config/nvim/default.nix b/home/config/nvim/default.nix index 29be8b5..d3f6c7b 100644 --- a/home/config/nvim/default.nix +++ b/home/config/nvim/default.nix @@ -1,32 +1,80 @@ -{ config, pkgs, unstable, ... }: - +{ config, pkgs, lib, unstable, ... }: +let + cfg = config.profile.neovim; + inherit (lib) mkIf; + repository = "git@github.com:tigorlazuardi/nvim.git"; + nvimCloneDir = "${config.home.homeDirectory}/nvim"; +in { - home.file.".config/nvim" = { - source = ./.; - recursive = true; + config = mkIf cfg.enable { + systemd.user.services.clone-nvim = { + Unit = { + Description = "Clone neovim configuration if not exists"; + Wants = [ "network-online.target" ]; + After = [ "nss-lookup.target" ]; + StartLimitIntervalSec = 300; + StartLimitBurst = 10; + }; + Service = + let + git = "${pkgs.git}/bin/git"; + bash = "${pkgs.bash}/bin/bash"; + ping = "${pkgs.unixtools.ping}/bin/ping"; + host = "github.com"; + sleep = "${pkgs.coreutils}/bin/sleep"; + script = pkgs.writeScriptBin "clone-nvim.sh" '' + #${bash} + + if [ -d "${nvimCloneDir}" ]; then + exit 0; + fi + + until ${ping} -c 1 ${host}; do + ${sleep} 1; + done + + ${git} clone ${repository} ${nvimCloneDir} + ''; + path = "${script}/bin/clone-nvim.sh"; + in + { + Type = "simple"; + ExecStart = path; + Restart = "on-failure"; + RemainAfterExit = "yes"; + }; + Install = { + WantedBy = [ "default.target" ]; + }; + }; + + xdg.configFile.nvim = { + source = config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nvim"; + recursive = true; + }; + + sops.secrets."copilot" = { + path = "${config.home.homeDirectory}/.config/github-copilot/hosts.json"; + }; + + home.packages = with pkgs; [ + stylua + lua-language-server + docker-compose-language-service + emmet-ls + silicon # For code screenshots + + ###### Golang development tools ###### + gomodifytags + gotests + iferr + curl + cargo + nixpkgs-fmt + nil + + gcc + python3 + ]; }; - - sops.secrets."copilot" = { - path = "${config.home.homeDirectory}/.config/github-copilot/hosts.json"; - }; - - home.packages = with pkgs; [ - stylua - lua-language-server - docker-compose-language-service - emmet-ls - silicon # For code screenshots - - ###### Golang development tools ###### - gomodifytags - gotests - iferr - curl - cargo - nixpkgs-fmt - nil - - gcc - python3 - ]; } diff --git a/home/default.nix b/home/default.nix index 8726c42..e77d54e 100644 --- a/home/default.nix +++ b/home/default.nix @@ -29,4 +29,21 @@ in }; services.mpris-proxy.enable = config.profile.mpris-proxy.enable; + + sops.secrets = + let + sopsFile = ../secrets/ssh.yaml; + in + { + "ssh/id_ed25519/public" = { + inherit sopsFile; + path = "${config.home.homeDirectory}/.ssh/id_ed25519.pub"; + mode = "0444"; + }; + "ssh/id_ed25519/private" = { + inherit sopsFile; + path = "${config.home.homeDirectory}/.ssh/id_ed25519"; + mode = "0400"; + }; + }; } diff --git a/options/default.nix b/options/default.nix index bfab333..da2d282 100644 --- a/options/default.nix +++ b/options/default.nix @@ -19,6 +19,11 @@ default = "eth0"; }; + neovim.enable = lib.mkOption { + type = lib.types.bool; + default = true; + }; + user = { name = lib.mkOption { type = lib.types.str; diff --git a/secrets/ssh.yaml b/secrets/ssh.yaml new file mode 100644 index 0000000..7aabf6d --- /dev/null +++ b/secrets/ssh.yaml @@ -0,0 +1,24 @@ +ssh: + id_ed25519: + public: ENC[AES256_GCM,data:JmFWFRSIvgL4gzEwezyijkc11ll9GueYY2lxxmkPMqSz7zGnAcQ9+mQIU97MDyPp9eCQVPOIDDrWM8ct7+ji7Sxg25H80XlsvoKmawT8sPdzQ60DAumAdqNal3I=,iv:UivMLLFFCkIFcL8mCxIDPdDWlluxqhjpO7asnF8OUSg=,tag:zOeEALrhmHwSpmtiCX5mWg==,type:str] + private: ENC[AES256_GCM,data:kv5Qlt1yib7nhBj4z8CIuqNc7xmFCZgybZx41yMoeRGQimUy1Z++YaYRg5YKYmIIXSodsmFLrrR5zuIiysLn/5fI9eLsPYNiInerqTtE5SwHH6hwya/GX6gfh9bnakvWAd8J+jp2pgrCLDTT1V5TSL+t8APSs3pvMsmSfd+ojRrTFs7omY75gE91FAjlub/SmnDnlQHQMbBdfYhFY3zgiHzsSBD0SvHjiE3c6t3YsqS2CDxape78Z64+kJzTgL0dMiIAwzMZB3BH2ufnVMwi7FWYxA/dkqj2tFJLTwHaJQZgr/ou1oOng+MstLfpL/45toyDsjNzJe4dChDOdNzAmP8ZFdL2uXqSTy1biK03ifaGxDMaiDARFMUOEZNA1V3+RkariSfO129/0izAjtttlITughRMV3JRsvs81uIETVBp+S9kljsT1TIdlCNWspo8gvBI41DN4bnLFQCFip0HRGhC4F3oq49A/CV94An8IdwwwQwoxsaNeilJDwNnQDVdChhYoDa8ynvA00F+xJmh,iv:oKWlw2I9mXTdY2oq++rxA8IbOlfSHuB7QwilD1Q7Xas=,tag:zhhsiJ91XdBnR85MYG8+WQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFeDU3eEwrNGljcmFueHFU + NEtrdVF5MU9ueTNDeTlCdmRPSFpnNFJDZTBzCnk4NU9ZcEc0YkhGcnNQVktNMDR2 + a3dHTWV4RmNINlA1ZVhzSU9xNGtWVzQKLS0tIDF4dnRlQUo3OTJjNzFiYmlGVThE + M2pJUzhSUDFRWGtjdnNCZmlMT2puZlEKBxDLcxTU0E81lqqPQ75N5Et69Z1Dwac6 + n3+oBzhhJoOhYagmp/Zm3FVh3kcHGoCe6pyDnrZSka/zO3kkZKigng== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-06-17T09:01:59Z" + mac: ENC[AES256_GCM,data:i2MCNIJ8LVspz878zTH7QrXOAA/8+G4xFhYGRoWmzCzRIHYAXsTDDU4ATgZM3rSqCWgvO/3ynKbGmiDN2z5tYreB8KDRk92WVuCqaJSfdnYulvgf1346+9NxbMbJnAi34evUcPj7QJTooRF0vGCIAk8zOCu75TIB8acVwFB+viY=,iv:9+rfk7QqLjNH0FZ617A2Y1vciwBBYlm54S2o1G93kb4=,tag:qz55kt+IFQDBt6vWK+v6Cw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1