From d64dea3dc385afcf4ec8d691f0fb9bec7c3e93d8 Mon Sep 17 00:00:00 2001 From: clerie Date: Sun, 14 Apr 2024 09:50:52 +0200 Subject: [PATCH 1/4] configuration/desktop: Disable gnome alert sounds --- configuration/desktop/gnome.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/configuration/desktop/gnome.nix b/configuration/desktop/gnome.nix index f05d50a..7136a3f 100644 --- a/configuration/desktop/gnome.nix +++ b/configuration/desktop/gnome.nix @@ -47,6 +47,9 @@ "org/gnome/desktop/notifications" = { show-in-lock-screen = false; }; + "org/gnome/desktop/sound" = { + event-sounds = false; + }; "org/gnome/gnome-system-monitor" = { network-in-bits = true; network-total-in-bits = true; From af721691720bc259403c68f360f3a6227bc9acee Mon Sep 17 00:00:00 2001 From: clerie Date: Sun, 14 Apr 2024 14:08:47 +0200 Subject: [PATCH 2/4] flake.lock: Update nixpkgs-krypton --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 441d904..fd1421d 100644 --- a/flake.lock +++ b/flake.lock @@ -216,11 +216,11 @@ }, "nixpkgs-krypton": { "locked": { - "lastModified": 1707546158, - "narHash": "sha256-nYYJTpzfPMDxI8mzhQsYjIUX+grorqjKEU9Np6Xwy/0=", + "lastModified": 1712791164, + "narHash": "sha256-3sbWO1mbpWsLepZGbWaMovSO7ndZeFqDSdX0hZ9nVyw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d934204a0f8d9198e1e4515dd6fec76a139c87f0", + "rev": "1042fd8b148a9105f3c0aca3a6177fd1d9360ba5", "type": "github" }, "original": { From 66d369bbd9bb7b8acd0543ddd44de9f4bc395ad9 Mon Sep 17 00:00:00 2001 From: clerie Date: Sun, 14 Apr 2024 17:57:56 +0200 Subject: [PATCH 3/4] configuration/desktop: Enable GPG SSH support --- configuration/desktop/default.nix | 1 + configuration/desktop/ssh.nix | 39 +++++++++++++++++++++++++++++++ flake.nix | 1 + pkgs/overlay.nix | 1 + pkgs/ssh-gpg/default.nix | 6 +++++ pkgs/ssh-gpg/ssh-gpg.sh | 6 +++++ 6 files changed, 54 insertions(+) create mode 100644 configuration/desktop/ssh.nix create mode 100644 pkgs/ssh-gpg/default.nix create mode 100755 pkgs/ssh-gpg/ssh-gpg.sh diff --git a/configuration/desktop/default.nix b/configuration/desktop/default.nix index 074cbab..77fa67a 100644 --- a/configuration/desktop/default.nix +++ b/configuration/desktop/default.nix @@ -9,6 +9,7 @@ ./networking.nix ./power.nix ./printing.nix + ./ssh.nix ./xserver.nix ]; diff --git a/configuration/desktop/ssh.nix b/configuration/desktop/ssh.nix new file mode 100644 index 0000000..87e4cd2 --- /dev/null +++ b/configuration/desktop/ssh.nix @@ -0,0 +1,39 @@ +{ pkgs, ... }: + +{ + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + pinentryPackage = pkgs.pinentry-gtk2; + }; + + # Add wrapper around ssh that takes the gnupg ssh-agent + # instead of gnome-keyring + environment.systemPackages = with pkgs; [ + ssh-gpg + ]; + + + # Do not disable ssh-agent of gnome-keyring, because + # gnupg ssh-agent can't handle normal SSH keys properly + /* + # Disable ssh-agent of gnome-keyring + nixpkgs.overlays = [ + (final: prev: { + gnome = prev.gnome // { + gnome-keyring = prev.runCommand "gnome-keyring-ssh-disabled-autostart" {} '' + mkdir -p $out + + # Symlink all gnome-keyring binaries + ${final.xorg.lndir}/bin/lndir -silent ${prev.gnome.gnome-keyring} $out + + # Disable autostart for ssh + rm $out/etc/xdg/autostart/gnome-keyring-ssh.desktop + cat ${prev.gnome.gnome-keyring}/etc/xdg/autostart/gnome-keyring-ssh.desktop > $out/etc/xdg/autostart/gnome-keyring-ssh.desktop + echo "Hidden=true" >> $out/etc/xdg/autostart/gnome-keyring-ssh.desktop + ''; + }; + }) + ]; + */ +} diff --git a/flake.nix b/flake.nix index aa59880..194db60 100644 --- a/flake.nix +++ b/flake.nix @@ -128,6 +128,7 @@ nixfiles-generate-config nixfiles-update-ssh-host-keys print-afra + ssh-gpg update-from-hydra uptimestatus; }); diff --git a/pkgs/overlay.nix b/pkgs/overlay.nix index 982781b..9efff11 100644 --- a/pkgs/overlay.nix +++ b/pkgs/overlay.nix @@ -11,6 +11,7 @@ final: prev: { nixfiles-generate-config = final.callPackage ./nixfiles/nixfiles-generate-config.nix {}; nixfiles-update-ssh-host-keys = final.callPackage ./nixfiles/nixfiles-update-ssh-host-keys.nix {}; print-afra = final.callPackage ./print-afra {}; + ssh-gpg = final.callPackage ./ssh-gpg {}; update-from-hydra = final.callPackage ./update-from-hydra {}; uptimestatus = final.python3.pkgs.callPackage ./uptimestatus {}; } diff --git a/pkgs/ssh-gpg/default.nix b/pkgs/ssh-gpg/default.nix new file mode 100644 index 0000000..374b4e0 --- /dev/null +++ b/pkgs/ssh-gpg/default.nix @@ -0,0 +1,6 @@ +{ pkgs, ... }: + +pkgs.writeShellApplication { + name = "ssh-gpg"; + text = builtins.readFile ./ssh-gpg.sh; +} diff --git a/pkgs/ssh-gpg/ssh-gpg.sh b/pkgs/ssh-gpg/ssh-gpg.sh new file mode 100755 index 0000000..dff8b71 --- /dev/null +++ b/pkgs/ssh-gpg/ssh-gpg.sh @@ -0,0 +1,6 @@ +#!/usr/bin/env bash + +SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)" +export SSH_AUTH_SOCK + +exec ssh "$@" From 2974b4f18edc6e19328cb79e77cb5c66bd538a67 Mon Sep 17 00:00:00 2001 From: Flake Update Bot Date: Mon, 15 Apr 2024 03:04:05 +0200 Subject: [PATCH 4/4] Update nixpkgs 2024-04-15-01-03 --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index fd1421d..3248487 100644 --- a/flake.lock +++ b/flake.lock @@ -232,11 +232,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1708118438, - "narHash": "sha256-kk9/0nuVgA220FcqH/D2xaN6uGyHp/zoxPNUmPCMmEE=", + "lastModified": 1712963716, + "narHash": "sha256-WKm9CvgCldeIVvRz87iOMi8CFVB1apJlkUT4GGvA0iM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5863c27340ba4de8f83e7e3c023b9599c3cb3c80", + "rev": "cfd6b5fc90b15709b780a5a1619695a88505a176", "type": "github" }, "original": {