Configure ssh signing

flake.lock

@@ -10,11 +10,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1764289441,
+        "lastModified": 1775689345,
-        "narHash": "sha256-ak+lgFiYE5PHByN1/BRkO5JP498hno6Ix24C1Qf/vec=",
+        "narHash": "sha256-tM3s7CX+tgxlYW0Sk3nzVThg2MHn08foIuMxABupxIs=",
         "owner": "aylur",
         "repo": "ags",
-        "rev": "e169694390548dfd38ff40f1ef2163d6c3ffe3ea",
+        "rev": "bbee2f18939f1ec7ff720e717cf305e73635628f",
         "type": "github"
       },
       "original": {
@@ -30,11 +30,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1773507676,
+        "lastModified": 1773914523,
-        "narHash": "sha256-UabDWdQTsGopWsC+RW0GDBRvAXF5KbkHwEcW4UQpd/A=",
+        "narHash": "sha256-GOL+bR30FPImAzy4NNsTMY1gpoINMsLTXR0WJBRSq30=",
         "owner": "aylur",
         "repo": "astal",
-        "rev": "d3fa2117d581b50e63eb3aefbf92d4883fa23f1b",
+        "rev": "41b50290c6a1cdce7b482897c22fe49286912b9a",
         "type": "github"
       },
       "original": {
@@ -132,11 +132,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1773810247,
+        "lastModified": 1776661682,
-        "narHash": "sha256-6Vz1Thy/1s7z+Rq5OfkWOBAdV4eD+OrvDs10yH6xJzQ=",
+        "narHash": "sha256-X32LTSDqUdVqMy85WYdRgyt0I75wc4Lhi9j+lrCDR8w=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "d47357a4c806d18a3e853ad2699eaec3c01622e7",
+        "rev": "4bfce11ea820df0359f73736fd59c7e8f53641a6",
         "type": "github"
       },
       "original": {
@@ -184,11 +184,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1773734432,
+        "lastModified": 1776169885,
-        "narHash": "sha256-IF5ppUWh6gHGHYDbtVUyhwy/i7D261P7fWD1bPefOsw=",
+        "narHash": "sha256-l/iNYDZ4bGOAFQY2q8y5OAfBBtrDAaPuRQqWaFHVRXM=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "cda48547b432e8d3b18b4180ba07473762ec8558",
+        "rev": "4bd9165a9165d7b5e33ae57f3eecbcb28fb231c9",
         "type": "github"
       },
       "original": {
@@ -200,11 +200,11 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1773734432,
+        "lastModified": 1776169885,
-        "narHash": "sha256-IF5ppUWh6gHGHYDbtVUyhwy/i7D261P7fWD1bPefOsw=",
+        "narHash": "sha256-l/iNYDZ4bGOAFQY2q8y5OAfBBtrDAaPuRQqWaFHVRXM=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "cda48547b432e8d3b18b4180ba07473762ec8558",
+        "rev": "4bd9165a9165d7b5e33ae57f3eecbcb28fb231c9",
         "type": "github"
       },
       "original": {
@@ -252,11 +252,11 @@
         "nixpkgs": "nixpkgs_3"
       },
       "locked": {
-        "lastModified": 1773823796,
+        "lastModified": 1776664029,
-        "narHash": "sha256-AYFcL50MSz2kdfEl1NgL5r5ukJ06MUos7l3ak2Rtn/M=",
+        "narHash": "sha256-X5LbrpV66STh+DgWXx0+TnTClHoQCWjGtUcZpMfqfUk=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "098c5b211d0e445773f57d8ecefb497af07e8767",
+        "rev": "2b094682b2f7f4dbf83d4600219f4c64cda8e7e0",
         "type": "github"
       },
       "original": {
@@ -299,11 +299,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1773692852,
+        "lastModified": 1776435302,
-        "narHash": "sha256-rVzZeR2gsPCgft+SHbxlxldejpOBI6bwj6gC24XpEIk=",
+        "narHash": "sha256-MSmlvbsg2kc2DdQGBR+3Shta+Spgi4A2k5tkbTnrro8=",
         "owner": "vicinaehq",
         "repo": "vicinae",
-        "rev": "f3dc9cb4696dda1218f00f2756cf25882fa5df9b",
+        "rev": "9fb1f6d2f882ebf36ab19919e99ca36ad7e06c9b",
         "type": "github"
       },
       "original": {

home/git/default.nix

@@ -2,6 +2,14 @@
   programs.git = {
     enable = true;
     lfs.enable = true;
+
+    # 1. Update the signing configuration
+    signing = {
+      format = "ssh";
+      key = "/home/user/.secrets/SSH/Aloria/id_ed25519";
+      signByDefault = true;
+    };
+
     settings = {
       alias = {
         s = "status";
@@ -11,6 +19,10 @@
         name = "Thomas Avé";
         email = "email@thomasave.be";
       };
+
+      # 2. Tell Git where your allowed_signers file is located
+      gpg.ssh.allowedSignersFile = "~/.ssh/allowed_signers";
+
       credentials.helper = "store";
       pull.rebase = false;
       push.autoSetupRemove = true;
@@ -24,6 +36,7 @@
       };
       rerere.enabled = true;
     };
+
     ignores = [
       "*.direnv/"
       "*.nix/"
@@ -31,6 +44,7 @@
       ".dmypy.json"
     ];
   };
+
   programs.lazygit = {
     enable = true;
     settings = {
@@ -40,4 +54,9 @@
       };
     };
   };
+
+  # 3. Declaratively create the allowed_signers file (Assuming Home Manager)
+  home.file.".ssh/allowed_signers".text = ''
+    email@thomasave.be namespaces="git" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBxMq4kubz4wWr4S8xU3GRkPcn6XRS3y7IP+qylN5QAp user@Aloria
+  '';
 }

home/utils/desktop.nix

@@ -119,4 +119,5 @@
   };
 
   fonts.fontconfig.enable = true;
+  gtk.gtk4.theme = config.gtk.theme; # Silence warning
 }

hosts/Aloria/default.nix

@@ -5,12 +5,12 @@
   config,
   ...
 }: let
-  serverIP = "10.0.0.1";
+  # serverIP = "10.0.0.1";
 in {
   imports = [
     (import ../Common/default.nix {inherit inputs pkgs config;})
     (import ../Common/desktop.nix {inherit inputs pkgs config;})
-    (import ../Common/nfs.nix {inherit pkgs serverIP;})
+    # (import ../Common/nfs.nix {inherit pkgs serverIP;})
     (import ../Common/zfs.nix {inherit inputs pkgs config;})
   ];
 

hosts/Aloria/hardware-configuration.nix

@@ -56,7 +56,7 @@
   nixpkgs.config.packageOverrides = pkgs: {
     zfs = pkgs.zfs_unstable;
   };
-  boot.kernelPackages = pkgs.linuxPackages_latest;
+  boot.kernelPackages = pkgs.linuxPackages_6_19;
   hardware.firmware = with pkgs; [
     ipu6-camera-bins
     ivsc-firmware