diff --git a/home/programs/git/default.nix b/home/programs/git/default.nix index 03cda5f..dad819c 100644 --- a/home/programs/git/default.nix +++ b/home/programs/git/default.nix @@ -14,9 +14,6 @@ let ]; in lib.mkIf cfg.enable { - # TODO: convert to template once nix-sops supports it in hm module - sops.secrets."git/nordicsemi-config" = { }; - programs.git = lib.mkMerge [ { package = pkgs.gitFull; @@ -294,42 +291,6 @@ lib.mkIf cfg.enable { }; }) (lib.flatten (lib.attrValues prefixes-per-org)); }) - - (let - bitbucket-uri-prefixes = [ - # Preferred - "bitbucket-nordicsemi:" - - # Alternative - "ssh://git@bitbucket.nordicsemi.no:7999" - "https://projecttools.nordicsemi.no/bitbucket/scm" - ]; - - prefixes-per-org = let - organizations = [ - "NordicSemiconductor" - "NordicPlayground" - "nrfconnect" - "oysteintveit-nordicsemi" - ]; - in lib.genAttrs organizations (org: map (uri-prefix: "${uri-prefix}${org}") (github-uri-prefixes ++ [ "github-nordicsemi:" ])); - in { - extraConfig = lib.mergeAttrs - { - "url \"${lib.head bitbucket-uri-prefixes}\"".insteadOf = lib.tail bitbucket-uri-prefixes; - } - (lib.mapAttrs' (org: uri-prefixes: { - name = "url \"github-nordicsemi:${org}\""; - value.insteadOf = uri-prefixes; - }) prefixes-per-org) - ; - - includes = map (x: { - contentSuffix = "nordicsemi.gitconfig"; - condition = "hasconfig:remote.*.url:${x}/**"; - path = config.sops.secrets."git/nordicsemi-config".path; - }) (bitbucket-uri-prefixes ++ (lib.flatten (lib.attrValues prefixes-per-org))); - }) ]; systemd.user.services."git-maintenance@".Service = lib.mkIf cfg.maintenance.enable { diff --git a/home/programs/nix.nix b/home/programs/nix.nix index c40f325..592b596 100644 --- a/home/programs/nix.nix +++ b/home/programs/nix.nix @@ -3,23 +3,14 @@ sops = { secrets = { "nix/access-tokens/github" = { sopsFile = ./../../secrets/common.yaml; }; - "nix/access-tokens/pvv-git" = { sopsFile = ./../../secrets/common.yaml; }; - - "nix/access-tokens/github-nordicsemi" = { sopsFile = ./../../secrets/common.yaml; }; - "nix/access-tokens/bitbucket-nordicsemi" = { sopsFile = ./../../secrets/common.yaml; }; }; templates."nix-access-tokens.conf".content = let inherit (config.sops) placeholder; tokens = { "github.com" = placeholder."nix/access-tokens/github"; - "git.pvv.ntnu.no" = placeholder."nix/access-tokens/pvv-git"; - - "bitbucket.nordicsemi.no" = placeholder."nix/access-tokens/bitbucket-nordicsemi"; - "github.com/NordicPlayground" = placeholder."nix/access-tokens/github-nordicsemi"; - "github.com/NordicSemiconductor" = placeholder."nix/access-tokens/github-nordicsemi"; }; in "access-tokens = ${lib.pipe tokens [ lib.attrsToList diff --git a/home/programs/ssh/other.nix b/home/programs/ssh/other.nix index 1550066..21d1fb5 100644 --- a/home/programs/ssh/other.nix +++ b/home/programs/ssh/other.nix @@ -11,17 +11,6 @@ hostname = "github.com"; identityFile = [ "~/.ssh/id_rsa" ]; }; - "github-nordicsemi" = { - user = "git"; - hostname = "github.com"; - identityFile = [ "~/.ssh/id_ed25519_nordicsemi" ]; - }; - "bitbucket-nordicsemi" = { - user = "git"; - hostname = "bitbucket.nordicsemi.no"; - port = 7999; - identityFile = [ "~/.ssh/id_ed25519_nordicsemi" ]; - }; "gitlab.stud.idi.ntnu.no" = { user = "git"; proxyJump = "pvv"; diff --git a/home/shell.nix b/home/shell.nix index ab42cc9..457925c 100644 --- a/home/shell.nix +++ b/home/shell.nix @@ -14,23 +14,6 @@ exe = if pkg.meta ? mainProgram then pkg.meta.mainProgram else name; in "${pkg}/bin/${exe}"; in { - sops.secrets."nordicsemi/envvars" = { - sopsFile = ../secrets/home.yaml; - }; - - - programs.bash.bashrcExtra = '' - source "${config.sops.secrets."nordicsemi/envvars".path}" - ''; - - programs.zsh.envExtra = '' - source "${config.sops.secrets."nordicsemi/envvars".path}" - ''; - - # programs.nushell.extraEnv = '' - # source "${config.sops.secrets."nordicsemi/envvars".path}" - # ''; - systemd.user.tmpfiles.settings."10-shell"."${config.xdg.configHome}/mutable_env.sh".f = { user = config.home.username; mode = "0700"; @@ -356,11 +339,6 @@ in { view-latex = "${pkgs.texlive.combined.scheme-full}/bin/latexmk -pdf -pvc main.tex"; reload-tmux = "${p "tmux"} source $HOME/.config/tmux/tmux.conf"; - - nordic-vpn = lib.concatStringsSep " | " [ - "${p "gpauth"} \"$NORDIC_VPN_ENDPOINT\" --gateway --browser default 2>/dev/null" - "sudo ${p "gpclient"} connect \"$NORDIC_VPN_ENDPOINT\" --as-gateway --cookie-on-stdin" - ]; }; # ░█▀▀░█▀▀░█▀█░█▀▀░█▀▄░█▀█░▀█▀░█▀▀░█▀▄ diff --git a/hosts/common/nix.nix b/hosts/common/nix.nix index 3007611..7bd1f1d 100644 --- a/hosts/common/nix.nix +++ b/hosts/common/nix.nix @@ -9,23 +9,14 @@ sops = { secrets = { "nix/access-tokens/github" = { sopsFile = ./../../secrets/common.yaml; }; - "nix/access-tokens/pvv-git" = { sopsFile = ./../../secrets/common.yaml; }; - - "nix/access-tokens/github-nordicsemi" = { sopsFile = ./../../secrets/common.yaml; }; - "nix/access-tokens/bitbucket-nordicsemi" = { sopsFile = ./../../secrets/common.yaml; }; }; templates."nix-access-tokens.conf".content = let inherit (config.sops) placeholder; tokens = { "github.com" = placeholder."nix/access-tokens/github"; - "git.pvv.ntnu.no" = placeholder."nix/access-tokens/pvv-git"; - - "bitbucket.nordicsemi.no" = placeholder."nix/access-tokens/bitbucket-nordicsemi"; - "github.com/NordicPlayground" = placeholder."nix/access-tokens/github-nordicsemi"; - "github.com/NordicSemiconductor" = placeholder."nix/access-tokens/github-nordicsemi"; }; in "access-tokens = ${lib.pipe tokens [ lib.attrsToList diff --git a/secrets/common.yaml b/secrets/common.yaml index 07db3b7..87d2ea5 100644 --- a/secrets/common.yaml +++ b/secrets/common.yaml @@ -2,8 +2,6 @@ nix: access-tokens: github: ENC[AES256_GCM,data:fqbHjfHcMshWluDCtBoG88n1cIc/+iV3PgKTmp65pQk7B7YdqBT+hiffCI1toYM3Szec2+8y+HRofjRfxPnAg8YfnR8uXj0J7eNes/Qh1q1dlH6om6nFhmT9Kh7s,iv:pgerwZoWl/mXEz86rqsouLPSU7x6pj2dQzp9PTriV8I=,tag:SQbh9d1C7tVrXubJBBE+Kg==,type:str] pvv-git: ENC[AES256_GCM,data:fp8utMv7PLrz8LkDvvG7GVY4SiDFOgX8YF1M/hpZyGj9H6pDDvtOTw==,iv:FJmw6Tq81IECxQaJZc9u5gxIWse3OvCF7x7dmJ+m4pg=,tag:hdrsJtFhaj5W5PYTUDRx+g==,type:str] - github-nordicsemi: ENC[AES256_GCM,data:tq3XWh2KwLfU3Xwoc3d90cZ34UrM//HyJdbdzJXJstldHE8jIp54Cg==,iv:L4OYYjfWvsQ8LrzE6KAwDmQTXY1gWmtvJrEIa+HEnyE=,tag:jrwtyoA6ORbATXP124OfRg==,type:str] - bitbucket-nordicsemi: ENC[AES256_GCM,data:WAJCMJtzuY2Nf2AbutmOu+lz9s337XNiEWjxG3Rdu42asom8hwv0sowA5aI=,iv:0j4DL1ICcl/6vSEh0mKNiYPo0e2PG2tOtWfDktBPZ5U=,tag:jWivhDFFXOic0YGrkMSppg==,type:str] wstunnel: http-upgrade-path-prefix: ENC[AES256_GCM,data:3WG+fu+XXFDgHuEEosWtZKMj51Ks1QIdgWRRsX6RVre8+0t7/4bICoVYtaMSWwMAjH03tt5i1Af1orlKT72gvQ==,iv:syXhMVHwWf9H+HHBhNDq1Y1df9t6VitqhPEqruTnBRA=,tag:1RNmL50z6v4X/cVxkAAvew==,type:str] ssh: @@ -83,8 +81,8 @@ sops: WHNjUGdPc1VKNDVoeGVLOUpRcW9JakEKxUfhyC9vhXMkkJwlrV1u9SuxThhmka0E tMbzyqHxFxT4cZScaIDxAl5P8W6mpqmpaN+l/RT+ozeS5FY6+iMVKA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-29T23:51:25Z" - mac: ENC[AES256_GCM,data:KN6zFO6xTL+EwUf0fXpZgqpl/EYMT1sIBJYvT6VNARGDjt5HdQD2lmr6jC59lrOLLrt3NhYDewlbgO0IRica4yqKc0nRVXCfhddP+6QlIjVsFPNHQFG4rZb3p6U2Nu3PwByL5oKKS5pfJZRKKLj7ivUm2Ts0U3Hwk5HbtHOPtVE=,iv:InFH8WCm5bFUjWcnmubr4iJk7kM7nnyJqVaK5dI3gy0=,tag:O0O9G0jV8FvStNXAPh4uxQ==,type:str] + lastmodified: "2025-08-22T12:18:16Z" + mac: ENC[AES256_GCM,data:ftu/nvuWiULRtddXYamM//nDJTeMTOSl23OPN5iHIuopsIcwlbYOkPLCeHve0LdaJ/0cQTY/oMN92QKnKaAtWgKo/Mankw4Lo896dODsG1c53oIUH5rYldtKs4ELQJ96L/lCHQPwvH2Z2jgl3utPfJJKs7a6BwNvrYq9AcI2FMg=,iv:5qz/4vainTlUjd2z3tXx+Y/uu3mc8EJZlFn4WhWbtcQ=,tag:CV6wryc4qxXstIQMbOHvVQ==,type:str] pgp: - created_at: "2025-04-02T10:09:05Z" enc: |- diff --git a/secrets/home.yaml b/secrets/home.yaml index 928498d..78decfe 100644 --- a/secrets/home.yaml +++ b/secrets/home.yaml @@ -1,14 +1,6 @@ -git: - nordicsemi-config: ENC[AES256_GCM,data:ziuM41RTsxkiutxjj8Pl5YuoETkxQNWEbGKd2Y99E0kTV9fL67g+YeGjeVFXErraeB/+jBVpjitK3lSHxlpxZLWckZ0G6A7NAFNagY9cORCFlLb+egyKb44xu8vBt4V5eA==,iv:yG06oluENc038cm5A9tpmSQtaGjd6nYDi/FnBd3A8Rk=,tag:ky6bCsYLOZmWObHnJ816Zw==,type:str] -nordicsemi: - envvars: ENC[AES256_GCM,data:6vx077unPWt6WRy0oZKC3qpVA8BKigYDdhsZ2rmLYFtzW//01CrRgXX420UB,iv:e2hJuRj4A8ZBGG0j2YINdvM3IXzpCnJK0Sm5AXhOTZM=,tag:9SdpNIFSiLhI073dk3cC5g==,type:str] ssh: secret-config: "" sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age10f4a5acpar8vwz3v298r3nv7gggfpmyh4wxpkc2hwq9paq0scf8qee8lau enc: | @@ -28,8 +20,8 @@ sops: UDBQRkFtTzYveU9Cc3dYVjQyMVJQUjgKu2zXnw1OCUPW/4/colAqdzU4TUAHZqFd s4n79dNnTxp4AnhN3UWpN6kUWIOkezVqXPFAz+bQcglZOm6gmBEJow== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-04-28T08:30:45Z" - mac: ENC[AES256_GCM,data:jPjNTuXKuONVKbMeb2/DtklT6OxORn0UdjWYTmcryn1qaAaTHD+gr2sPSWNRlZe3o3tugTCOlpeAbTDnyQmy60zzXJV/PGLWdW5XcnECkt7Eutop/25sPuVAkrJcCY8hRkqUv0Jk7HOAukHKJr8EIU4Op2nYjvIlyULgCmYAZ5o=,iv:x/MHOazISB0T15vpiClpLgVPMPfpevRo9fMwurQXVI8=,tag:6i8wAN1SKGWfTesPblhaFQ==,type:str] + lastmodified: "2025-08-22T12:18:45Z" + mac: ENC[AES256_GCM,data:HFfFeeGFDo2XryyTbyqUXG9rUZhGgmWggByDHnQLghrg6NHyP3ZX/Y1vE30qNJTtXLdYvUK336xi9AFlLXjwrWx0+ggmaxPOYz/698NgNh4jUIrNhVmCw6kGBeEbyNJacNZdUMiY0jbK6r5+Xu5HI3hLoxR5Ft1PzRwZCQ2ypXY=,iv:MY3lwcV4vNC+fDSnzzabxY4jpcdBzXIPwjdOrh62jzc=,tag:v/of31Bul7CiANiAF4oHLg==,type:str] pgp: - created_at: "2025-04-02T10:09:10Z" enc: |- @@ -52,4 +44,4 @@ sops: -----END PGP MESSAGE----- fp: F7D37890228A907440E1FD4846B9228E814A2AAC unencrypted_suffix: _unencrypted - version: 3.9.4 + version: 3.10.2