oysteikt/nix-dotfiles
1
1
Fork 0
Code Issues 138 Pull Requests Activity

treewide: get rid of nordic related config

Browse Source
This commit is contained in:
Oystein Kristoffer Tveit
2025-08-22 14:20:47 +02:00
parent 26a8de0e9a
commit 57b1390e45
7 changed files with 5 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
home/programs/git/default.nix
View File

@@ -14,9 +14,6 @@ let
]; ];
in in
lib.mkIf cfg.enable { lib.mkIf cfg.enable {
# TODO: convert to template once nix-sops supports it in hm module
sops.secrets."git/nordicsemi-config" = { };
programs.git = lib.mkMerge [ programs.git = lib.mkMerge [
{ {
package = pkgs.gitFull; package = pkgs.gitFull;
@@ -294,42 +291,6 @@ lib.mkIf cfg.enable {
}; };
}) (lib.flatten (lib.attrValues prefixes-per-org)); }) (lib.flatten (lib.attrValues prefixes-per-org));
}) })
(let
bitbucket-uri-prefixes = [
# Preferred
"bitbucket-nordicsemi:"
# Alternative
"ssh://git@bitbucket.nordicsemi.no:7999"
"https://projecttools.nordicsemi.no/bitbucket/scm"
];
prefixes-per-org = let
organizations = [
"NordicSemiconductor"
"NordicPlayground"
"nrfconnect"
"oysteintveit-nordicsemi"
];
in lib.genAttrs organizations (org: map (uri-prefix: "${uri-prefix}${org}") (github-uri-prefixes ++ [ "github-nordicsemi:" ]));
in {
extraConfig = lib.mergeAttrs
{
"url \"${lib.head bitbucket-uri-prefixes}\"".insteadOf = lib.tail bitbucket-uri-prefixes;
}
(lib.mapAttrs' (org: uri-prefixes: {
name = "url \"github-nordicsemi:${org}\"";
value.insteadOf = uri-prefixes;
}) prefixes-per-org)
;
includes = map (x: {
contentSuffix = "nordicsemi.gitconfig";
condition = "hasconfig:remote.*.url:${x}/**";
path = config.sops.secrets."git/nordicsemi-config".path;
}) (bitbucket-uri-prefixes ++ (lib.flatten (lib.attrValues prefixes-per-org)));
})
]; ];
systemd.user.services."git-maintenance@".Service = lib.mkIf cfg.maintenance.enable { systemd.user.services."git-maintenance@".Service = lib.mkIf cfg.maintenance.enable {

9
home/programs/nix.nix
View File

@@ -3,23 +3,14 @@
sops = { sops = {
secrets = { secrets = {
"nix/access-tokens/github" = { sopsFile = ./../../secrets/common.yaml; }; "nix/access-tokens/github" = { sopsFile = ./../../secrets/common.yaml; };
"nix/access-tokens/pvv-git" = { sopsFile = ./../../secrets/common.yaml; }; "nix/access-tokens/pvv-git" = { sopsFile = ./../../secrets/common.yaml; };
"nix/access-tokens/github-nordicsemi" = { sopsFile = ./../../secrets/common.yaml; };
"nix/access-tokens/bitbucket-nordicsemi" = { sopsFile = ./../../secrets/common.yaml; };
}; };
templates."nix-access-tokens.conf".content = let templates."nix-access-tokens.conf".content = let
inherit (config.sops) placeholder; inherit (config.sops) placeholder;
tokens = { tokens = {
"github.com" = placeholder."nix/access-tokens/github"; "github.com" = placeholder."nix/access-tokens/github";
"git.pvv.ntnu.no" = placeholder."nix/access-tokens/pvv-git"; "git.pvv.ntnu.no" = placeholder."nix/access-tokens/pvv-git";
"bitbucket.nordicsemi.no" = placeholder."nix/access-tokens/bitbucket-nordicsemi";
"github.com/NordicPlayground" = placeholder."nix/access-tokens/github-nordicsemi";
"github.com/NordicSemiconductor" = placeholder."nix/access-tokens/github-nordicsemi";
}; };
in "access-tokens = ${lib.pipe tokens [ in "access-tokens = ${lib.pipe tokens [
lib.attrsToList lib.attrsToList

11
home/programs/ssh/other.nix
View File

@@ -11,17 +11,6 @@
hostname = "github.com"; hostname = "github.com";
identityFile = [ "~/.ssh/id_rsa" ]; identityFile = [ "~/.ssh/id_rsa" ];
}; };
"github-nordicsemi" = {
user = "git";
hostname = "github.com";
identityFile = [ "~/.ssh/id_ed25519_nordicsemi" ];
};
"bitbucket-nordicsemi" = {
user = "git";
hostname = "bitbucket.nordicsemi.no";
port = 7999;
identityFile = [ "~/.ssh/id_ed25519_nordicsemi" ];
};
"gitlab.stud.idi.ntnu.no" = { "gitlab.stud.idi.ntnu.no" = {
user = "git"; user = "git";
proxyJump = "pvv"; proxyJump = "pvv";

22
home/shell.nix
View File

@@ -14,23 +14,6 @@
exe = if pkg.meta ? mainProgram then pkg.meta.mainProgram else name; exe = if pkg.meta ? mainProgram then pkg.meta.mainProgram else name;
in "${pkg}/bin/${exe}"; in "${pkg}/bin/${exe}";
in { in {
sops.secrets."nordicsemi/envvars" = {
sopsFile = ../secrets/home.yaml;
};
programs.bash.bashrcExtra = ''
source "${config.sops.secrets."nordicsemi/envvars".path}"
'';
programs.zsh.envExtra = ''
source "${config.sops.secrets."nordicsemi/envvars".path}"
'';
# programs.nushell.extraEnv = ''
# source "${config.sops.secrets."nordicsemi/envvars".path}"
# '';
systemd.user.tmpfiles.settings."10-shell"."${config.xdg.configHome}/mutable_env.sh".f = { systemd.user.tmpfiles.settings."10-shell"."${config.xdg.configHome}/mutable_env.sh".f = {
user = config.home.username; user = config.home.username;
mode = "0700"; mode = "0700";
@@ -356,11 +339,6 @@ in {
view-latex = "${pkgs.texlive.combined.scheme-full}/bin/latexmk -pdf -pvc main.tex"; view-latex = "${pkgs.texlive.combined.scheme-full}/bin/latexmk -pdf -pvc main.tex";
reload-tmux = "${p "tmux"} source $HOME/.config/tmux/tmux.conf"; reload-tmux = "${p "tmux"} source $HOME/.config/tmux/tmux.conf";
nordic-vpn = lib.concatStringsSep " | " [
"${p "gpauth"} \"$NORDIC_VPN_ENDPOINT\" --gateway --browser default 2>/dev/null"
"sudo ${p "gpclient"} connect \"$NORDIC_VPN_ENDPOINT\" --as-gateway --cookie-on-stdin"
];
}; };
# ░█▀▀░█▀▀░█▀█░█▀▀░█▀▄░█▀█░▀█▀░█▀▀░█▀▄ # ░█▀▀░█▀▀░█▀█░█▀▀░█▀▄░█▀█░▀█▀░█▀▀░█▀▄

9
hosts/common/nix.nix
View File

@@ -9,23 +9,14 @@
sops = { sops = {
secrets = { secrets = {
"nix/access-tokens/github" = { sopsFile = ./../../secrets/common.yaml; }; "nix/access-tokens/github" = { sopsFile = ./../../secrets/common.yaml; };
"nix/access-tokens/pvv-git" = { sopsFile = ./../../secrets/common.yaml; }; "nix/access-tokens/pvv-git" = { sopsFile = ./../../secrets/common.yaml; };
"nix/access-tokens/github-nordicsemi" = { sopsFile = ./../../secrets/common.yaml; };
"nix/access-tokens/bitbucket-nordicsemi" = { sopsFile = ./../../secrets/common.yaml; };
}; };
templates."nix-access-tokens.conf".content = let templates."nix-access-tokens.conf".content = let
inherit (config.sops) placeholder; inherit (config.sops) placeholder;
tokens = { tokens = {
"github.com" = placeholder."nix/access-tokens/github"; "github.com" = placeholder."nix/access-tokens/github";
"git.pvv.ntnu.no" = placeholder."nix/access-tokens/pvv-git"; "git.pvv.ntnu.no" = placeholder."nix/access-tokens/pvv-git";
"bitbucket.nordicsemi.no" = placeholder."nix/access-tokens/bitbucket-nordicsemi";
"github.com/NordicPlayground" = placeholder."nix/access-tokens/github-nordicsemi";
"github.com/NordicSemiconductor" = placeholder."nix/access-tokens/github-nordicsemi";
}; };
in "access-tokens = ${lib.pipe tokens [ in "access-tokens = ${lib.pipe tokens [
lib.attrsToList lib.attrsToList

6
secrets/common.yaml
View File

@@ -2,8 +2,6 @@ nix:
access-tokens: access-tokens:
github: ENC[AES256_GCM,data:fqbHjfHcMshWluDCtBoG88n1cIc/+iV3PgKTmp65pQk7B7YdqBT+hiffCI1toYM3Szec2+8y+HRofjRfxPnAg8YfnR8uXj0J7eNes/Qh1q1dlH6om6nFhmT9Kh7s,iv:pgerwZoWl/mXEz86rqsouLPSU7x6pj2dQzp9PTriV8I=,tag:SQbh9d1C7tVrXubJBBE+Kg==,type:str] github: ENC[AES256_GCM,data:fqbHjfHcMshWluDCtBoG88n1cIc/+iV3PgKTmp65pQk7B7YdqBT+hiffCI1toYM3Szec2+8y+HRofjRfxPnAg8YfnR8uXj0J7eNes/Qh1q1dlH6om6nFhmT9Kh7s,iv:pgerwZoWl/mXEz86rqsouLPSU7x6pj2dQzp9PTriV8I=,tag:SQbh9d1C7tVrXubJBBE+Kg==,type:str]
pvv-git: ENC[AES256_GCM,data:fp8utMv7PLrz8LkDvvG7GVY4SiDFOgX8YF1M/hpZyGj9H6pDDvtOTw==,iv:FJmw6Tq81IECxQaJZc9u5gxIWse3OvCF7x7dmJ+m4pg=,tag:hdrsJtFhaj5W5PYTUDRx+g==,type:str] pvv-git: ENC[AES256_GCM,data:fp8utMv7PLrz8LkDvvG7GVY4SiDFOgX8YF1M/hpZyGj9H6pDDvtOTw==,iv:FJmw6Tq81IECxQaJZc9u5gxIWse3OvCF7x7dmJ+m4pg=,tag:hdrsJtFhaj5W5PYTUDRx+g==,type:str]
github-nordicsemi: ENC[AES256_GCM,data:tq3XWh2KwLfU3Xwoc3d90cZ34UrM//HyJdbdzJXJstldHE8jIp54Cg==,iv:L4OYYjfWvsQ8LrzE6KAwDmQTXY1gWmtvJrEIa+HEnyE=,tag:jrwtyoA6ORbATXP124OfRg==,type:str]
bitbucket-nordicsemi: ENC[AES256_GCM,data:WAJCMJtzuY2Nf2AbutmOu+lz9s337XNiEWjxG3Rdu42asom8hwv0sowA5aI=,iv:0j4DL1ICcl/6vSEh0mKNiYPo0e2PG2tOtWfDktBPZ5U=,tag:jWivhDFFXOic0YGrkMSppg==,type:str]
wstunnel: wstunnel:
http-upgrade-path-prefix: ENC[AES256_GCM,data:3WG+fu+XXFDgHuEEosWtZKMj51Ks1QIdgWRRsX6RVre8+0t7/4bICoVYtaMSWwMAjH03tt5i1Af1orlKT72gvQ==,iv:syXhMVHwWf9H+HHBhNDq1Y1df9t6VitqhPEqruTnBRA=,tag:1RNmL50z6v4X/cVxkAAvew==,type:str] http-upgrade-path-prefix: ENC[AES256_GCM,data:3WG+fu+XXFDgHuEEosWtZKMj51Ks1QIdgWRRsX6RVre8+0t7/4bICoVYtaMSWwMAjH03tt5i1Af1orlKT72gvQ==,iv:syXhMVHwWf9H+HHBhNDq1Y1df9t6VitqhPEqruTnBRA=,tag:1RNmL50z6v4X/cVxkAAvew==,type:str]
ssh: ssh:
@@ -83,8 +81,8 @@ sops:
WHNjUGdPc1VKNDVoeGVLOUpRcW9JakEKxUfhyC9vhXMkkJwlrV1u9SuxThhmka0E WHNjUGdPc1VKNDVoeGVLOUpRcW9JakEKxUfhyC9vhXMkkJwlrV1u9SuxThhmka0E
tMbzyqHxFxT4cZScaIDxAl5P8W6mpqmpaN+l/RT+ozeS5FY6+iMVKA== tMbzyqHxFxT4cZScaIDxAl5P8W6mpqmpaN+l/RT+ozeS5FY6+iMVKA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-29T23:51:25Z" lastmodified: "2025-08-22T12:18:16Z"
mac: ENC[AES256_GCM,data:KN6zFO6xTL+EwUf0fXpZgqpl/EYMT1sIBJYvT6VNARGDjt5HdQD2lmr6jC59lrOLLrt3NhYDewlbgO0IRica4yqKc0nRVXCfhddP+6QlIjVsFPNHQFG4rZb3p6U2Nu3PwByL5oKKS5pfJZRKKLj7ivUm2Ts0U3Hwk5HbtHOPtVE=,iv:InFH8WCm5bFUjWcnmubr4iJk7kM7nnyJqVaK5dI3gy0=,tag:O0O9G0jV8FvStNXAPh4uxQ==,type:str] mac: ENC[AES256_GCM,data:ftu/nvuWiULRtddXYamM//nDJTeMTOSl23OPN5iHIuopsIcwlbYOkPLCeHve0LdaJ/0cQTY/oMN92QKnKaAtWgKo/Mankw4Lo896dODsG1c53oIUH5rYldtKs4ELQJ96L/lCHQPwvH2Z2jgl3utPfJJKs7a6BwNvrYq9AcI2FMg=,iv:5qz/4vainTlUjd2z3tXx+Y/uu3mc8EJZlFn4WhWbtcQ=,tag:CV6wryc4qxXstIQMbOHvVQ==,type:str]
pgp: pgp:
- created_at: "2025-04-02T10:09:05Z" - created_at: "2025-04-02T10:09:05Z"
enc: |- enc: |-

14
secrets/home.yaml
View File

@@ -1,14 +1,6 @@
git:
nordicsemi-config: ENC[AES256_GCM,data:ziuM41RTsxkiutxjj8Pl5YuoETkxQNWEbGKd2Y99E0kTV9fL67g+YeGjeVFXErraeB/+jBVpjitK3lSHxlpxZLWckZ0G6A7NAFNagY9cORCFlLb+egyKb44xu8vBt4V5eA==,iv:yG06oluENc038cm5A9tpmSQtaGjd6nYDi/FnBd3A8Rk=,tag:ky6bCsYLOZmWObHnJ816Zw==,type:str]
nordicsemi:
envvars: ENC[AES256_GCM,data:6vx077unPWt6WRy0oZKC3qpVA8BKigYDdhsZ2rmLYFtzW//01CrRgXX420UB,iv:e2hJuRj4A8ZBGG0j2YINdvM3IXzpCnJK0Sm5AXhOTZM=,tag:9SdpNIFSiLhI073dk3cC5g==,type:str]
ssh: ssh:
secret-config: "" secret-config: ""
sops: sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: age:
- recipient: age10f4a5acpar8vwz3v298r3nv7gggfpmyh4wxpkc2hwq9paq0scf8qee8lau - recipient: age10f4a5acpar8vwz3v298r3nv7gggfpmyh4wxpkc2hwq9paq0scf8qee8lau
enc: | enc: |
@@ -28,8 +20,8 @@ sops:
UDBQRkFtTzYveU9Cc3dYVjQyMVJQUjgKu2zXnw1OCUPW/4/colAqdzU4TUAHZqFd UDBQRkFtTzYveU9Cc3dYVjQyMVJQUjgKu2zXnw1OCUPW/4/colAqdzU4TUAHZqFd
s4n79dNnTxp4AnhN3UWpN6kUWIOkezVqXPFAz+bQcglZOm6gmBEJow== s4n79dNnTxp4AnhN3UWpN6kUWIOkezVqXPFAz+bQcglZOm6gmBEJow==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-28T08:30:45Z" lastmodified: "2025-08-22T12:18:45Z"
mac: ENC[AES256_GCM,data:jPjNTuXKuONVKbMeb2/DtklT6OxORn0UdjWYTmcryn1qaAaTHD+gr2sPSWNRlZe3o3tugTCOlpeAbTDnyQmy60zzXJV/PGLWdW5XcnECkt7Eutop/25sPuVAkrJcCY8hRkqUv0Jk7HOAukHKJr8EIU4Op2nYjvIlyULgCmYAZ5o=,iv:x/MHOazISB0T15vpiClpLgVPMPfpevRo9fMwurQXVI8=,tag:6i8wAN1SKGWfTesPblhaFQ==,type:str] mac: ENC[AES256_GCM,data:HFfFeeGFDo2XryyTbyqUXG9rUZhGgmWggByDHnQLghrg6NHyP3ZX/Y1vE30qNJTtXLdYvUK336xi9AFlLXjwrWx0+ggmaxPOYz/698NgNh4jUIrNhVmCw6kGBeEbyNJacNZdUMiY0jbK6r5+Xu5HI3hLoxR5Ft1PzRwZCQ2ypXY=,iv:MY3lwcV4vNC+fDSnzzabxY4jpcdBzXIPwjdOrh62jzc=,tag:v/of31Bul7CiANiAF4oHLg==,type:str]
pgp: pgp:
- created_at: "2025-04-02T10:09:10Z" - created_at: "2025-04-02T10:09:10Z"
enc: |- enc: |-
@@ -52,4 +44,4 @@ sops:
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: F7D37890228A907440E1FD4846B9228E814A2AAC fp: F7D37890228A907440E1FD4846B9228E814A2AAC
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.4 version: 3.10.2