diff --git a/.config/1Password/ssh/agent.toml b/.config/1Password/ssh/agent.toml new file mode 100644 index 0000000..92a8bd9 --- /dev/null +++ b/.config/1Password/ssh/agent.toml @@ -0,0 +1,53 @@ +# SPDX-License-Identifier: MPL-2.0 +# This is the 1Password SSH agent config file, which allows you to customize the +# behavior of the SSH agent running on this machine. +# +# You can use it to: +# * Enable keys from other vaults than the Private vault +# * Control the order in which keys are offered to SSH servers +# +# EXAMPLE +# +# By default, all keys in your Private vault(s) are enabled: +# +# [[ssh-keys]] +# vault = "Private" +# +# You can enable more keys by adding more `[[ssh-keys]]` entries. +# For example, to first enable item "My SSH Key" from "My Custom Vault": +# +# [[ssh-keys]] +# item = "My SSH Key" +# vault = "My Custom Vault" +# +# [[ssh-keys]] +# vault = "Private" +# +# You can test the result by running: +# +# SSH_AUTH_SOCK=~/.1password/agent.sock ssh-add -l +# +# More examples can be found here: +# https://developer.1password.com/docs/ssh/agent/config + +# main key since 2022 +[[ssh-keys]] +vault = "Personal" +item = "ztyawq2e2iajh2h76ls2rls7aq" +account = "Andrei Jiroh Halili" +# launchpad.net and others that don't support Ed25519 yet +[[ssh-keys]] +vault = "Personal" +item = "juivb4nx4uuftbhopukninhni4" +account = "Andrei Jiroh Halili" +# releases +[[ssh-keys]] +vault = "CI/CD Automation Toolkit" +item = "hfkcoqzbpa3gjb2utvi5rpvc5y" +account = "Andrei Jiroh Halili" + +# RecapTime.dev +[[ssh-keys]] +vault = "Employee" +item = "wklfmur3fegpajjhrx4acwcscm" +account = "https://recaptime-dev.1password.com" diff --git a/.ssh/config b/.ssh/config new file mode 100644 index 0000000..c122c5f --- /dev/null +++ b/.ssh/config @@ -0,0 +1,33 @@ +# This is my SSH client configuration I use for both Nix-based and non-Nix +# systems, mainly because I am not yet ready to codify them into home-manager +# at the moment. Note that we might need to hack around the 1Password CLI +# for headless setups like tildes and agent forwards. + +# load 1Password-specifics here +Include ~/.ssh/1Password/config + +# tildeverse +Host nest + Hostname hackclub.app + User ajhalili2006 + IdentityAgent ~/.1password/agent.sock +Host psf + Hostname p.psf.lt + User ajhalili2006 + IdentityAgent ~/.1password/agent.sock +Host ctrl-c + Hostname ctrl-c.clib + User ajhalili2006 + IdentityAgent ~/.1password/agent.sock +Host hashbang + Hostname de1.hashbang.sh + User ajhalili2006 + +# TODO: Add machines on the tailnet later +# Recap Time Squad specifics +Host stellapent + Hostname stellapent-cier.fawn-cod.ts.net +# Our own proxyparty instance on virtnet.bond :) +Host proxyparty + # Will set this up later + Hostname proxypartylab.tuna-skate.ts.net \ No newline at end of file diff --git a/README.md b/README.md index ddc0e95..2af4997 100644 --- a/README.md +++ b/README.md @@ -7,11 +7,9 @@ as seperate branches for prosperity.) ## Usage -### Using my Nixpkgs config +### Plain dotfiles -Make sure Git is installed in your NixOS/nixpkgs setup (via `/etc/nixos/configuration.nix` or -the usual `nix-env -iA nixpkgs.gitFull` or `nix profile install nixpkgs#gitFull` if using -Flakes) for the setup to work. +Make sure Git is installed in your non NixOS/nixpkgs setup for the setup to work. ```bash cd ~ @@ -20,12 +18,46 @@ git remote add origin https://mau.dev/andreijiroh-dev/dotfiles git checkout -f main ``` +If you prefer to cook up with yadm: + +```bash +yadm clone https://github.com/andreijiroh-dev/dotfiles +ln -s ./.local/share/yadm/TBD ./.git # so that we can normally use git here +``` + +### Using nix flakes + home-manager + +```bash +# A quick home-manager switch should do the trick +nix run home-manager/master -- switch --flake github:andreijiroh-dev/nixops-config + +# otherwise a quick copy paste configs should fix 'em if you use a different username +# (not different home directory yet!) +``` + +#### Updating `authorized_keys` with Nix + +1. Update [`shared/ssh-keys.nix`][ssh-keys] and `users.users..openssh.authorizedKeys.keys` +2. Run `nixos-rebuild switch` to regenerate `/etc/ssh/authorized_keys.d/`. +3. Copy that file back to `.ssh/authorized_keys`. Commit changes and push. +4. On the affected machines, just `git pull` away. + +### Using 1Password SSH Agent integration + +> [!WARNING] +> 1Password Desktop app must be installed and enabled `Use SSH Agent` in +> **Settings** -> **Developer** -> **SSH Agent** after signing in. + +Note that this should work on most desktop apps, although if you're in Nest (and friends +with RDP access), connect to there first and authenicate. You may need to adjust security +settings in the desktop app to ensure nothing go wrong. + ## Directory + File Map ### Essientials * [`.config/nixos`](./.config/nixos/) - my NixOS configuration as a flake, including system tools, -usually in sync +usually in sync (TODO: Swap into Git module of soon) * [`.config/home-manager`](./.config/home-manager/) - Home-manager configs, mostly CLI and desktop apps go here * [`bin`](./bin) - Shell scripts! (because Nix looks like Haskell to me) @@ -36,6 +68,10 @@ usually in sync * [`@recaptime-dev/infra`][rtdev-infra] - @recaptime-dev's infra configurations and home for our Infra Issue Tracker * [`@recaptime-dev/infra-internals`][rtdev-infra-internals] - @recaptime-dev's infra configs for Portainer (the public repo version only have `stack.env` files removed via `git-filter-repo`) +## License + +MPL-2.0 + [nixops-config]: https://github.com/andreijiroh-dev/nixops-config [infraops]: https://github.com/andreijiroh-dev/infraops [rtdev-infra]: https://github.com/recaptime-dev/infra diff --git a/meta-info.toml b/meta-info.toml new file mode 100644 index 0000000..69202a2 --- /dev/null +++ b/meta-info.toml @@ -0,0 +1,9 @@ +# Mainly used by p.psf.lt for profile metadata. +fullname = "Andrei Jiroh Halili" +#gemini = "gemini.andreijiroh.xyz" +website = "https://andreijiroh.dev" +description = "Building OSS at RecapTime.dev, also Autistic Filipino and Hack Clubber" +email = "ajhalili2006@andreijiroh.dev" +matrix = "@ajhalili2006:andreijiroh.dev" +fediverse = "tilde.zone/@ajhalili2006" +location = "Marilao, Bulacan, Philippines" \ No newline at end of file