Enable git signing commits and ssh-agent service (#264)

1. [x] Manage git with home-manager 2. [x] Enable ssh commit sign with *.pub by #263 3. [x] Resolves #265 May relate to #262 in future --------- Signed-off-by: Kenichi Kamiya <[email protected]>
kachick · Aug 10, 2023 · 325ca40 · 325ca40
1 parent 01f9c1d
commit 325ca40
Show file tree

Hide file tree

Showing 14 changed files with 189 additions and 51 deletions.
diff --git a/.github/workflows/ci-go.yml b/.github/workflows/ci-go.yml
@@ -21,7 +21,13 @@ on:
 
 jobs:
   test:
-    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        os:
+          - ubuntu-latest
+          - macos-13
+    runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@v3
       - name: Set up Go

diff --git a/.github/workflows/ci-home.yml b/.github/workflows/ci-home.yml
@@ -27,7 +27,7 @@ jobs:
           - ubuntu-22.04
           - macos-13
         home-manager-channel-ref:
-          - 729ab77f9e998e0989fa30140ecc91e738bc0cb1 # Pinned for current use
+          - a8f8f48320c64bd4e3a266a850bbfde2c6fe3a04 # Pinned for current use
           - master # unstable nixpkgs
 
     runs-on: ${{ matrix.os }}
@@ -36,7 +36,7 @@ jobs:
       - uses: DeterminateSystems/magic-nix-cache-action@v2
       - name: Register Nix Channels
         run: |
-          nix-channel --add https://releases.nixos.org/nixpkgs/nixpkgs-23.11pre509044.3acb5c4264c4/nixexprs.tar.xz nixpkgs
+          nix-channel --add https://releases.nixos.org/nixpkgs/nixpkgs-23.11pre511546.844ffa82bbe2/nixexprs.tar.xz nixpkgs
           nix-channel --add https://github.com/nix-community/home-manager/archive/${{ matrix.home-manager-channel-ref }}.tar.gz home-manager
           nix-channel --update
           nix-channel --list

diff --git a/.github/workflows/ci-nix.yml b/.github/workflows/ci-nix.yml
@@ -21,7 +21,13 @@ on:
 
 jobs:
   tasks:
-    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        os:
+          - ubuntu-latest
+          - macos-13
+    runs-on: ${{ matrix.os }}
     timeout-minutes: 30
     steps:
       - uses: actions/checkout@v3

diff --git a/cmd/enable_nix_login_shells/main.go b/cmd/enable_nix_login_shells/main.go
@@ -48,8 +48,7 @@ func main() {
 			log.Fatalf("failed - could you correctly run this with sudo? - %v\n", err)
 		}
 
-		fmt.Printf(`
-Done! Set one of your favorite shell as follows
+		fmt.Printf(`Done! Set one of your favorite shell as follows
 
 chsh -s %s "$(whoami)"
 `, examplePath)

diff --git a/cmd/enable_wsl_systemd/main.go b/cmd/enable_wsl_systemd/main.go
@@ -0,0 +1,70 @@
+package main
+
+import (
+	"fmt"
+	"log"
+	"os"
+	"strings"
+
+	"golang.org/x/sys/unix"
+)
+
+// Exists for remember https://github.com/kachick/dotfiles/pull/264#discussion_r1289600371
+
+// This script requires sudo execution
+
+func main() {
+	// wsl.exe returns non English even in called on the VM https://github.com/microsoft/WSL/issues/9242
+	// And always having non ASCII, annoy to depend with the output :<
+	uname := unix.Utsname{}
+	err := unix.Uname(&uname)
+	if err != nil {
+		log.Fatalf("cannot get uname: %+v\n", err)
+	}
+	unameStr := ""
+	// So here, using uname, as I understand it is same as `uname -r`
+	for _, i8 := range uname.Release {
+		unameStr += string(rune(int(i8)))
+	}
+	if !strings.Contains(unameStr, "microsoft-standard-WSL2") {
+		log.Fatalf("Looks executed on non WSL systems: %s", unameStr)
+	}
+
+	const path = "/etc/wsl.conf"
+
+	const systemdEnablingEntry = `[boot]
+systemd=true`
+
+	wslConfigBytes, err := os.ReadFile(path)
+	if err != nil && !os.IsNotExist(err) {
+		log.Fatalf("%v\n", err)
+	}
+
+	wslConfig := ""
+
+	if wslConfigBytes != nil {
+		wslConfig = string(wslConfigBytes) + "\n"
+	}
+
+	if strings.Contains(wslConfig, "systemd") {
+		log.Fatalf("Looks areleady exists the systemd config")
+	}
+
+	dirty := strings.Clone(wslConfig)
+
+	dirty += fmt.Sprintln(systemdEnablingEntry)
+
+	if dirty != wslConfig {
+		err = os.WriteFile(path, []byte(dirty), os.ModePerm)
+		if err != nil {
+			log.Fatalf("failed - could you correctly run this with sudo? - %v\n", err)
+		}
+
+		fmt.Printf(`Done! Restart wsl.exe as follows in your Windows PowerShell
+
+wsl.exe --shutdown
+
+See https://learn.microsoft.com/ja-jp/windows/wsl/systemd for further detail
+`)
+	}
+}
diff --git a/flake.nix b/flake.nix
@@ -14,7 +14,7 @@
       let
         pkgs = nixpkgs.legacyPackages.${system};
       in
-      {
+      rec {
         devShells.default = with pkgs;
           mkShell {
             buildInputs = [
@@ -36,6 +36,23 @@
               jq
             ];
           };
+
+        # https://gist.github.com/Scoder12/0538252ed4b82d65e59115075369d34d?permalink_comment_id=4650816#gistcomment-4650816
+        packages.json2nix = pkgs.writeScriptBin "json2nix" ''
+          ${pkgs.python3}/bin/python ${pkgs.fetchurl {
+            url = "https://gist.githubusercontent.com/Scoder12/0538252ed4b82d65e59115075369d34d/raw/e86d1d64d1373a497118beb1259dab149cea951d/json2nix.py";
+            hash = "sha256-ROUIrOrY9Mp1F3m+bVaT+m8ASh2Bgz8VrPyyrQf9UNQ=";
+          }} $@
+        '';
+
+        apps = {
+          # nix run .#json2nix
+          json2nix = {
+            type = "app";
+            program = "${packages.json2nix}/bin/json2nix";
+          };
+        };
       }
     );
 }
+
diff --git a/go.mod b/go.mod
@@ -2,4 +2,7 @@ module github.com/kachick/dotfiles
 
 go 1.20
 
-require golang.org/x/exp v0.0.0-20230801115018-d63ba01acd4b
+require (
+	golang.org/x/exp v0.0.0-20230801115018-d63ba01acd4b
+	golang.org/x/sys v0.11.0
+)
diff --git a/go.sum b/go.sum
@@ -1,2 +1,4 @@
 golang.org/x/exp v0.0.0-20230801115018-d63ba01acd4b h1:r+vk0EmXNmekl0S0BascoeeoHk/L7wmaW2QF90K+kYI=
 golang.org/x/exp v0.0.0-20230801115018-d63ba01acd4b/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc=
+golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM=
+golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
diff --git a/home-manager/git.nix b/home-manager/git.nix
@@ -1,9 +1,71 @@
-{ ... }:
+{ config, pkgs, ... }:
 
-# https://github.com/nix-community/home-manager/blob/master/modules/programs/lazygit.nix
 {
-  xdg.configFile."git/config".source = ../home/.config/git/config;
+  # https://github.com/nix-community/home-manager/blob/master/modules/programs/git.nix
+  # xdg will be used in home-manager: https://github.com/nix-community/home-manager/blob/7b8d43fbaf8450c30caaed5eab876897d0af891b/modules/programs/git.nix#L417-L418
+  programs.git = {
+    enable = true;
+
+    userEmail = "[email protected]";
+    userName = "Kenichi Kamiya";
+
+    aliases = {
+      fixup = "commit --all --amend";
+      empty = "commit --allow-empty -m 'Add an empty commit'";
+      current = "symbolic-ref --short HEAD";
+      switch-default = "!git checkout main 2>/dev/null || git checkout master 2>/dev/null";
+      upstream = "!git remote | grep -E '^upstream$'|| git remote | grep -E '^origin$'";
+      duster = "remote update origin --prune";
+      refresh = "!git switch-default && git pull \"$(git upstream)\" \"$(git current)\"";
+      all = "!git refresh && gh poi";
+      gui = "!lazygit";
+    };
+
+    extraConfig = {
+      user = {
+        # https://stackoverflow.com/questions/48065535/should-i-keep-gitconfigs-signingkey-private
+        # TODO: Share code to get the path with ./ssh.nix
+        signingkey = "${config.home.homeDirectory}/.ssh/id_ed25519.pub";
+      };
+
+      core = {
+        editor = "vim";
+        quotepath = false;
+      };
+
+      gpg = {
+        format = "ssh";
+      };
+
+      commit = {
+        # https://stackoverflow.com/questions/10161198/is-there-a-way-to-autosign-commits-in-git-with-a-gpg-key
+        gpgsign = true;
+      };
+
+      init = {
+        defaultBranch = "main";
+      };
+
+      color = {
+        ui = true;
+      };
+
+      grep = {
+        lineNumber = true;
+      };
+
+      pull = {
+        ff = "only";
+      };
+
+      credential = {
+        "https://github.com".helper = "!${pkgs.gh}/bin/gh auth git-credential";
+        "https://gist.github.com".helper = "!${pkgs.gh}/bin/gh auth git-credential";
+      };
+    };
+  };
 
+  # https://github.com/nix-community/home-manager/blob/master/modules/programs/lazygit.nix
   programs.lazygit = {
     enable = true;
 

diff --git a/home-manager/homemade.nix b/home-manager/homemade.nix
@@ -20,7 +20,7 @@
       # 300ms : much slow!
 
       # zsh should be first, because it often makes much slower with the completion
-      ${lib.getExe pkgs.hyperfine} --warmup 1 --runs 5 \
+      ${lib.getBin pkgs.hyperfine}/bin/hyperfine --warmup 1 --runs 5 \
         '${lib.getExe pkgs.zsh} --interactive -c exit' \
         '${lib.getExe pkgs.bashInteractive} -i -c exit' \
         '${lib.getExe pkgs.fish} --interactive --command exit'
@@ -69,7 +69,7 @@
 
       name="$(${lib.getBin pkgs.coreutils}/bin/basename "$PWD")"
 
-      ${lib.getExe pkgs.zellij} attach "$name" || ${lib.getExe pkgs.zellij} --session "$name"
+      ${lib.getBin pkgs.zellij}/bin/zellij attach "$name" || ${lib.getBin pkgs.zellij}/bin/zellij --session "$name"
     '';
   };
 }
diff --git a/home-manager/packages.nix b/home-manager/packages.nix
@@ -33,10 +33,6 @@
     # Required in many asdf plugins
     unzip
 
-    # In macOS, starting ssh-agent is still /usr/bin/ssh-agent even added the nixpkgs
-    # So avoiding to add it for now
-    # openssh
-
     git
     tig
     lazygit
@@ -97,6 +93,9 @@
     [
       # Fix missing locales as `locale: Cannot set LC_CTYPE to default locale`
       glibc
+
+      # https://github.com/nix-community/home-manager/blob/a8f8f48320c64bd4e3a266a850bbfde2c6fe3a04/modules/services/ssh-agent.nix#L37
+      openssh
     ]
   ) ++ (lib.optionals stdenv.isDarwin
     [

diff --git a/home-manager/ssh.nix b/home-manager/ssh.nix
@@ -11,6 +11,9 @@ let
   # - id_*.pub: I CAN register them for different services.
 in
 {
+  # https://github.com/nix-community/home-manager/blob/master/modules/services/ssh-agent.nix
+  services.ssh-agent.enable = if pkgs.stdenv.isLinux then true else false;
+
   # These hosts are taken from the public resources of each provider.
   #   - https://docs.github.com/ja/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints
   #   - https://docs.gitlab.com/ee/user/gitlab_com/#ssh-known_hosts-entries
@@ -70,16 +73,19 @@ in
     matchBlocks = {
       "github.com" = {
         identityFile = "${sshDir}/id_ed25519";
+        identitiesOnly = true;
         user = "git";
       };
 
       "gitlab.com" = {
         identityFile = "${sshDir}/id_ed25519";
+        identitiesOnly = true;
         user = "git";
       };
 
       "bitbucket.org" = {
         identityFile = "${sshDir}/id_ed25519";
+        identitiesOnly = true;
         user = "git";
       };
     };

diff --git a/home/.config/git/config b/home/.config/git/config
diff --git a/home/.local/share/homemade/bin/add_nix_channels.bash b/home/.local/share/homemade/bin/add_nix_channels.bash
@@ -5,10 +5,10 @@ set -euxo pipefail
 # List of official resources:
 #   - https://channels.nixos.org
 #   - https://releases.nixos.org
-nix-channel --add https://releases.nixos.org/nixpkgs/nixpkgs-23.11pre509044.3acb5c4264c4/nixexprs.tar.xz nixpkgs
+nix-channel --add https://releases.nixos.org/nixpkgs/nixpkgs-23.11pre511546.844ffa82bbe2/nixexprs.tar.xz nixpkgs
 # nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs-unstable
 # nix-channel --add https://github.com/nix-community/home-manager/archive/release-23.05.tar.gz home-manager
-nix-channel --add https://github.com/nix-community/home-manager/archive/729ab77f9e998e0989fa30140ecc91e738bc0cb1.tar.gz home-manager
+nix-channel --add https://github.com/nix-community/home-manager/archive/a8f8f48320c64bd4e3a266a850bbfde2c6fe3a04.tar.gz home-manager
 nix-channel --update
 
 nix-channel --list