0xWheatyz/nixos-configurations
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: 0xWheatyz/nixos-configurations:014216de6b0d2adb593e9d556c9449336dbae501
Branches Tags
0xWheatyz/nixos-configurations:master 0xWheatyz/nixos-configurations:tmux
...
compare: 0xWheatyz/nixos-configurations:c133ff306e33ecc25da36ebdb6a12b8ac4cbed7c
Branches Tags
0xWheatyz/nixos-configurations:master 0xWheatyz/nixos-configurations:tmux

4 Commits
014216de6b ... c133ff306e

Author SHA1 Message Date
0xWheatyz c133ff306e fix(flake): unpin nixpkgs-unstable to resolve broken claude-code package 
Revert the nixpkgs-unstable pin to follow the branch again, as the
pinned revision shipped a broken package.
 2026-04-04 02:12:42 -04:00
0xWheatyz 5a53ce36e9 feat(home): add freecad package 2026-04-04 02:12:36 -04:00
0xWheatyz 7c25228bc5 feat(yubikey): configure GPG signing key and disable GCR ssh-agent 
Set actual GPG key ID for git commit signing, disable GCR ssh-agent
socket so gpg-agent handles SSH auth, and trim redundant setup steps
from yubikey guide.
 2026-04-04 02:12:02 -04:00
0xWheatyz 1ca8cc8c57 feat(wireguard): add wg-quick VPN client configuration 
Connect to home network VPN via vpn.leeworks.dev with wg0 interface
on the 10.0.1.64/28 subnet. Private key loaded from /etc/wireguard/private.key.
 2026-04-04 01:53:45 -04:00
4 changed files with 28 additions and 33 deletions
Expand all files Collapse all files
configuration.nix
+13
View File
@@ -174,6 +174,19 @@
}; };
# WireGuard VPN
networking.wg-quick.interfaces.wg0 = {
address = [ "10.0.1.66/28" ];
privateKeyFile = "/etc/wireguard/private.key";
peers = [{
publicKey = "VEpzr/CeGdS6Wsy0NDDfmlB/bCYxS55A155HWGCIIzc=";
endpoint = "vpn.leeworks.dev:51820";
allowedIPs = [ "10.0.1.64/28" ];
persistentKeepalive = 25;
}];
};
services.tailscale = { services.tailscale = {
enable = true; enable = true;
useRoutingFeatures = "client"; # or "both" for subnet routing useRoutingFeatures = "client"; # or "both" for subnet routing
flake.lock
Generated
+9 -9
View File
@@ -25,11 +25,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1772633058, "lastModified": 1775077333,
"narHash": "sha256-SO7JapRy2HPhgmqiLbfnW1kMx5rakPMKZ9z3wtRLQjI=", "narHash": "sha256-OXcxobt7lBkh1B8AjwreU+24myhtKpqeLfAeIyNLFY8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "080657a04188aca25f8a6c70a0fb2ea7e37f1865", "rev": "49ca96b2714c5931e17401eff87f3edd42d2b0f2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -76,11 +76,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1773597492, "lastModified": 1775126147,
"narHash": "sha256-hQ284SkIeNaeyud+LS0WVLX+WL2rxcVZLFEaK0e03zg=", "narHash": "sha256-J0dZU4atgcfo4QvM9D92uQ0Oe1eLTxBVXjJzdEMQpD0=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a07d4ce6bee67d7c838a8a5796e75dff9caa21ef", "rev": "8d8c1fa5b412c223ffa47410867813290cdedfef",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -92,11 +92,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1772822230, "lastModified": 1775002709,
"narHash": "sha256-yf3iYLGbGVlIthlQIk5/4/EQDZNNEmuqKZkQssMljuw=", "narHash": "sha256-d3Yx83vSrN+2z/loBh4mJpyRqr9aAJqlke4TkpFmRJA=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "71caefce12ba78d84fe618cf61644dce01cf3a96", "rev": "bcd464ccd2a1a7cd09aa2f8d4ffba83b761b1d0e",
"type": "github" "type": "github"
}, },
"original": { "original": {
home.nix
+6 -2
View File
@@ -1,4 +1,4 @@
{ config, pkgs, ... }: { config, pkgs, lib, ... }:
{ {
home.username = "l-wyatt"; home.username = "l-wyatt";
@@ -27,6 +27,7 @@
gnomeExtensions.blur-my-shell gnomeExtensions.blur-my-shell
gnomeExtensions.just-perfection gnomeExtensions.just-perfection
gnomeExtensions.arc-menu gnomeExtensions.arc-menu
freecad
]; ];
# -------------------------- # --------------------------
@@ -121,6 +122,9 @@
}; };
}; };
# Disable GCR ssh-agent so gpg-agent handles SSH
systemd.user.sockets.gcr-ssh-agent.Install.WantedBy = lib.mkForce [];
# GPG configuration # GPG configuration
programs.gpg = { programs.gpg = {
enable = true; enable = true;
@@ -141,7 +145,7 @@
programs.git = { programs.git = {
enable = true; enable = true;
signing = { signing = {
key = null; # Will be set after GPG key generation key = "0xADCEAC560B498269";
signByDefault = true; signByDefault = true;
}; };
settings = { settings = {
yubikey.md
-22
View File
@@ -1,27 +1,5 @@
# Post-Rebuild YubiKey Setup Guide # Post-Rebuild YubiKey Setup Guide
## Step 0: Rebuild & Reboot
```bash
nixos-rebuild switch
# Then reboot to ensure gpg-agent replaces gnome-keyring as SSH agent
reboot
```
After reboot, verify the new environment:
```bash
gpg --version # Should show GnuPG 2.4+
ykman info # Should show your YubiKey model/serial
gpg --card-status # Should show the YubiKey smartcard
echo $SSH_AUTH_SOCK # Should point to gpg-agent socket, NOT gcr
```
> If `gpg --card-status` hangs or errors, restart pcscd:
> `sudo systemctl restart pcscd`
---
## Step 1: Generate GPG Master Key ## Step 1: Generate GPG Master Key
```bash ```bash