geekiot/nixos-config
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add (home options): add themes options & security stuff options

Browse source
This commit is contained in:
Kirill Samoylenkov 2025-09-30 00:29:21 +05:00
parent 57c8e8d0c9
commit fbb1bd2530
2 changed files with 174 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

86
options/home/security.nix Normal file
View file

@ -0,0 +1,86 @@
{
lib,
pkgs,
config,
...
}:
let
cfg = config.home.security;
in
{
options = {
home.security = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Security stuff.";
};
gpg = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = "GPG configurations.";
};
homeDir = lib.mkOption {
type = lib.types.str;
default = "${config.home.homeDirectory}/.gpg";
description = "GPG config directory.";
};
};
ssh = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = "SSH base configurations.";
};
homeDir = lib.mkOption {
type = lib.types.str;
default = "${config.home.homeDirectory}/.ssh";
description = "SSH config directory.";
};
};
};
};
config = lib.mkIf cfg.enable {
programs.gpg = lib.mkIf cfg.gpg.enable {
enable = true;
package = pkgs.gnupg;
mutableKeys = true;
mutableTrust = true;
homedir = cfg.gpg.homeDir;
settings = {
no-comments = true;
throw-keyids = true;
no-emit-version = true;
keyid-format = "0xlong";
};
};
services.gpg-agent = lib.mkIf cfg.gpg.enable {
enable = true;
pinentry.package = pkgs.pinentry-qt;
};
programs.ssh = lib.mkIf cfg.ssh.enable {
enable = true;
enableDefaultConfig = false;
package = pkgs.openssh;
matchBlocks = {
"*" = {
hashKnownHosts = true;
userKnownHostsFile = "${cfg.ssh.homeDir}/known_hosts";
forwardAgent = false;
addKeysToAgent = "no";
serverAliveInterval = 0;
serverAliveCountMax = 3;
controlMaster = "no";
controlPath = "${cfg.ssh.homeDir}/master-%r@%n:%p";
controlPersist = "no";
};
};
};
};
}