+53

.config/1Password/ssh/agent.toml

reviewed

··· 1 1 + # SPDX-License-Identifier: MPL-2.0 2 2 + # This is the 1Password SSH agent config file, which allows you to customize the 3 3 + # behavior of the SSH agent running on this machine. 4 4 + # 5 5 + # You can use it to: 6 6 + # * Enable keys from other vaults than the Private vault 7 7 + # * Control the order in which keys are offered to SSH servers 8 8 + # 9 9 + # EXAMPLE 10 10 + # 11 11 + # By default, all keys in your Private vault(s) are enabled: 12 12 + # 13 13 + # [[ssh-keys]] 14 14 + # vault = "Private" 15 15 + # 16 16 + # You can enable more keys by adding more `[[ssh-keys]]` entries. 17 17 + # For example, to first enable item "My SSH Key" from "My Custom Vault": 18 18 + # 19 19 + # [[ssh-keys]] 20 20 + # item = "My SSH Key" 21 21 + # vault = "My Custom Vault" 22 22 + # 23 23 + # [[ssh-keys]] 24 24 + # vault = "Private" 25 25 + # 26 26 + # You can test the result by running: 27 27 + # 28 28 + # SSH_AUTH_SOCK=~/.1password/agent.sock ssh-add -l 29 29 + # 30 30 + # More examples can be found here: 31 31 + # https://developer.1password.com/docs/ssh/agent/config 32 32 + 33 33 + # main key since 2022 34 34 + [[ssh-keys]] 35 35 + vault = "Personal" 36 36 + item = "ztyawq2e2iajh2h76ls2rls7aq" 37 37 + account = "Andrei Jiroh Halili" 38 38 + # launchpad.net and others that don't support Ed25519 yet 39 39 + [[ssh-keys]] 40 40 + vault = "Personal" 41 41 + item = "juivb4nx4uuftbhopukninhni4" 42 42 + account = "Andrei Jiroh Halili" 43 43 + # releases 44 44 + [[ssh-keys]] 45 45 + vault = "CI/CD Automation Toolkit" 46 46 + item = "hfkcoqzbpa3gjb2utvi5rpvc5y" 47 47 + account = "Andrei Jiroh Halili" 48 48 + 49 49 + # RecapTime.dev 50 50 + [[ssh-keys]] 51 51 + vault = "Employee" 52 52 + item = "wklfmur3fegpajjhrx4acwcscm" 53 53 + account = "https://recaptime-dev.1password.com"

+33

.ssh/config

reviewed

··· 1 1 + # This is my SSH client configuration I use for both Nix-based and non-Nix 2 2 + # systems, mainly because I am not yet ready to codify them into home-manager 3 3 + # at the moment. Note that we might need to hack around the 1Password CLI 4 4 + # for headless setups like tildes and agent forwards. 5 5 + 6 6 + # load 1Password-specifics here 7 7 + Include ~/.ssh/1Password/config 8 8 + 9 9 + # tildeverse 10 10 + Host nest 11 11 + Hostname hackclub.app 12 12 + User ajhalili2006 13 13 + IdentityAgent ~/.1password/agent.sock 14 14 + Host psf 15 15 + Hostname p.psf.lt 16 16 + User ajhalili2006 17 17 + IdentityAgent ~/.1password/agent.sock 18 18 + Host ctrl-c 19 19 + Hostname ctrl-c.clib 20 20 + User ajhalili2006 21 21 + IdentityAgent ~/.1password/agent.sock 22 22 + Host hashbang 23 23 + Hostname de1.hashbang.sh 24 24 + User ajhalili2006 25 25 + 26 26 + # TODO: Add machines on the tailnet later 27 27 + # Recap Time Squad specifics 28 28 + Host stellapent 29 29 + Hostname stellapent-cier.fawn-cod.ts.net 30 30 + # Our own proxyparty instance on virtnet.bond :) 31 31 + Host proxyparty 32 32 + # Will set this up later 33 33 + Hostname proxypartylab.tuna-skate.ts.net

+41 -5

README.md

reviewed

··· 7 7 8 8 ## Usage 9 9 10 10 - ### Using my Nixpkgs config 10 10 + ### Plain dotfiles 11 11 12 12 - Make sure Git is installed in your NixOS/nixpkgs setup (via `/etc/nixos/configuration.nix` or 13 13 - the usual `nix-env -iA nixpkgs.gitFull` or `nix profile install nixpkgs#gitFull` if using 14 14 - Flakes) for the setup to work. 12 12 + Make sure Git is installed in your non NixOS/nixpkgs setup for the setup to work. 15 13 16 14 ```bash 17 15 cd ~ ··· 20 18 git checkout -f main 21 19 ``` 22 20 21 21 + If you prefer to cook up with yadm: 22 22 + 23 23 + ```bash 24 24 + yadm clone https://github.com/andreijiroh-dev/dotfiles 25 25 + ln -s ./.local/share/yadm/TBD ./.git # so that we can normally use git here 26 26 + ``` 27 27 + 28 28 + ### Using nix flakes + home-manager 29 29 + 30 30 + ```bash 31 31 + # A quick home-manager switch should do the trick 32 32 + nix run home-manager/master -- switch --flake github:andreijiroh-dev/nixops-config 33 33 + 34 34 + # otherwise a quick copy paste configs should fix 'em if you use a different username 35 35 + # (not different home directory yet!) 36 36 + ``` 37 37 + 38 38 + #### Updating `authorized_keys` with Nix 39 39 + 40 40 + 1. Update [`shared/ssh-keys.nix`][ssh-keys] and `users.users.<gildedguy|ajhalili2006>.openssh.authorizedKeys.keys` 41 41 + 2. Run `nixos-rebuild switch` to regenerate `/etc/ssh/authorized_keys.d/<gildedguy|ajhalili2006>`. 42 42 + 3. Copy that file back to `.ssh/authorized_keys`. Commit changes and push. 43 43 + 4. On the affected machines, just `git pull` away. 44 44 + 45 45 + ### Using 1Password SSH Agent integration 46 46 + 47 47 + > [!WARNING] 48 48 + > 1Password Desktop app must be installed and enabled `Use SSH Agent` in 49 49 + > **Settings** -> **Developer** -> **SSH Agent** after signing in. 50 50 + 51 51 + Note that this should work on most desktop apps, although if you're in Nest (and friends 52 52 + with RDP access), connect to there first and authenicate. You may need to adjust security 53 53 + settings in the desktop app to ensure nothing go wrong. 54 54 + 23 55 ## Directory + File Map 24 56 25 57 ### Essientials 26 58 27 59 * [`.config/nixos`](./.config/nixos/) - my NixOS configuration as a flake, including system tools, 28 28 - usually in sync 60 60 + usually in sync (TODO: Swap into Git module of <https://github.com/andreijiroh-dev/nixops-config> soon) 29 61 * [`.config/home-manager`](./.config/home-manager/) - Home-manager configs, mostly CLI and desktop apps go here 30 62 * [`bin`](./bin) - Shell scripts! (because Nix looks like Haskell to me) 31 63 ··· 35 67 * [`@andreijiroh-dev/infraops`][infraops] - the homelab config in pure Docker Compose insanity, alongside DNS records YAML files for octoDNS 36 68 * [`@recaptime-dev/infra`][rtdev-infra] - @recaptime-dev's infra configurations and home for our Infra Issue Tracker 37 69 * [`@recaptime-dev/infra-internals`][rtdev-infra-internals] - @recaptime-dev's infra configs for Portainer (the public repo version only have `stack.env` files removed via `git-filter-repo`) 70 70 + 71 71 + ## License 72 72 + 73 73 + MPL-2.0 38 74 39 75 [nixops-config]: https://github.com/andreijiroh-dev/nixops-config 40 76 [infraops]: https://github.com/andreijiroh-dev/infraops

+9

meta-info.toml

reviewed

··· 1 1 + # Mainly used by p.psf.lt for profile metadata. 2 2 + fullname = "Andrei Jiroh Halili" 3 3 + #gemini = "gemini.andreijiroh.xyz" 4 4 + website = "https://andreijiroh.dev" 5 5 + description = "Building OSS at RecapTime.dev, also Autistic Filipino and Hack Clubber" 6 6 + email = "ajhalili2006@andreijiroh.dev" 7 7 + matrix = "@ajhalili2006:andreijiroh.dev" 8 8 + fediverse = "tilde.zone/@ajhalili2006" 9 9 + location = "Marilao, Bulacan, Philippines"