diff options
| -rw-r--r-- | .sops.yaml | 6 | ||||
| -rw-r--r-- | accounts/gkleen@sif/default.nix | 12 | ||||
| -rw-r--r-- | accounts/gkleen@sif/niri/default.nix | 3 | ||||
| -rw-r--r-- | accounts/gkleen@sif/synadm/default.nix | 9 | ||||
| -rw-r--r-- | accounts/gkleen@sif/synadm/synadm_yaml | 15 | ||||
| -rw-r--r-- | flake.lock | 42 | ||||
| -rw-r--r-- | modules/pgbackrest.nix | 2 | ||||
| -rw-r--r-- | overlays/deploy-rs.nix | 10 |
8 files changed, 73 insertions, 26 deletions
| @@ -8,6 +8,12 @@ creation_rules: | |||
| 8 | - path_regex: ^hosts/surtr/email/ca | 8 | - path_regex: ^hosts/surtr/email/ca |
| 9 | key_groups: | 9 | key_groups: |
| 10 | - age: [ *admin_gkleen ] | 10 | - age: [ *admin_gkleen ] |
| 11 | - path_regex: ^home-modules/lmu-hausschrift/ | ||
| 12 | key_groups: | ||
| 13 | - age: [ *admin_gkleen ] | ||
| 14 | - path_regex: ^accounts/gkleen@sif/ | ||
| 15 | key_groups: | ||
| 16 | - age: [ *admin_gkleen ] | ||
| 11 | - path_regex: surtr\/?[^\/]*$ | 17 | - path_regex: surtr\/?[^\/]*$ |
| 12 | key_groups: | 18 | key_groups: |
| 13 | - age: [ *admin_gkleen, *machine_surtr ] | 19 | - age: [ *admin_gkleen, *machine_surtr ] |
diff --git a/accounts/gkleen@sif/default.nix b/accounts/gkleen@sif/default.nix index 56fc61ef..e6157d2c 100644 --- a/accounts/gkleen@sif/default.nix +++ b/accounts/gkleen@sif/default.nix | |||
| @@ -71,6 +71,7 @@ in { | |||
| 71 | imports = [ | 71 | imports = [ |
| 72 | ./libvirt | 72 | ./libvirt |
| 73 | ./niri | 73 | ./niri |
| 74 | ./synadm | ||
| 74 | flakeInputs.nix-index-database.hmModules.nix-index | 75 | flakeInputs.nix-index-database.hmModules.nix-index |
| 75 | flakeInputs.impermanence.nixosModules.home-manager.impermanence | 76 | flakeInputs.impermanence.nixosModules.home-manager.impermanence |
| 76 | ]; | 77 | ]; |
| @@ -364,6 +365,7 @@ in { | |||
| 364 | enable = true; | 365 | enable = true; |
| 365 | settings.show_banner = false; | 366 | settings.show_banner = false; |
| 366 | }; | 367 | }; |
| 368 | fd.enable = true; | ||
| 367 | }; | 369 | }; |
| 368 | 370 | ||
| 369 | services = { | 371 | services = { |
| @@ -489,6 +491,13 @@ in { | |||
| 489 | }; | 491 | }; |
| 490 | }; | 492 | }; |
| 491 | 493 | ||
| 494 | qt.kde.settings = { | ||
| 495 | kwalletrc = { | ||
| 496 | KSecretD.Enabled = false; | ||
| 497 | Wallet."Default Wallet" = "store"; | ||
| 498 | }; | ||
| 499 | }; | ||
| 500 | |||
| 492 | xsession.preferStatusNotifierItems = true; | 501 | xsession.preferStatusNotifierItems = true; |
| 493 | 502 | ||
| 494 | xresources.properties = import ./xresources.nix; | 503 | xresources.properties = import ./xresources.nix; |
| @@ -509,7 +518,6 @@ in { | |||
| 509 | nerd-fonts.symbols-only nerd-fonts.fira-code powerline-fonts | 518 | nerd-fonts.symbols-only nerd-fonts.fira-code powerline-fonts |
| 510 | swtpm (hunspellWithDicts (with hunspellDicts; [en_GB-large de_DE])) | 519 | swtpm (hunspellWithDicts (with hunspellDicts; [en_GB-large de_DE])) |
| 511 | libation | 520 | libation |
| 512 | # synadm | ||
| 513 | ] ++ mapAttrsToList (_name: pkg: pkgs.callPackage pkg {}) (customUtils.nixImport { dir = ./utils; }); | 521 | ] ++ mapAttrsToList (_name: pkg: pkgs.callPackage pkg {}) (customUtils.nixImport { dir = ./utils; }); |
| 514 | 522 | ||
| 515 | file = { | 523 | file = { |
| @@ -589,6 +597,8 @@ in { | |||
| 589 | xdg.dataFile = { | 597 | xdg.dataFile = { |
| 590 | "dbus-1/services/org.keepassxc.KeePassXC.service".source = "${wrappedKeepassxc}/share/dbus-1/services/org.keepassxc.KeePassXC.service"; | 598 | "dbus-1/services/org.keepassxc.KeePassXC.service".source = "${wrappedKeepassxc}/share/dbus-1/services/org.keepassxc.KeePassXC.service"; |
| 591 | "dbus-1/services/org.freedesktop.secrets.service.service".source = "${wrappedKeepassxc}/share/dbus-1/services/org.freedesktop.secrets.service.service"; | 599 | "dbus-1/services/org.freedesktop.secrets.service.service".source = "${wrappedKeepassxc}/share/dbus-1/services/org.freedesktop.secrets.service.service"; |
| 600 | "dbus-1/services/org.kde.kwalletd6.service".source = "${pkgs.kdePackages.kwallet}/share/dbus-1/org.kde.kwalletd6.service"; | ||
| 601 | "dbus-1/services/org.kde.kwalletd5.service".source = "${pkgs.kdePackages.kwallet}/share/dbus-1/org.kde.kwalletd5.service"; | ||
| 592 | "emoji-data/list.txt".source = pkgs.stdenv.mkDerivation { | 602 | "emoji-data/list.txt".source = pkgs.stdenv.mkDerivation { |
| 593 | inherit (sources.emoji-data) pname src; | 603 | inherit (sources.emoji-data) pname src; |
| 594 | version = lib.removePrefix "v" sources.emoji-data.version; | 604 | version = lib.removePrefix "v" sources.emoji-data.version; |
diff --git a/accounts/gkleen@sif/niri/default.nix b/accounts/gkleen@sif/niri/default.nix index 80f63e65..b57e1cc0 100644 --- a/accounts/gkleen@sif/niri/default.nix +++ b/accounts/gkleen@sif/niri/default.nix | |||
| @@ -533,6 +533,9 @@ in { | |||
| 533 | SDL_VIDEODRIVER = "wayland"; | 533 | SDL_VIDEODRIVER = "wayland"; |
| 534 | DISPLAY = ":0"; | 534 | DISPLAY = ":0"; |
| 535 | ELECTRON_OZONE_PLATFORM_HINT = "auto"; | 535 | ELECTRON_OZONE_PLATFORM_HINT = "auto"; |
| 536 | SSH_ASKPASS_REQUIRE = "prefer"; | ||
| 537 | SSH_ASKPASS = lib.getExe pkgs.kdePackages.ksshaskpass; | ||
| 538 | SUDO_ASKPASS = lib.getExe pkgs.kdePackages.ksshaskpass; | ||
| 536 | })) | 539 | })) |
| 537 | 540 | ||
| 538 | (node "output" "eDP-1" [ | 541 | (node "output" "eDP-1" [ |
diff --git a/accounts/gkleen@sif/synadm/default.nix b/accounts/gkleen@sif/synadm/default.nix new file mode 100644 index 00000000..0a8e0d4c --- /dev/null +++ b/accounts/gkleen@sif/synadm/default.nix | |||
| @@ -0,0 +1,9 @@ | |||
| 1 | { config, pkgs, ... }: | ||
| 2 | { | ||
| 3 | home.packages = with pkgs; [ synadm ]; | ||
| 4 | sops.secrets."synadm.yaml" = { | ||
| 5 | format = "binary"; | ||
| 6 | sopsFile = ./synadm_yaml; | ||
| 7 | path = config.xdg.configHome + "/synadm.yaml"; | ||
| 8 | }; | ||
| 9 | } | ||
diff --git a/accounts/gkleen@sif/synadm/synadm_yaml b/accounts/gkleen@sif/synadm/synadm_yaml new file mode 100644 index 00000000..8d951ccc --- /dev/null +++ b/accounts/gkleen@sif/synadm/synadm_yaml | |||
| @@ -0,0 +1,15 @@ | |||
| 1 | { | ||
| 2 | "data": "ENC[AES256_GCM,data:qJy4Pmbbxja4jmW7OaHsD0mQZ7anZwLhiVmAgkavb+CqwWGDnUBXdz22/MHCbxng5NshcFSpBoCBhgY6B9V2bUiES6bH9AtMlDcs9ebKGMArBTUTnQ2MjWQGfQTqraWdNgy+n327uj9swwCH8EZXdYH/Hlv0t/re470W+VOHeXhGghQ3Y9IGz2sgfvMGr8QxaJNydZz85rgs5QUP/PglCwWIOw2mY1EX2vYwnmiAo49LmIEaxWvRi++KHaeBveDt0nlkJwzUlipL2VOKWxkgpK3yGucQn2mz+FRe1btp+4KGm8H17eUI9FO9sBwq,iv:kgM921ovwCgDYHQj3c5Rupy/8JxHehxUD2jb1k9Ik2Y=,tag:3TLQkJbv679VWy8V2TMugw==,type:str]", | ||
| 3 | "sops": { | ||
| 4 | "age": [ | ||
| 5 | { | ||
| 6 | "recipient": "age1rmmhetcmllq0ahl5qznlr0eya2zdxwl9h6y5wnl97d2wtyx5t99sm2u866", | ||
| 7 | "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6bzVHUGNxZTF2WC9MYmZr\neGdVVzJXN3lGdEk3cTBER3J6UTFtcUJna2d3CjdNQmRXd2haZW1MYlJzNkk1dWVD\nVTFQc2gvS0JrejJ6SFh2MXpPWDZpRE0KLS0tIE0wTC85bEpvSnlGdGFkZVFhNjFZ\nbzRiZkxMWUg2ODNVUlBmNFlPNGRrZlkK1VXLJWcssv3ETyZSSM/Hhn5VIaI9iov9\nzShZA9Zx/FX6PYTuUMC29pJ57gKourcIxa/7HwSv/xYn1A6WcYfgSg==\n-----END AGE ENCRYPTED FILE-----\n" | ||
| 8 | } | ||
| 9 | ], | ||
| 10 | "lastmodified": "2025-05-18T11:03:42Z", | ||
| 11 | "mac": "ENC[AES256_GCM,data:yonJC68PhilAgEHNNJQ8nO53Qo3rx/LnfiOWfuMm24bOUIH9QM3WZZxpigd7bHI4eC4TqRb4LvcSi0nEURTRAhwiTqGNrWbpw2Iv3n5dhLEN9aTcetG5ZuhaXqfVUoML45/ovdBZG/0l8+XIHqxN2M/g/h4JwKoR/6lqzcrVhgo=,iv:xvxBJwy+E5zUdjhGPdZPdy7tnBIEj50hfiDJFsS3wNg=,tag:L4Fas36ZOg4h0QQwC4gjNA==,type:str]", | ||
| 12 | "unencrypted_suffix": "_unencrypted", | ||
| 13 | "version": "3.10.2" | ||
| 14 | } | ||
| 15 | } | ||
| @@ -397,11 +397,11 @@ | |||
| 397 | "xwayland-satellite-unstable": "xwayland-satellite-unstable" | 397 | "xwayland-satellite-unstable": "xwayland-satellite-unstable" |
| 398 | }, | 398 | }, |
| 399 | "locked": { | 399 | "locked": { |
| 400 | "lastModified": 1747115632, | 400 | "lastModified": 1747491150, |
| 401 | "narHash": "sha256-SypEtZQsum43HvIT4HqM1RH8CE3wCWFIO5b5IqC/2FA=", | 401 | "narHash": "sha256-UpHzUfmxpKko/4f/Nw971wfw+0EgHEJHkoJ3mGQKDkg=", |
| 402 | "owner": "sodiboo", | 402 | "owner": "sodiboo", |
| 403 | "repo": "niri-flake", | 403 | "repo": "niri-flake", |
| 404 | "rev": "44eeba852a6671ab1c7be5ca65a58c49794cef4b", | 404 | "rev": "ea61079b4d48031087c0c994782c24c846d4b95e", |
| 405 | "type": "github" | 405 | "type": "github" |
| 406 | }, | 406 | }, |
| 407 | "original": { | 407 | "original": { |
| @@ -431,11 +431,11 @@ | |||
| 431 | "niri-unstable": { | 431 | "niri-unstable": { |
| 432 | "flake": false, | 432 | "flake": false, |
| 433 | "locked": { | 433 | "locked": { |
| 434 | "lastModified": 1747113435, | 434 | "lastModified": 1747486745, |
| 435 | "narHash": "sha256-9oU1mKAM2BZLSots136UA75RIed53YtYgns9TUkr3ck=", | 435 | "narHash": "sha256-ngQ+iTHmBJkEbsjYfCWTJdV8gHhOCTkV8K0at6Y+YHI=", |
| 436 | "owner": "YaLTeR", | 436 | "owner": "YaLTeR", |
| 437 | "repo": "niri", | 437 | "repo": "niri", |
| 438 | "rev": "6d083ea49741d6e8e85d5a1d6b6bcaa837d3b5c0", | 438 | "rev": "ae89cb6017668f3a81ccd92461cbbc70ab8377d0", |
| 439 | "type": "github" | 439 | "type": "github" |
| 440 | }, | 440 | }, |
| 441 | "original": { | 441 | "original": { |
| @@ -472,11 +472,11 @@ | |||
| 472 | ] | 472 | ] |
| 473 | }, | 473 | }, |
| 474 | "locked": { | 474 | "locked": { |
| 475 | "lastModified": 1746934494, | 475 | "lastModified": 1747540584, |
| 476 | "narHash": "sha256-3n6i+F0sDASjkhbvgFDpPDZGp7z19IrRtjfF9TwJpCA=", | 476 | "narHash": "sha256-cxCQ413JTUuRv9Ygd8DABJ1D6kuB/nTfQqC0Lu9C0ls=", |
| 477 | "owner": "Mic92", | 477 | "owner": "Mic92", |
| 478 | "repo": "nix-index-database", | 478 | "repo": "nix-index-database", |
| 479 | "rev": "e9b21b01e4307176b9718a29ac514838e7f6f4ff", | 479 | "rev": "ec179dd13fb7b4c6844f55be91436f7857226dce", |
| 480 | "type": "github" | 480 | "type": "github" |
| 481 | }, | 481 | }, |
| 482 | "original": { | 482 | "original": { |
| @@ -529,11 +529,11 @@ | |||
| 529 | }, | 529 | }, |
| 530 | "nixos-hardware": { | 530 | "nixos-hardware": { |
| 531 | "locked": { | 531 | "locked": { |
| 532 | "lastModified": 1747083103, | 532 | "lastModified": 1747129300, |
| 533 | "narHash": "sha256-dMx20S2molwqJxbmMB4pGjNfgp5H1IOHNa1Eby6xL+0=", | 533 | "narHash": "sha256-L3clA5YGeYCF47ghsI7Tcex+DnaaN/BbQ4dR2wzoiKg=", |
| 534 | "owner": "NixOS", | 534 | "owner": "NixOS", |
| 535 | "repo": "nixos-hardware", | 535 | "repo": "nixos-hardware", |
| 536 | "rev": "d1d68fe8b00248caaa5b3bbe4984c12b47e0867d", | 536 | "rev": "e81fd167b33121269149c57806599045fd33eeed", |
| 537 | "type": "github" | 537 | "type": "github" |
| 538 | }, | 538 | }, |
| 539 | "original": { | 539 | "original": { |
| @@ -651,11 +651,11 @@ | |||
| 651 | }, | 651 | }, |
| 652 | "nixpkgs-stable_2": { | 652 | "nixpkgs-stable_2": { |
| 653 | "locked": { | 653 | "locked": { |
| 654 | "lastModified": 1746957726, | 654 | "lastModified": 1747335874, |
| 655 | "narHash": "sha256-k9ut1LSfHCr0AW82ttEQzXVCqmyWVA5+SHJkS5ID/Jo=", | 655 | "narHash": "sha256-IKKIXTSYJMmUtE+Kav5Rob8SgLPnfnq4Qu8LyT4gdqQ=", |
| 656 | "owner": "NixOS", | 656 | "owner": "NixOS", |
| 657 | "repo": "nixpkgs", | 657 | "repo": "nixpkgs", |
| 658 | "rev": "a39ed32a651fdee6842ec930761e31d1f242cb94", | 658 | "rev": "ba8b70ee098bc5654c459d6a95dfc498b91ff858", |
| 659 | "type": "github" | 659 | "type": "github" |
| 660 | }, | 660 | }, |
| 661 | "original": { | 661 | "original": { |
| @@ -699,11 +699,11 @@ | |||
| 699 | }, | 699 | }, |
| 700 | "nixpkgs_2": { | 700 | "nixpkgs_2": { |
| 701 | "locked": { | 701 | "locked": { |
| 702 | "lastModified": 1746904237, | 702 | "lastModified": 1747327360, |
| 703 | "narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=", | 703 | "narHash": "sha256-LSmTbiq/nqZR9B2t4MRnWG7cb0KVNU70dB7RT4+wYK4=", |
| 704 | "owner": "NixOS", | 704 | "owner": "NixOS", |
| 705 | "repo": "nixpkgs", | 705 | "repo": "nixpkgs", |
| 706 | "rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956", | 706 | "rev": "e06158e58f3adee28b139e9c2bcfcc41f8625b46", |
| 707 | "type": "github" | 707 | "type": "github" |
| 708 | }, | 708 | }, |
| 709 | "original": { | 709 | "original": { |
| @@ -1037,11 +1037,11 @@ | |||
| 1037 | ] | 1037 | ] |
| 1038 | }, | 1038 | }, |
| 1039 | "locked": { | 1039 | "locked": { |
| 1040 | "lastModified": 1746649034, | 1040 | "lastModified": 1747441483, |
| 1041 | "narHash": "sha256-gmv+ZiY3pQnwgI0Gm3Z1tNSux1CnOJ0De+xeDOol1+0=", | 1041 | "narHash": "sha256-W8BFXk5R0TuJcjIhcGoMpSOaIufGXpizK0pm+uTqynA=", |
| 1042 | "owner": "pyproject-nix", | 1042 | "owner": "pyproject-nix", |
| 1043 | "repo": "uv2nix", | 1043 | "repo": "uv2nix", |
| 1044 | "rev": "fe540e91c26f378c62bf6da365a97e848434d0cd", | 1044 | "rev": "582024dc64663e9f88d467c2f7f7b20d278349de", |
| 1045 | "type": "github" | 1045 | "type": "github" |
| 1046 | }, | 1046 | }, |
| 1047 | "original": { | 1047 | "original": { |
diff --git a/modules/pgbackrest.nix b/modules/pgbackrest.nix index 81c74a8e..550e970b 100644 --- a/modules/pgbackrest.nix +++ b/modules/pgbackrest.nix | |||
| @@ -43,6 +43,8 @@ let | |||
| 43 | loglevelType = types.enum ["off" "error" "warn" "info" "detail" "debug" "trace"]; | 43 | loglevelType = types.enum ["off" "error" "warn" "info" "detail" "debug" "trace"]; |
| 44 | inherit (utils.systemdUtils.unitOptions) unitOption; | 44 | inherit (utils.systemdUtils.unitOptions) unitOption; |
| 45 | in { | 45 | in { |
| 46 | disabledModules = ["services/backup/pgbackrest.nix"]; | ||
| 47 | |||
| 46 | options = { | 48 | options = { |
| 47 | services.pgbackrest = { | 49 | services.pgbackrest = { |
| 48 | enable = mkEnableOption "pgBackRest"; | 50 | enable = mkEnableOption "pgBackRest"; |
diff --git a/overlays/deploy-rs.nix b/overlays/deploy-rs.nix index 0bf1c3b2..678c6f5f 100644 --- a/overlays/deploy-rs.nix +++ b/overlays/deploy-rs.nix | |||
| @@ -2,13 +2,15 @@ | |||
| 2 | flakeInputs.deploy-rs.overlays.default | 2 | flakeInputs.deploy-rs.overlays.default |
| 3 | (final: prev: { | 3 | (final: prev: { |
| 4 | deploy-rs = prev.deploy-rs // { | 4 | deploy-rs = prev.deploy-rs // { |
| 5 | deploy-rs = prev.deploy-rs.deploy-rs.overrideAttrs (oldAttrs: { | 5 | deploy-rs = prev.symlinkJoin { |
| 6 | nativeBuildInputs = (oldAttrs.nativeBuildInputs or []) ++ [final.makeWrapper]; | 6 | name = "${prev.deploy-rs.deploy-rs.name}-wrapped"; |
| 7 | preFixup = '' | 7 | paths = [ prev.deploy-rs.deploy-rs ]; |
| 8 | buildInputs = [ prev.makeWrapper ]; | ||
| 9 | postBuild = '' | ||
| 8 | wrapProgram $out/bin/deploy \ | 10 | wrapProgram $out/bin/deploy \ |
| 9 | --prefix PATH : ${prev.lib.makeBinPath (with final; [ nix-monitored ])} | 11 | --prefix PATH : ${prev.lib.makeBinPath (with final; [ nix-monitored ])} |
| 10 | ''; | 12 | ''; |
| 11 | }); | 13 | }; |
| 12 | }; | 14 | }; |
| 13 | }) | 15 | }) |
| 14 | final prev | 16 | final prev |