From f4e7b106ef132dde38cb463fa51bd99bbe8533b0 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sun, 18 May 2025 14:41:42 +0200 Subject: ... --- .sops.yaml | 6 +++++ accounts/gkleen@sif/default.nix | 12 +++++++++- accounts/gkleen@sif/niri/default.nix | 3 +++ accounts/gkleen@sif/synadm/default.nix | 9 ++++++++ accounts/gkleen@sif/synadm/synadm_yaml | 15 ++++++++++++ flake.lock | 42 +++++++++++++++++----------------- modules/pgbackrest.nix | 2 ++ overlays/deploy-rs.nix | 10 ++++---- 8 files changed, 73 insertions(+), 26 deletions(-) create mode 100644 accounts/gkleen@sif/synadm/default.nix create mode 100644 accounts/gkleen@sif/synadm/synadm_yaml diff --git a/.sops.yaml b/.sops.yaml index 948383b2..a65dca8e 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -8,6 +8,12 @@ creation_rules: - path_regex: ^hosts/surtr/email/ca key_groups: - age: [ *admin_gkleen ] + - path_regex: ^home-modules/lmu-hausschrift/ + key_groups: + - age: [ *admin_gkleen ] + - path_regex: ^accounts/gkleen@sif/ + key_groups: + - age: [ *admin_gkleen ] - path_regex: surtr\/?[^\/]*$ key_groups: - age: [ *admin_gkleen, *machine_surtr ] diff --git a/accounts/gkleen@sif/default.nix b/accounts/gkleen@sif/default.nix index 56fc61ef..e6157d2c 100644 --- a/accounts/gkleen@sif/default.nix +++ b/accounts/gkleen@sif/default.nix @@ -71,6 +71,7 @@ in { imports = [ ./libvirt ./niri + ./synadm flakeInputs.nix-index-database.hmModules.nix-index flakeInputs.impermanence.nixosModules.home-manager.impermanence ]; @@ -364,6 +365,7 @@ in { enable = true; settings.show_banner = false; }; + fd.enable = true; }; services = { @@ -489,6 +491,13 @@ in { }; }; + qt.kde.settings = { + kwalletrc = { + KSecretD.Enabled = false; + Wallet."Default Wallet" = "store"; + }; + }; + xsession.preferStatusNotifierItems = true; xresources.properties = import ./xresources.nix; @@ -509,7 +518,6 @@ in { nerd-fonts.symbols-only nerd-fonts.fira-code powerline-fonts swtpm (hunspellWithDicts (with hunspellDicts; [en_GB-large de_DE])) libation - # synadm ] ++ mapAttrsToList (_name: pkg: pkgs.callPackage pkg {}) (customUtils.nixImport { dir = ./utils; }); file = { @@ -589,6 +597,8 @@ in { xdg.dataFile = { "dbus-1/services/org.keepassxc.KeePassXC.service".source = "${wrappedKeepassxc}/share/dbus-1/services/org.keepassxc.KeePassXC.service"; "dbus-1/services/org.freedesktop.secrets.service.service".source = "${wrappedKeepassxc}/share/dbus-1/services/org.freedesktop.secrets.service.service"; + "dbus-1/services/org.kde.kwalletd6.service".source = "${pkgs.kdePackages.kwallet}/share/dbus-1/org.kde.kwalletd6.service"; + "dbus-1/services/org.kde.kwalletd5.service".source = "${pkgs.kdePackages.kwallet}/share/dbus-1/org.kde.kwalletd5.service"; "emoji-data/list.txt".source = pkgs.stdenv.mkDerivation { inherit (sources.emoji-data) pname src; version = lib.removePrefix "v" sources.emoji-data.version; diff --git a/accounts/gkleen@sif/niri/default.nix b/accounts/gkleen@sif/niri/default.nix index 80f63e65..b57e1cc0 100644 --- a/accounts/gkleen@sif/niri/default.nix +++ b/accounts/gkleen@sif/niri/default.nix @@ -533,6 +533,9 @@ in { SDL_VIDEODRIVER = "wayland"; DISPLAY = ":0"; ELECTRON_OZONE_PLATFORM_HINT = "auto"; + SSH_ASKPASS_REQUIRE = "prefer"; + SSH_ASKPASS = lib.getExe pkgs.kdePackages.ksshaskpass; + SUDO_ASKPASS = lib.getExe pkgs.kdePackages.ksshaskpass; })) (node "output" "eDP-1" [ diff --git a/accounts/gkleen@sif/synadm/default.nix b/accounts/gkleen@sif/synadm/default.nix new file mode 100644 index 00000000..0a8e0d4c --- /dev/null +++ b/accounts/gkleen@sif/synadm/default.nix @@ -0,0 +1,9 @@ +{ config, pkgs, ... }: +{ + home.packages = with pkgs; [ synadm ]; + sops.secrets."synadm.yaml" = { + format = "binary"; + sopsFile = ./synadm_yaml; + path = config.xdg.configHome + "/synadm.yaml"; + }; +} diff --git a/accounts/gkleen@sif/synadm/synadm_yaml b/accounts/gkleen@sif/synadm/synadm_yaml new file mode 100644 index 00000000..8d951ccc --- /dev/null +++ b/accounts/gkleen@sif/synadm/synadm_yaml @@ -0,0 +1,15 @@ +{ + "data": "ENC[AES256_GCM,data:qJy4Pmbbxja4jmW7OaHsD0mQZ7anZwLhiVmAgkavb+CqwWGDnUBXdz22/MHCbxng5NshcFSpBoCBhgY6B9V2bUiES6bH9AtMlDcs9ebKGMArBTUTnQ2MjWQGfQTqraWdNgy+n327uj9swwCH8EZXdYH/Hlv0t/re470W+VOHeXhGghQ3Y9IGz2sgfvMGr8QxaJNydZz85rgs5QUP/PglCwWIOw2mY1EX2vYwnmiAo49LmIEaxWvRi++KHaeBveDt0nlkJwzUlipL2VOKWxkgpK3yGucQn2mz+FRe1btp+4KGm8H17eUI9FO9sBwq,iv:kgM921ovwCgDYHQj3c5Rupy/8JxHehxUD2jb1k9Ik2Y=,tag:3TLQkJbv679VWy8V2TMugw==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1rmmhetcmllq0ahl5qznlr0eya2zdxwl9h6y5wnl97d2wtyx5t99sm2u866", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6bzVHUGNxZTF2WC9MYmZr\neGdVVzJXN3lGdEk3cTBER3J6UTFtcUJna2d3CjdNQmRXd2haZW1MYlJzNkk1dWVD\nVTFQc2gvS0JrejJ6SFh2MXpPWDZpRE0KLS0tIE0wTC85bEpvSnlGdGFkZVFhNjFZ\nbzRiZkxMWUg2ODNVUlBmNFlPNGRrZlkK1VXLJWcssv3ETyZSSM/Hhn5VIaI9iov9\nzShZA9Zx/FX6PYTuUMC29pJ57gKourcIxa/7HwSv/xYn1A6WcYfgSg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-05-18T11:03:42Z", + "mac": "ENC[AES256_GCM,data:yonJC68PhilAgEHNNJQ8nO53Qo3rx/LnfiOWfuMm24bOUIH9QM3WZZxpigd7bHI4eC4TqRb4LvcSi0nEURTRAhwiTqGNrWbpw2Iv3n5dhLEN9aTcetG5ZuhaXqfVUoML45/ovdBZG/0l8+XIHqxN2M/g/h4JwKoR/6lqzcrVhgo=,iv:xvxBJwy+E5zUdjhGPdZPdy7tnBIEj50hfiDJFsS3wNg=,tag:L4Fas36ZOg4h0QQwC4gjNA==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/flake.lock b/flake.lock index a884d6c6..1d7bdea7 100644 --- a/flake.lock +++ b/flake.lock @@ -397,11 +397,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1747115632, - "narHash": "sha256-SypEtZQsum43HvIT4HqM1RH8CE3wCWFIO5b5IqC/2FA=", + "lastModified": 1747491150, + "narHash": "sha256-UpHzUfmxpKko/4f/Nw971wfw+0EgHEJHkoJ3mGQKDkg=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "44eeba852a6671ab1c7be5ca65a58c49794cef4b", + "rev": "ea61079b4d48031087c0c994782c24c846d4b95e", "type": "github" }, "original": { @@ -431,11 +431,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1747113435, - "narHash": "sha256-9oU1mKAM2BZLSots136UA75RIed53YtYgns9TUkr3ck=", + "lastModified": 1747486745, + "narHash": "sha256-ngQ+iTHmBJkEbsjYfCWTJdV8gHhOCTkV8K0at6Y+YHI=", "owner": "YaLTeR", "repo": "niri", - "rev": "6d083ea49741d6e8e85d5a1d6b6bcaa837d3b5c0", + "rev": "ae89cb6017668f3a81ccd92461cbbc70ab8377d0", "type": "github" }, "original": { @@ -472,11 +472,11 @@ ] }, "locked": { - "lastModified": 1746934494, - "narHash": "sha256-3n6i+F0sDASjkhbvgFDpPDZGp7z19IrRtjfF9TwJpCA=", + "lastModified": 1747540584, + "narHash": "sha256-cxCQ413JTUuRv9Ygd8DABJ1D6kuB/nTfQqC0Lu9C0ls=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "e9b21b01e4307176b9718a29ac514838e7f6f4ff", + "rev": "ec179dd13fb7b4c6844f55be91436f7857226dce", "type": "github" }, "original": { @@ -529,11 +529,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1747083103, - "narHash": "sha256-dMx20S2molwqJxbmMB4pGjNfgp5H1IOHNa1Eby6xL+0=", + "lastModified": 1747129300, + "narHash": "sha256-L3clA5YGeYCF47ghsI7Tcex+DnaaN/BbQ4dR2wzoiKg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "d1d68fe8b00248caaa5b3bbe4984c12b47e0867d", + "rev": "e81fd167b33121269149c57806599045fd33eeed", "type": "github" }, "original": { @@ -651,11 +651,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1746957726, - "narHash": "sha256-k9ut1LSfHCr0AW82ttEQzXVCqmyWVA5+SHJkS5ID/Jo=", + "lastModified": 1747335874, + "narHash": "sha256-IKKIXTSYJMmUtE+Kav5Rob8SgLPnfnq4Qu8LyT4gdqQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a39ed32a651fdee6842ec930761e31d1f242cb94", + "rev": "ba8b70ee098bc5654c459d6a95dfc498b91ff858", "type": "github" }, "original": { @@ -699,11 +699,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1746904237, - "narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=", + "lastModified": 1747327360, + "narHash": "sha256-LSmTbiq/nqZR9B2t4MRnWG7cb0KVNU70dB7RT4+wYK4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956", + "rev": "e06158e58f3adee28b139e9c2bcfcc41f8625b46", "type": "github" }, "original": { @@ -1037,11 +1037,11 @@ ] }, "locked": { - "lastModified": 1746649034, - "narHash": "sha256-gmv+ZiY3pQnwgI0Gm3Z1tNSux1CnOJ0De+xeDOol1+0=", + "lastModified": 1747441483, + "narHash": "sha256-W8BFXk5R0TuJcjIhcGoMpSOaIufGXpizK0pm+uTqynA=", "owner": "pyproject-nix", "repo": "uv2nix", - "rev": "fe540e91c26f378c62bf6da365a97e848434d0cd", + "rev": "582024dc64663e9f88d467c2f7f7b20d278349de", "type": "github" }, "original": { diff --git a/modules/pgbackrest.nix b/modules/pgbackrest.nix index 81c74a8e..550e970b 100644 --- a/modules/pgbackrest.nix +++ b/modules/pgbackrest.nix @@ -43,6 +43,8 @@ let loglevelType = types.enum ["off" "error" "warn" "info" "detail" "debug" "trace"]; inherit (utils.systemdUtils.unitOptions) unitOption; in { + disabledModules = ["services/backup/pgbackrest.nix"]; + options = { services.pgbackrest = { enable = mkEnableOption "pgBackRest"; diff --git a/overlays/deploy-rs.nix b/overlays/deploy-rs.nix index 0bf1c3b2..678c6f5f 100644 --- a/overlays/deploy-rs.nix +++ b/overlays/deploy-rs.nix @@ -2,13 +2,15 @@ flakeInputs.deploy-rs.overlays.default (final: prev: { deploy-rs = prev.deploy-rs // { - deploy-rs = prev.deploy-rs.deploy-rs.overrideAttrs (oldAttrs: { - nativeBuildInputs = (oldAttrs.nativeBuildInputs or []) ++ [final.makeWrapper]; - preFixup = '' + deploy-rs = prev.symlinkJoin { + name = "${prev.deploy-rs.deploy-rs.name}-wrapped"; + paths = [ prev.deploy-rs.deploy-rs ]; + buildInputs = [ prev.makeWrapper ]; + postBuild = '' wrapProgram $out/bin/deploy \ --prefix PATH : ${prev.lib.makeBinPath (with final; [ nix-monitored ])} ''; - }); + }; }; }) final prev -- cgit v1.2.3