Use Adwaita cursor theme.

Only decrypt the nix zfs dataset.
Add nix-index.
2025-01-06 19:34:28 -05:00 · 2025-01-06 19:21:20 -05:00 · 2025-01-06 14:32:07 -05:00 · 2025-01-05 15:43:23 -05:00 · 2025-01-02 22:50:55 -05:00 · 2025-01-02 10:27:25 -05:00
7 changed files with 104 additions and 19 deletions
--- a/nix/configuration/configuration.nix
+++ b/nix/configuration/configuration.nix
@ -130,6 +130,7 @@
    strace
    tcpdump
    git-crypt
+    nix-index-unwrapped
  ];

  services.openssh = {
--- a/nix/configuration/hosts/odo/disk-config.nix
+++ b/nix/configuration/hosts/odo/disk-config.nix
@ -118,4 +118,7 @@ lib.mkIf (!config.me.buildingIso) {
  fileSystems."/persist".neededForBoot = true;
  fileSystems."/state".neededForBoot = true;
  fileSystems."/home".neededForBoot = true;
+
+  # Only attempt to decrypt the main pool. Otherwise it attempts to decrypt pools that aren't even used.
+  boot.zfs.requestEncryptionCredentials = [ "zroot/linux/nix" ];
 }
--- a/nix/configuration/roles/gpg/default.nix
+++ b/nix/configuration/roles/gpg/default.nix
@ -15,7 +15,18 @@
  # gpg -vvv --auto-key-locate local,wkd --locate-keys tom@fizz.buzz

  hardware.gpgSmartcards.enable = true;
-  services.udev.packages = [ pkgs.yubikey-personalization ];
+  services.udev.packages = [
+    pkgs.yubikey-personalization
+    pkgs.libfido2
+    (pkgs.writeTextFile {
+      name = "my-rules";
+      text = ''
+        ACTION=="add", SUBSYSTEM=="usb", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0406", MODE="660", GROUP="wheel"
+        KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0406", TAG+="uaccess", GROUP="wheel", MODE="0660"
+      '';
+      destination = "/etc/udev/rules.d/50-yubikey.rules";
+    })
+  ];
  services.pcscd.enable = true;
  # services.gnome.gnome-keyring.enable = true;

@ -36,7 +47,7 @@
      };
    };

-  programs.gnupg.dirmngr.enable = true;
+  # programs.gnupg.dirmngr.enable = true;
  programs.gnupg.agent = {
    enable = true;
    enableSSHSupport = true;
@ -60,16 +71,51 @@
    };
  };

-  # nixpkgs.overlays = [
-  #   (final: prev: {
-  #     pcsclite = prev.pcsclite.overrideAttrs (old: {
-  #       postPatch = ''
-  #         substituteInPlace src/libredirect.c src/spy/libpcscspy.c \
-  #           --replace-fail "libpcsclite_real.so.1" "$lib/lib/libpcsclite_real.so.1"
-  #       '';
-  #     });
-  #   })
-  # ];
+  nixpkgs.overlays = [
+    (final: prev: {
+      # pcsclite = prev.pcsclite.overrideAttrs (old: {
+      #   postPatch = ''
+      #     substituteInPlace src/libredirect.c src/spy/libpcscspy.c \
+      #       --replace-fail "libpcsclite_real.so.1" "$lib/lib/libpcsclite_real.so.1"
+      #   '';
+      # });
+
+      # pcsclite = prev.pcsclite.overrideAttrs (old: {
+      #   postPatch =
+      #     old.postPatch
+      #     + (lib.optionalString
+      #       (!(lib.strings.hasInfix ''--replace-fail "libpcsclite_real.so.1"'' old.postPatch))
+      #       ''
+      #         substituteInPlace src/libredirect.c src/spy/libpcscspy.c \
+      #           --replace-fail "libpcsclite_real.so.1" "$lib/lib/libpcsclite_real.so.1"
+      #       ''
+      #     );
+      # });
+
+      # pcsclite = prev.pcsclite.overrideAttrs (old: {
+      #   postPatch =
+      #     old.postPatch
+      #     + ''
+      #       substituteInPlace src/libredirect.c src/spy/libpcscspy.c \
+      #         --replace-fail "libpcsclite_real.so.1" "$lib/lib/libpcsclite_real.so.1"
+      #     '';
+      # });
+
+      # gnupg = prev.gnupg.override {
+      #   pcsclite = pkgs.pcsclite.overrideAttrs (old: {
+      #     postPatch =
+      #       old.postPatch
+      #       + (lib.optionalString
+      #         (!(lib.strings.hasInfix ''--replace-fail "libpcsclite_real.so.1"'' old.postPatch))
+      #         ''
+      #           substituteInPlace src/libredirect.c src/spy/libpcscspy.c \
+      #             --replace-fail "libpcsclite_real.so.1" "$lib/lib/libpcsclite_real.so.1"
+      #         ''
+      #       );
+      #   });
+      # };
+    })
+  ];

  # security.polkit.extraConfig = ''
  #   polkit.addRule(function(action, subject) {
@ -86,13 +132,18 @@
  # '';

  environment.systemPackages = with pkgs; [
+    pcsclite
    pcsctools
+    yubikey-personalization
+    yubikey-manager
+    glibcLocales
  ];

  # nixpkgs.overlays = [
  #   (final: prev: {
  #     gnupg = pkgs-unstable.gnupg;
  #     scdaemon = pkgs-unstable.scdaemon;
+  #     libgcrypt = pkgs-unstable.libgcrypt;
  #   })
  # ];

@ -108,4 +159,5 @@
  #   })
  # ];

+  programs.gnupg.agent.enableExtraSocket = true;
 }
--- a/nix/configuration/roles/gpg/files/scdaemon.conf
+++ b/nix/configuration/roles/gpg/files/scdaemon.conf
@ -1,2 +1,7 @@
 reader-port Yubico Yubi
 disable-ccid
+
+log-file /home/talexander/scd.log
+verbose
+debug cardio
+debug-level 5
--- a/nix/configuration/roles/kubernetes/default.nix
+++ b/nix/configuration/roles/kubernetes/default.nix
@ -25,6 +25,9 @@ let
    export KUBECTL_EXTERNAL_DIFF="${pkgs.colordiff}/bin/colordiff -N -u"
    exec ${pkgs.kubectl}/bin/kubectl diff "''${@}"
  '';
+  alias_klog = pkgs.writeShellScriptBin "klog" ''
+    exec ${pkgs.kubectl}/bin/kubectl logs --all-containers "$@"
+  '';
 in
 {
  imports = [ ];
@ -39,5 +42,21 @@ in
    alias_ka
    alias_kdel
    alias_kd
+    alias_klog
  ];
+
+  environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
+    hideMounts = true;
+    users.talexander = {
+      directories = [
+        {
+          directory = ".kube";
+          user = "talexander";
+          group = "talexander";
+          mode = "0750";
+        }
+      ];
+    };
+  };
+
 }
--- a/nix/configuration/roles/network/default.nix
+++ b/nix/configuration/roles/network/default.nix
@ -10,16 +10,16 @@

  networking.dhcpcd.enable = false;
  networking.useDHCP = false;
-  networking.nameservers = [
-    "194.242.2.2#doh.mullvad.net"
-    "2a07:e340::2#doh.mullvad.net"
-  ];
+  # networking.nameservers = [
+  #   "194.242.2.2#doh.mullvad.net"
+  #   "2a07:e340::2#doh.mullvad.net"
+  # ];
  services.resolved = {
    enable = true;
    # dnssec = "true";
-    domains = [ "~." ];
-    fallbackDns = [ ];
-    dnsovertls = "true";
+    # domains = [ "~." ];
+    # fallbackDns = [ ];
+    # dnsovertls = "true";
  };

  # Without this, systemd-resolved will send DNS requests for <X>.home.arpa to the per-link DNS server (172.16.0.1) which does not support DNS-over-TLS. This leads to the connection anging and timing out. This causes firefox startup to take an extra 10+ seconds.
--- a/nix/configuration/roles/sway/default.nix
+++ b/nix/configuration/roles/sway/default.nix
@ -373,6 +373,11 @@ in
          source = ./files/settings.ini;
        };
      };
+      home.file = {
+        ".icons/default" = {
+          source = "${pkgs.adwaita-icon-theme}/share/icons/Adwaita";
+        };
+      };
    };

  # For mounting drives in pcmanfm
Author	SHA1	Message	Date
Tom Alexander	8b074617e8	Use Adwaita cursor theme.	2025-01-06 19:34:28 -05:00
Tom Alexander	13970b53ad	Only decrypt the nix zfs dataset.	2025-01-06 19:21:20 -05:00
Tom Alexander	13d7319a0f	Add nix-index.	2025-01-06 14:32:07 -05:00
Tom Alexander	bd9a85efd3	Add klog alias.	2025-01-05 15:43:23 -05:00
Tom Alexander	4a4c54def4	Disable DNS settings for hotel.	2025-01-02 22:50:55 -05:00
Tom Alexander	18d372c8ee	Revert "Switching to a home-manager config did not fix it." This reverts commit 4599b38ebf5e36495c50ed73ee4149ddc3378841.	2025-01-02 10:27:25 -05:00
Tom Alexander	4599b38ebf	Switching to a home-manager config did not fix it.	2025-01-02 10:27:21 -05:00
Tom Alexander	04a95a2543	More failed attempts to get gpg working.	2025-01-02 09:43:00 -05:00
Tom Alexander	7c5f14ee61	Persist kubernetes client config.	2025-01-02 09:03:19 -05:00