Use Adwaita cursor theme.

Only decrypt the nix zfs dataset.
Add nix-index.
2025-01-06 19:34:28 -05:00 · 2025-01-06 19:21:20 -05:00 · 2025-01-06 14:32:07 -05:00 · 2025-01-05 15:43:23 -05:00 · 2025-01-02 22:50:55 -05:00 · 2025-01-02 10:27:25 -05:00
7 changed files with 104 additions and 19 deletions
--- a/nix/configuration/configuration.nix
+++ b/nix/configuration/configuration.nix
@ -130,6 +130,7 @@
    strace
    tcpdump
    git-crypt
    nix-index-unwrapped
  ];
  services.openssh = {
--- a/nix/configuration/hosts/odo/disk-config.nix
+++ b/nix/configuration/hosts/odo/disk-config.nix
@ -118,4 +118,7 @@ lib.mkIf (!config.me.buildingIso) {
  fileSystems."/persist".neededForBoot = true;
  fileSystems."/state".neededForBoot = true;
  fileSystems."/home".neededForBoot = true;
  # Only attempt to decrypt the main pool. Otherwise it attempts to decrypt pools that aren't even used.
  boot.zfs.requestEncryptionCredentials = [ "zroot/linux/nix" ];
 }
--- a/nix/configuration/roles/gpg/default.nix
+++ b/nix/configuration/roles/gpg/default.nix
@ -15,7 +15,18 @@
  # gpg -vvv --auto-key-locate local,wkd --locate-keys tom@fizz.buzz
  hardware.gpgSmartcards.enable = true;
-  services.udev.packages = [ pkgs.yubikey-personalization ];
+  services.udev.packages = [
    pkgs.yubikey-personalization
    pkgs.libfido2
    (pkgs.writeTextFile {
      name = "my-rules";
      text = ''
        ACTION=="add", SUBSYSTEM=="usb", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0406", MODE="660", GROUP="wheel"
        KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0406", TAG+="uaccess", GROUP="wheel", MODE="0660"
      '';
      destination = "/etc/udev/rules.d/50-yubikey.rules";
    })
  ];
  services.pcscd.enable = true;
  # services.gnome.gnome-keyring.enable = true;
@ -36,7 +47,7 @@
      };
    };
-  programs.gnupg.dirmngr.enable = true;
+  # programs.gnupg.dirmngr.enable = true;
  programs.gnupg.agent = {
    enable = true;
    enableSSHSupport = true;
@ -60,16 +71,51 @@
    };
  };
-  # nixpkgs.overlays = [
+  nixpkgs.overlays = [
-  #   (final: prev: {
+    (final: prev: {
-  #     pcsclite = prev.pcsclite.overrideAttrs (old: {
+      # pcsclite = prev.pcsclite.overrideAttrs (old: {
-  #       postPatch = ''
+      #   postPatch = ''
-  #         substituteInPlace src/libredirect.c src/spy/libpcscspy.c \
+      #     substituteInPlace src/libredirect.c src/spy/libpcscspy.c \
-  #           --replace-fail "libpcsclite_real.so.1" "$lib/lib/libpcsclite_real.so.1"
+      #       --replace-fail "libpcsclite_real.so.1" "$lib/lib/libpcsclite_real.so.1"
-  #       '';
+      #   '';
-  #     });
+      # });
-  #   })
+
-  # ];
+      # pcsclite = prev.pcsclite.overrideAttrs (old: {
      #   postPatch =
      #     old.postPatch
      #     + (lib.optionalString
      #       (!(lib.strings.hasInfix ''--replace-fail "libpcsclite_real.so.1"'' old.postPatch))
      #       ''
      #         substituteInPlace src/libredirect.c src/spy/libpcscspy.c \
      #           --replace-fail "libpcsclite_real.so.1" "$lib/lib/libpcsclite_real.so.1"
      #       ''
      #     );
      # });
      # pcsclite = prev.pcsclite.overrideAttrs (old: {
      #   postPatch =
      #     old.postPatch
      #     + ''
      #       substituteInPlace src/libredirect.c src/spy/libpcscspy.c \
      #         --replace-fail "libpcsclite_real.so.1" "$lib/lib/libpcsclite_real.so.1"
      #     '';
      # });
      # gnupg = prev.gnupg.override {
      #   pcsclite = pkgs.pcsclite.overrideAttrs (old: {
      #     postPatch =
      #       old.postPatch
      #       + (lib.optionalString
      #         (!(lib.strings.hasInfix ''--replace-fail "libpcsclite_real.so.1"'' old.postPatch))
      #         ''
      #           substituteInPlace src/libredirect.c src/spy/libpcscspy.c \
      #             --replace-fail "libpcsclite_real.so.1" "$lib/lib/libpcsclite_real.so.1"
      #         ''
      #       );
      #   });
      # };
    })
  ];
  # security.polkit.extraConfig = ''
  #   polkit.addRule(function(action, subject) {
@ -86,13 +132,18 @@
  # '';
  environment.systemPackages = with pkgs; [
    pcsclite
    pcsctools
    yubikey-personalization
    yubikey-manager
    glibcLocales
  ];
  # nixpkgs.overlays = [
  #   (final: prev: {
  #     gnupg = pkgs-unstable.gnupg;
  #     scdaemon = pkgs-unstable.scdaemon;
  #     libgcrypt = pkgs-unstable.libgcrypt;
  #   })
  # ];
@ -108,4 +159,5 @@
  #   })
  # ];
  programs.gnupg.agent.enableExtraSocket = true;
 }
--- a/nix/configuration/roles/gpg/files/scdaemon.conf
+++ b/nix/configuration/roles/gpg/files/scdaemon.conf
@ -1,2 +1,7 @@
 reader-port Yubico Yubi
 disable-ccid
 log-file /home/talexander/scd.log
 verbose
 debug cardio
 debug-level 5
--- a/nix/configuration/roles/kubernetes/default.nix
+++ b/nix/configuration/roles/kubernetes/default.nix
@ -25,6 +25,9 @@ let
    export KUBECTL_EXTERNAL_DIFF="${pkgs.colordiff}/bin/colordiff -N -u"
    exec ${pkgs.kubectl}/bin/kubectl diff "''${@}"
  '';
  alias_klog = pkgs.writeShellScriptBin "klog" ''
    exec ${pkgs.kubectl}/bin/kubectl logs --all-containers "$@"
  '';
 in
 {
  imports = [ ];
@ -39,5 +42,21 @@ in
    alias_ka
    alias_kdel
    alias_kd
    alias_klog
  ];
  environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
    hideMounts = true;
    users.talexander = {
      directories = [
        {
          directory = ".kube";
          user = "talexander";
          group = "talexander";
          mode = "0750";
        }
      ];
    };
  };
 }
--- a/nix/configuration/roles/network/default.nix
+++ b/nix/configuration/roles/network/default.nix
@ -10,16 +10,16 @@
  networking.dhcpcd.enable = false;
  networking.useDHCP = false;
-  networking.nameservers = [
+  # networking.nameservers = [
-    "194.242.2.2#doh.mullvad.net"
+  #   "194.242.2.2#doh.mullvad.net"
-    "2a07:e340::2#doh.mullvad.net"
+  #   "2a07:e340::2#doh.mullvad.net"
-  ];
+  # ];
  services.resolved = {
    enable = true;
    # dnssec = "true";
-    domains = [ "~." ];
+    # domains = [ "~." ];
-    fallbackDns = [ ];
+    # fallbackDns = [ ];
-    dnsovertls = "true";
+    # dnsovertls = "true";
  };
  # Without this, systemd-resolved will send DNS requests for <X>.home.arpa to the per-link DNS server (172.16.0.1) which does not support DNS-over-TLS. This leads to the connection anging and timing out. This causes firefox startup to take an extra 10+ seconds.
--- a/nix/configuration/roles/sway/default.nix
+++ b/nix/configuration/roles/sway/default.nix
@ -373,6 +373,11 @@ in
          source = ./files/settings.ini;
        };
      };
      home.file = {
        ".icons/default" = {
          source = "${pkgs.adwaita-icon-theme}/share/icons/Adwaita";
        };
      };
    };
  # For mounting drives in pcmanfm
Author	SHA1	Message	Date
Tom Alexander	8b074617e8	Use Adwaita cursor theme.	2025-01-06 19:34:28 -05:00
Tom Alexander	13970b53ad	Only decrypt the nix zfs dataset.	2025-01-06 19:21:20 -05:00
Tom Alexander	13d7319a0f	Add nix-index.	2025-01-06 14:32:07 -05:00
Tom Alexander	bd9a85efd3	Add klog alias.	2025-01-05 15:43:23 -05:00
Tom Alexander	4a4c54def4	Disable DNS settings for hotel.	2025-01-02 22:50:55 -05:00
Tom Alexander	18d372c8ee	Revert "Switching to a home-manager config did not fix it." This reverts commit 4599b38ebf5e36495c50ed73ee4149ddc3378841.	2025-01-02 10:27:25 -05:00
Tom Alexander	4599b38ebf	Switching to a home-manager config did not fix it.	2025-01-02 10:27:21 -05:00
Tom Alexander	04a95a2543	More failed attempts to get gpg working.	2025-01-02 09:43:00 -05:00
Tom Alexander	7c5f14ee61	Persist kubernetes client config.	2025-01-02 09:03:19 -05:00