From a337ce6f2c428024d4c040e990e828bc2c513786 Mon Sep 17 00:00:00 2001 From: John Lancaster <32917998+jsl12@users.noreply.github.com> Date: Tue, 9 Jun 2026 09:06:21 -0500 Subject: [PATCH] kde updates --- modules/features/mtls.nix | 8 +++- modules/hosts/john-kde/default.nix | 70 ++++++++++++++++++++++++++++++ modules/programs/onepassword.nix | 1 - modules/services/ssh.nix | 1 + 4 files changed, 77 insertions(+), 3 deletions(-) create mode 100644 modules/hosts/john-kde/default.nix diff --git a/modules/features/mtls.nix b/modules/features/mtls.nix index aedadb1..8a03a85 100644 --- a/modules/features/mtls.nix +++ b/modules/features/mtls.nix @@ -232,7 +232,7 @@ in ]; # Create the systemd service files for the user. - xdg.dataFile = lib.mkIf cfg.renew.enable { + xdg.configFile = lib.mkIf cfg.renew.enable { "systemd/user/mtls-renew.service".source = "${mtlsRenewWrapper.outputs.systemd-user}/systemd/user/mtls-renew.service"; "systemd/user/mtls-renew.timer".source = @@ -250,7 +250,11 @@ in if [ -n "$XDG_RUNTIME_DIR" ] && [ -S "$XDG_RUNTIME_DIR/systemd/private" ]; then if [ "${lib.boolToString (cfg.enable && cfg.renew.enable)}" = "true" ]; then run ${pkgs.systemd}/bin/systemctl --user daemon-reload - run ${pkgs.systemd}/bin/systemctl --user enable --now mtls-renew.timer + if ${pkgs.systemd}/bin/systemctl --user cat mtls-renew.timer >/dev/null 2>&1; then + run ${pkgs.systemd}/bin/systemctl --user enable --now mtls-renew.timer + else + verboseEcho "mtls-renew.timer unit file is not available; skipping enable" + fi else run ${pkgs.systemd}/bin/systemctl --user disable --now mtls-renew.timer || true run ${pkgs.systemd}/bin/systemctl --user daemon-reload || true diff --git a/modules/hosts/john-kde/default.nix b/modules/hosts/john-kde/default.nix new file mode 100644 index 0000000..e6d9755 --- /dev/null +++ b/modules/hosts/john-kde/default.nix @@ -0,0 +1,70 @@ +{ withSystem, self, inputs, ... }: +let + username = "john"; + hostname = "omen"; +in +{ + flake.modules.homeManager."${hostname}" = { config, pkgs, lib, ... }: + let + selfPkgs = inputs.self.packages.${pkgs.stdenv.hostPlatform.system}; + flakeDir = "${config.xdg.configHome}/home-manager"; + in + { + imports = with inputs.self.modules.homeManager; [ + rebuild + john + # mtls + # restic + docker + desktop + step-client + # mysops + # myPackage + # myStepClient + ]; + # TODO: make this more restrictive, rather than allowing all unfree packages + nixpkgs.config.allowUnfree = true; + nixpkgs.config.permittedInsecurePackages = [ "openssl-1.1.1w" ]; + + targets.genericLinux.enable = true; + + home.username = "${username}"; + home.homeDirectory = "/home/${username}"; + home.packages = with pkgs; [ + selfPkgs.jsl-zsh + selfPkgs.my-neovim + selfPkgs.ssh-certs + # selfPkgs.step-bootstrap + # selfPkgs.wg-platform + # self'.packages.myWrappedPackage + # (inputs.self.wrappers.test-push.apply { + # inherit pkgs flakeDir; + # host = testHost; + # target = testTarget; + # }).wrapper + ]; + + homeManagerFlakeDir = flakeDir; + docker.enable = true; + + ssh = { + certificates.enable = true; + knownHosts = [ + "fded:fb16:653e:25da:be24:11ff:fea0:753f ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ9ZqiWPrCwHjxFCiu0lT4rlQs7KyMapxKJQQ5PJP1eh" + ]; + matchSets = { + certs = true; + appdaemon = true; + homelab = true; + dev = true; + tailscale = true; + }; + }; + }; + + flake.homeConfigurations."john@omen" = withSystem "x86_64-linux" (ctx@{ system, inputs', ... }: + inputs.home-manager.lib.homeManagerConfiguration { + pkgs = inputs'.nixpkgs.legacyPackages; + modules = [ inputs.self.modules.homeManager."${hostname}" ]; # Uses the module defined above + }); +} diff --git a/modules/programs/onepassword.nix b/modules/programs/onepassword.nix index a6821e8..af6fc8d 100644 --- a/modules/programs/onepassword.nix +++ b/modules/programs/onepassword.nix @@ -5,6 +5,5 @@ [[ssh-keys]] vault = "Private" ''; - programs.ssh.matchBlocks."*".identityAgent = "${config.home.homeDirectory}/.1password/agent.sock"; }; } diff --git a/modules/services/ssh.nix b/modules/services/ssh.nix index 2eb5220..4804a1f 100644 --- a/modules/services/ssh.nix +++ b/modules/services/ssh.nix @@ -135,6 +135,7 @@ in "*" = lib.mkMerge [ { user = "john"; + identityAgent = "${config.home.homeDirectory}/.1password/agent.sock"; compression = false; serverAliveInterval = 0;