kde updates

modules/features/mtls.nix

@@ -232,7 +232,7 @@ in
         ];
 
         # Create the systemd service files for the user.
-        xdg.dataFile = lib.mkIf cfg.renew.enable {
+        xdg.configFile = lib.mkIf cfg.renew.enable {
           "systemd/user/mtls-renew.service".source =
             "${mtlsRenewWrapper.outputs.systemd-user}/systemd/user/mtls-renew.service";
           "systemd/user/mtls-renew.timer".source =
@@ -250,7 +250,11 @@ in
           if [ -n "$XDG_RUNTIME_DIR" ] && [ -S "$XDG_RUNTIME_DIR/systemd/private" ]; then
             if [ "${lib.boolToString (cfg.enable && cfg.renew.enable)}" = "true" ]; then
               run ${pkgs.systemd}/bin/systemctl --user daemon-reload
+              if ${pkgs.systemd}/bin/systemctl --user cat mtls-renew.timer >/dev/null 2>&1; then
                 run ${pkgs.systemd}/bin/systemctl --user enable --now mtls-renew.timer
+              else
+                verboseEcho "mtls-renew.timer unit file is not available; skipping enable"
+              fi
             else
               run ${pkgs.systemd}/bin/systemctl --user disable --now mtls-renew.timer || true
               run ${pkgs.systemd}/bin/systemctl --user daemon-reload || true

modules/hosts/john-kde/default.nix

@@ -0,0 +1,70 @@
+{ withSystem, self, inputs, ... }:
+let
+  username = "john";
+  hostname = "omen";
+in
+{
+  flake.modules.homeManager."${hostname}" = { config, pkgs, lib, ... }:
+  let
+    selfPkgs = inputs.self.packages.${pkgs.stdenv.hostPlatform.system};
+    flakeDir = "${config.xdg.configHome}/home-manager";
+  in
+  {
+    imports = with inputs.self.modules.homeManager; [
+      rebuild
+      john
+      # mtls
+      # restic
+      docker
+      desktop
+      step-client
+      # mysops
+      # myPackage
+      # myStepClient
+    ];
+    # TODO: make this more restrictive, rather than allowing all unfree packages
+    nixpkgs.config.allowUnfree = true;
+    nixpkgs.config.permittedInsecurePackages = [ "openssl-1.1.1w" ];
+
+    targets.genericLinux.enable = true;
+
+    home.username = "${username}";
+    home.homeDirectory = "/home/${username}";
+    home.packages = with pkgs; [
+      selfPkgs.jsl-zsh
+      selfPkgs.my-neovim
+      selfPkgs.ssh-certs
+      # selfPkgs.step-bootstrap
+      # selfPkgs.wg-platform
+      # self'.packages.myWrappedPackage
+      # (inputs.self.wrappers.test-push.apply {
+      #   inherit pkgs flakeDir;
+      #   host = testHost;
+      #   target = testTarget;
+      # }).wrapper
+    ];
+
+    homeManagerFlakeDir = flakeDir;
+    docker.enable = true;
+
+    ssh = {
+      certificates.enable = true;
+      knownHosts = [
+        "fded:fb16:653e:25da:be24:11ff:fea0:753f ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ9ZqiWPrCwHjxFCiu0lT4rlQs7KyMapxKJQQ5PJP1eh"
+      ];
+      matchSets = {
+        certs = true;
+        appdaemon = true;
+        homelab = true;
+        dev = true;
+        tailscale = true;
+      };
+    };
+  };
+
+  flake.homeConfigurations."john@omen" = withSystem "x86_64-linux" (ctx@{ system, inputs', ... }:
+    inputs.home-manager.lib.homeManagerConfiguration {
+      pkgs = inputs'.nixpkgs.legacyPackages;
+      modules = [ inputs.self.modules.homeManager."${hostname}" ]; # Uses the module defined above
+  });
+}

modules/programs/onepassword.nix

@@ -5,6 +5,5 @@
       [[ssh-keys]]
       vault = "Private"
     '';
-    programs.ssh.matchBlocks."*".identityAgent = "${config.home.homeDirectory}/.1password/agent.sock";
   };
 }

modules/services/ssh.nix

@@ -135,6 +135,7 @@ in
             "*" = lib.mkMerge [
               {
                 user = "john";
+                identityAgent = "${config.home.homeDirectory}/.1password/agent.sock";
 
                 compression = false;
                 serverAliveInterval = 0;