diff --git a/maskiner/core/configuration.nix b/maskiner/core/configuration.nix index c9775f0..6b35beb 100644 --- a/maskiner/core/configuration.nix +++ b/maskiner/core/configuration.nix @@ -54,59 +54,10 @@ in sops.defaultSopsFile = ../../secrets/sops.yaml; sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; sops.secrets.build-service = { }; - sops.secrets.fredrik-wastring = { }; sops.secrets.fw-qemu = { }; - sops.secrets.fleet-enroll-secret = { - owner = "root"; - group = "root"; - mode = "0400"; - }; - sops.secrets.github_token = { - owner = "fw"; - group = "users"; - mode = "0400"; - }; - sops.secrets.grafana_token = { - owner = "fw"; - group = "users"; - mode = "0400"; - }; environment.systemPackages = [ pkgs.cifs-utils ]; - systemd.services.fleet-osquery = { - description = "osquery enrolled to Fleet"; - wantedBy = [ "multi-user.target" ]; - after = [ "network-online.target" ]; - wants = [ "network-online.target" ]; - - serviceConfig = { - Restart = "always"; - RestartSec = "5s"; - StateDirectory = "osquery"; - RuntimeDirectory = "osquery"; - - ExecStart = '' - ${pkgs.osquery}/bin/osqueryd \ - --host_identifier=uuid \ - --pidfile=/run/osquery/osqueryd.pid \ - --extensions_socket=/run/osquery/osquery.em \ - --database_path=/var/lib/osquery/osquery.db \ - --enroll_tls_endpoint=/api/osquery/enroll \ - --config_plugin=tls \ - --config_tls_endpoint=/api/osquery/config \ - --logger_plugin=tls \ - --logger_tls_endpoint=/api/osquery/log \ - --distributed_plugin=tls \ - --distributed_tls_read_endpoint=/api/osquery/distributed/read \ - --distributed_tls_write_endpoint=/api/osquery/distributed/write \ - --tls_hostname=fleet.internalifacts.se:443 \ - --enroll_secret_path=${config.sops.secrets.fleet-enroll-secret.path} \ - --tls_server_certs=/etc/ssl/certs/ca-certificates.crt - ''; - }; - }; - fileSystems."/mnt/testweb/C" = { device = "//192.168.0.226/C$"; fsType = "cifs"; @@ -149,34 +100,6 @@ in ]; }; - fileSystems."/mnt/hyperv2/C" = { - device = "//192.168.0.48/C$"; - fsType = "cifs"; - options = - let - automount_opts = - "x-systemd.automount,noauto,x-systemd.idle-timeout=60," - + "x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; - in - [ - "${automount_opts},credentials=${toString config.sops.secrets.fredrik-wastring.path},vers=3.0" - ]; - }; - - fileSystems."/mnt/hyperv1/C" = { - device = "//192.168.0.143/C$"; - fsType = "cifs"; - options = - let - automount_opts = - "x-systemd.automount,noauto,x-systemd.idle-timeout=60," - + "x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; - in - [ - "${automount_opts},credentials=${toString config.sops.secrets.fredrik-wastring.path},vers=3.0" - ]; - }; - fileSystems."/mnt/fw-qemu/C" = { device = "//10.0.2.4/qemu/C$"; fsType = "cifs"; diff --git a/moduler/dev.nix b/moduler/dev.nix index 2eb48df..f79534b 100644 --- a/moduler/dev.nix +++ b/moduler/dev.nix @@ -15,7 +15,6 @@ in awscli minio-client opentofu - python3 (azPkgs.azure-cli.withExtensions ( with azPkgs.azure-cli.extensions; [ diff --git a/moduler/fish.nix b/moduler/fish.nix index 286e943..e898153 100644 --- a/moduler/fish.nix +++ b/moduler/fish.nix @@ -1,9 +1,4 @@ -{ - pkgs, - lib, - config, - ... -}: +{ pkgs, lib, config, ... }: let inherit (lib) concatStringsSep mkOption types; @@ -100,32 +95,20 @@ in interactiveShellInit = let fzfOpts = catppuccinFzfOptions.${config.fish.theme}; - in - '' - fish_vi_key_bindings - set fish_greeting - set FLAKE_DIR "/home/fw/nix" - set JIRA_API_TOKEN ATATT3xFfGF0_fkpGB1ne-QOSJzFVG0yH31j2CRtdNqbePCyEm9enpnA2uA3go75_GQwZPFX_IO9tf10ALJWvDLjsuHl8MSOUkNd703Vqr4uuGLAbHY73Z_b9fDJVrfodTrGAN9sZ5Sp75opCVkXB7MVXSAIvlWimRdwe-tqDPH4vhwY9Hqcs6M=0510D6CD - set -gx GITHUB_PERSONAL_ACCESS_TOKEN (cat /run/secrets/github_token) - set -gx GITHUB_HOST "https://github.com" - set -gx GRAFANA_SERVICE_ACCOUNT_TOKEN (cat /run/secrets/grafana_token) - set -gx GRAFANA_URL "https://monitoring.internalifacts.se" - set -Ux FZF_CTRL_R_OPTS "--reverse" - set -Ux FZF_TMUX_OPTS "-p" - set -e GOROOT - set -x -U GOPATH $HOME/.go - gh completion -s fish > ~/.config/fish/completions/gh.fish - set -gx PATH $PATH $HOME/scripts - set -gx PATH $PATH $HOME/.krew/bin + in '' + fish_vi_key_bindings + set fish_greeting + set FLAKE_DIR "/home/fw/nix" + set JIRA_API_TOKEN ATATT3xFfGF0_fkpGB1ne-QOSJzFVG0yH31j2CRtdNqbePCyEm9enpnA2uA3go75_GQwZPFX_IO9tf10ALJWvDLjsuHl8MSOUkNd703Vqr4uuGLAbHY73Z_b9fDJVrfodTrGAN9sZ5Sp75opCVkXB7MVXSAIvlWimRdwe-tqDPH4vhwY9Hqcs6M=0510D6CD + set -Ux FZF_CTRL_R_OPTS "--reverse" + set -Ux FZF_TMUX_OPTS "-p" + set -e GOROOT + set -x -U GOPATH $HOME/.go + gh completion -s fish > ~/.config/fish/completions/gh.fish + set -gx PATH $PATH $HOME/scripts + set -gx PATH $PATH $HOME/.krew/bin - - if not set -q SSH_AUTH_SOCK - eval (ssh-agent -c) - ssh-add ~/.ssh/id_ed25519 >/dev/null 2>&1 - set SSH_AUTH_SOCK /home/fw/.bitwarden-ssh-agent.sock - end - - set -Ux FZF_DEFAULT_OPTS "${fzfOpts}" + set -Ux FZF_DEFAULT_OPTS "${fzfOpts}" ''; }; }; diff --git a/moduler/oh-my-posh.nix b/moduler/oh-my-posh.nix index ac979a1..3175e0c 100644 --- a/moduler/oh-my-posh.nix +++ b/moduler/oh-my-posh.nix @@ -1,9 +1,4 @@ -{ - pkgs, - lib, - config, - ... -}: +{ pkgs, lib, config, ... }: let palettes = { latte = { @@ -78,41 +73,10 @@ with lib; "fetch_status" = false; "fetch_upstream_icon" = false; }; - "template" = "{{ .HEAD }}"; + "template" = "{{ .HEAD }} "; "style" = "plain"; "type" = "git"; } - { - "type" = "terraform"; - "style" = "plain"; - "foreground" = "p:peach"; - "properties" = { - "command" = "tofu"; - }; - "template" = "  {{.WorkspaceName}}"; - } - { - "type" = "kubectl"; - "style" = "plain"; - "foreground" = "p:lavender"; - "template" = " 󱃾 {{.Context}}{{if .Namespace}} :: {{.Namespace}}{{end}}"; - "options" = { - "context_aliases" = { - "prd-mmo" = "prd-mmo"; - "test-mmo" = "test-mmo"; - }; - "cluster_aliases" = { - "prd-mmo" = "prd-mmo"; - "test-mmo" = "test-mmo"; - }; - }; - } - # { - # "type" = "argocd"; - # "style" = "plain"; - # "foreground" = "p:blue"; - # "template" = "  {{ .Server }}"; - # } { "style" = "plain"; "foreground" = "p:closer"; @@ -121,7 +85,7 @@ with lib; { "foreground" = "p:mauve"; "style" = "plain"; - "template" = " {{ .UserName }}@"; + "template" = "{{ .UserName }}@"; "type" = "session"; } { diff --git a/moduler/programs.nix b/moduler/programs.nix index 56a7f38..e2c28b7 100644 --- a/moduler/programs.nix +++ b/moduler/programs.nix @@ -75,11 +75,6 @@ quickemu virt-viewer go-passbolt-cli - wf-recorder - slurp - bitwarden-desktop - bitwarden-cli - dbeaver-bin ( diff --git a/moduler/programs/hyprland/default.nix b/moduler/programs/hyprland/default.nix index 1319d1b..963465f 100644 --- a/moduler/programs/hyprland/default.nix +++ b/moduler/programs/hyprland/default.nix @@ -294,11 +294,6 @@ with lib; "$mod SHIFT, s, exec, ${pkgs.grim}/bin/grim -g \"$(${pkgs.slurp}/bin/slurp)\" - | ${pkgs.wl-clipboard}/bin/wl-copy -t image/png" "$mod SHIFT, c, exec, ${pkgs.grim}/bin/grim -g \"$(${pkgs.slurp}/bin/slurp)\" \"$HOME/$(date +screenshot-%Y%m%d-%H%M%S.png)\"" - # GIFs - "$mod SHIFT, g, exec, ${pkgs.bash}/bin/bash -lc 'ts=$(date +recording-%Y%m%d-%H%M%S); dir=\"$HOME/misc/clips\"; mp4=\"$dir/$ts.mp4\"; gif=\"$dir/$ts.gif\"; mkdir -p \"$dir\"; ${pkgs.wf-recorder}/bin/wf-recorder -g \"$(${pkgs.slurp}/bin/slurp)\" -f \"$mp4\" && ${pkgs.ffmpeg}/bin/ffmpeg -i \"$mp4\" -vf \"fps=20,scale=1200:-1:flags=lanczos,palettegen\" -y /tmp/palette.png && ${pkgs.ffmpeg}/bin/ffmpeg -i \"$mp4\" -i /tmp/palette.png -filter_complex \"fps=20,scale=1200:-1:flags=lanczos[x];[x][1:v]paletteuse\" -y \"$gif\" && rm -f \"$mp4\"'" - "$mod SHIFT, f, exec, pkill -INT wf-recorder" - - # special "SUPER+SHIFT, code:201, exec, confetti" ",XF86Tools , exec, ${pkgs.playerctl}/bin/playerctl play-pause" diff --git a/secrets/sops.yaml b/secrets/sops.yaml index dca72c9..4477c44 100644 --- a/secrets/sops.yaml +++ b/secrets/sops.yaml @@ -10,11 +10,7 @@ user-password: ENC[AES256_GCM,data:cngHqB2IQXVvSMwm5KJeq6wOQMQ4z/DWap3YMyahq2fz8 immich-secrets-file: ENC[AES256_GCM,data:aUSQr5k7uqZzBvpSAFgpfStcuEPbf3U2GED+biU56UBi02MgQzckmK4kKJ7XIF6UyBvxLw==,iv:mep3JNp86YjsIJSONYNLeEYsSN/ERao7hs7O5cnHF9s=,tag:m6sulZTYMnTpxgPGFXITTg==,type:str] paperless-admin-password: ENC[AES256_GCM,data:Aup5T7pMptHT6z7Uqzd9I4EMaG4sbPNC9bVj+muTowkNKAr3nMOOXaAL4wgy00UI9u4KdZzQ/hyrYMMT,iv:VaR7OK8CEC3VlSbGvLIihX15fQQ7H/PyWZcp7nifOAg=,tag:G4DNgqjbZYaeSmj8vmT5IA==,type:str] build-service: ENC[AES256_GCM,data:4I1iPfdc5mbzGIYCVEtTZW0/MvLwUyEb2uaDERaApYMOVB3iSVNx+fyhxRokaQ==,iv:zAfFGFJdj6TvkS4D9qtRhYtPcvhNqv98Dmzp0TKVp+4=,tag:bWrUbEleOVq01eeKYvq7rw==,type:str] -fredrik-wastring: ENC[AES256_GCM,data:TQSjO/GGErorK1VwTUXU40o+8z8vh3OM01ErmmHnmp9p0EIfb8mmPqB37i/Ncw==,iv:mRL6grlO/GVw/5RrkHcsZ0Un5IWCPF9CRSxumZZXUcI=,tag:EN4ETD5UtXN3gAE6bfaUxg==,type:str] fw-qemu: ENC[AES256_GCM,data:TxbilLf79+gieY3WbAGl175aTUVjIc6rlKfYTy8Usmw=,iv:WCvfZctBVCSPwoCXMDoSroNt+kakGke5r0pFOSAMPgo=,tag:qY0HxicfypO15CozZ2fcoQ==,type:str] -github_token: ENC[AES256_GCM,data:E8j5K2U8UvTpZtsWIm55dvvSxmZjDY15lYeXGuKnPuq1fRyb5HolEQ==,iv:tqODZ4Y247D4DhmC3z7XEq/2K2JsU76p1hxYkYiql9E=,tag:iYithxJyO/GKvKwwh4BDlA==,type:str] -grafana_token: ENC[AES256_GCM,data:yAUqBV2/IF/wkyutHhf1Ui/xxRIt+SgsUk7QmdcnYa+x5KC8G1ifdcxJjPJvyQ==,iv:dGk6AfadwajDbFzTteCeyNIpwWRwdJbNwjGSlrmhaBU=,tag:svCcQo96PGFXu+MVsmn1HQ==,type:str] -fleet-enroll-secret: ENC[AES256_GCM,data:2DEmgzsYvWZas65HLE4PaxZ3h7L4Gw8esVirZYrzCik=,iv:9t6ET8QnPLIl0Pnn9r24btF7VUQnRr3ukRH0oVsgIrg=,tag:mQ0yxEhx72L71DB36cfMew==,type:str] sops: age: - recipient: age1jeyw96795qu52swmtkjqgr2w3g4vxc43ckc5r4hlwpje23ptnfwsheah0s @@ -62,7 +58,7 @@ sops: dFZ3T3VUeHVnVThadHVQaVJCNkdZeDQK99L7CbBbklUUtanyFIOiCzO3hZP1mh3z ZZhhr6BCcHBbqzLaRLbT27BTCoNuGsXxyzW6tpXYacYuITkcFq9bOQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-03-17T09:44:56Z" - mac: ENC[AES256_GCM,data:MX3xARncq/j17K5gtmGRi9E4LEOFDeoinahJ0o0AxECjdQYUndtlIMe+0/BfL2GIemhNaiHsQydjE4TrORgl/RGMcHj/gYy9EvY/m0E7gtSoWpxN5FOdavCQ4jcgRRxYj1mDdTuaS7VksWd+9XZMJh7ScmHlMI8PWdnTessd6Mk=,iv:GxuMN1Vt2fEBs/WrD4BvJlUIiGiHppZfzHU8NRB/4DA=,tag:OnHU8MnyLtclBCWKwribAQ==,type:str] + lastmodified: "2026-02-19T10:11:05Z" + mac: ENC[AES256_GCM,data:I6wKjKoYp1MxO/5kLBiiETJWlDHcuqtLFU4ZlzPHqS3MuOCh0958Zlzv0R6vz5piREqEoiFFPb2O4VROMMXK+xKXTzO5us0j9OYfPi5J/8J0g085QCKqO4nnpyb/CxSMoHJ2+BTfmyhbAwqmXe7jo0ylOU/gFfx9fIt6ewD0LjI=,iv:+My8r7y4FhFQnOx7wNQGJ9Cd4vk7CzxUJv7xnJoPyXE=,tag:eywhbOfjOp940jem30YMVQ==,type:str] unencrypted_suffix: _unencrypted - version: 3.12.0 + version: 3.11.0