Clean up some secret management stuff
This commit is contained in:
parent
74ad74af1f
commit
37d8642ed9
GPG key ID:
55A032EB38B49ADB
|
|
@ -1,5 +1,16 @@
|
||||||
{ pkgs, config, lib, ... }:
|
{ pkgs, config, lib, ... }:
|
||||||
with lib; {
|
with lib;
|
||||||
|
let
|
||||||
|
kwallet = { pkgs, lib, ... }: {
|
||||||
|
home.packages = with pkgs; [ kdePackages.kwallet kdePackages.ksshaskpass ];
|
||||||
|
home.sessionVariables = {
|
||||||
|
# https://wiki.archlinux.org/title/KDE_Wallet#Using_the_KDE_Wallet_to_store_ssh_key_passphrases
|
||||||
|
SSH_ASKPASS = lib.getExe pkgs.kdePackages.ksshaskpass;
|
||||||
|
SSH_ASKPASS_REQUIRE = "prefer";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
in
|
||||||
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./modules/monitors.nix
|
./modules/monitors.nix
|
||||||
./modules/linux/graphical
|
./modules/linux/graphical
|
||||||
|
|
@ -12,22 +23,13 @@ with lib; {
|
||||||
file # Query file type
|
file # Query file type
|
||||||
nix-output-monitor
|
nix-output-monitor
|
||||||
|
|
||||||
pinentry-gnome3
|
pinentry-qt
|
||||||
|
|
||||||
# Java stuff
|
# Java stuff
|
||||||
jdk21
|
jdk21
|
||||||
sbt
|
sbt
|
||||||
];
|
];
|
||||||
|
|
||||||
## Gnome-keyring
|
|
||||||
services.gnome-keyring = {
|
|
||||||
enable = true;
|
|
||||||
components = [ "pkcs11" "secrets" "ssh" ];
|
|
||||||
};
|
|
||||||
# services.gpg-agent.enable = true;
|
|
||||||
# services.gpg-agent.pinentryFlavor = "curses";
|
|
||||||
# services.gpg-agent.enableSshSupport = true;
|
|
||||||
|
|
||||||
# Git "safe-directory"
|
# Git "safe-directory"
|
||||||
programs.git.extraConfig.safe.directory = [
|
programs.git.extraConfig.safe.directory = [
|
||||||
"${config.home.homeDirectory}/.config/nixpkgs"
|
"${config.home.homeDirectory}/.config/nixpkgs"
|
||||||
|
|
|
||||||
|
|
@ -151,8 +151,8 @@ in
|
||||||
# Sway!
|
# Sway!
|
||||||
if status --is-login; and test -z $DISPLAY; and test (tty) = "/dev/tty1"
|
if status --is-login; and test -z $DISPLAY; and test (tty) = "/dev/tty1"
|
||||||
${bootDesktop}
|
${bootDesktop}
|
||||||
if test $status -ne 255
|
if test $status -eq 0
|
||||||
exit $status
|
exit 0
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -344,12 +344,10 @@ in
|
||||||
swaynag.enable = true;
|
swaynag.enable = true;
|
||||||
# Environment Variables
|
# Environment Variables
|
||||||
extraSessionCommands = ''
|
extraSessionCommands = ''
|
||||||
export MOZ_ENABLE_WAYLAND=1
|
|
||||||
export SDL_VIDEODRIVER=wayland
|
|
||||||
export QT_QPA_PLATFORM=wayland
|
export QT_QPA_PLATFORM=wayland
|
||||||
export QT_WAYLAND_DISABLE_WINDOWDECORATION="1"
|
export QT_WAYLAND_DISABLE_WINDOWDECORATION="1"
|
||||||
export QT_IM_MODULE=fcitx
|
export QT_IM_MODULE=fcitx
|
||||||
# export NIXOS_OZONE_WL=1 # Yeah this fucks up IMEs
|
# export NIXOS_OZONE_WL=1 # Until text-input is merged
|
||||||
|
|
||||||
'' + (if config.services.gnome-keyring.enable then ''
|
'' + (if config.services.gnome-keyring.enable then ''
|
||||||
# gnome-keyring
|
# gnome-keyring
|
||||||
|
|
@ -389,12 +387,6 @@ in
|
||||||
'' + ''
|
'' + ''
|
||||||
# Enable portal stuff
|
# Enable portal stuff
|
||||||
exec ${pkgs.writeShellScript "start-portals.sh" ''
|
exec ${pkgs.writeShellScript "start-portals.sh" ''
|
||||||
# Import the WAYLAND_DISPLAY env var from sway into the systemd user session.
|
|
||||||
dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway
|
|
||||||
|
|
||||||
# Stop any services that are running, so that they receive the new env var when they restart.
|
|
||||||
systemctl --user stop pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr
|
|
||||||
systemctl --user start pipewire-media-session
|
|
||||||
''}
|
''}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue