From cd7b3c9d0d0e0c54cc2532714fc929c2491590b3 Mon Sep 17 00:00:00 2001 From: Sam Date: Wed, 5 Jun 2024 12:30:55 +0100 Subject: [PATCH] dbui connections.json as sops-nix template --- flake.lock | 74 ++++++++++--------------- home/common/core/default.nix | 26 +++++---- home/common/core/nixvim/plugins/cmp.nix | 14 +++++ home/common/optional/sops.nix | 18 ++++-- home/semita.nix | 8 +-- home/users/sam/default.nix | 18 +++--- hosts/common/users/sam/default.nix | 41 ++++++++++---- 7 files changed, 110 insertions(+), 89 deletions(-) diff --git a/flake.lock b/flake.lock index 09594a7..b32a886 100644 --- a/flake.lock +++ b/flake.lock @@ -45,11 +45,11 @@ ] }, "locked": { - "lastModified": 1717177033, - "narHash": "sha256-G3CZJafCO8WDy3dyA2EhpUJEmzd5gMJ2IdItAg0Hijw=", + "lastModified": 1717574802, + "narHash": "sha256-TprJdvfwdjj3co7CGZ4jPIlAdZPFwYrQjamvt2B2L4g=", "owner": "nix-community", "repo": "disko", - "rev": "0274af4c92531ebfba4a5bd493251a143bc51f3c", + "rev": "7fc7009c892509b9bf81cb73c6575f3f9e6321f5", "type": "github" }, "original": { @@ -109,21 +109,6 @@ "type": "github" } }, - "flake-root": { - "locked": { - "lastModified": 1713493429, - "narHash": "sha256-ztz8JQkI08tjKnsTpfLqzWoKFQF4JGu2LRz8bkdnYUk=", - "owner": "srid", - "repo": "flake-root", - "rev": "bc748b93b86ee76e2032eecda33440ceb2532fcd", - "type": "github" - }, - "original": { - "owner": "srid", - "repo": "flake-root", - "type": "github" - } - }, "flake-utils": { "inputs": { "systems": "systems" @@ -234,11 +219,11 @@ ] }, "locked": { - "lastModified": 1717097707, - "narHash": "sha256-HC5vJ3oYsjwsCaSbkIPv80e4ebJpNvFKQTBOGlHvjLs=", + "lastModified": 1717525419, + "narHash": "sha256-5z2422pzWnPXHgq2ms8lcCfttM0dz+hg+x1pCcNkAws=", "owner": "nix-community", "repo": "home-manager", - "rev": "0eb314b4f0ba337e88123e0b1e57ef58346aafd9", + "rev": "a7117efb3725e6197dd95424136f79147aa35e5b", "type": "github" }, "original": { @@ -348,11 +333,11 @@ "nix-secrets": { "flake": false, "locked": { - "lastModified": 1717190678, - "narHash": "sha256-Dz7bJS76gW/yhTBx6n96d/ZN03gsTNY+GCwZXaMlKTg=", + "lastModified": 1717581732, + "narHash": "sha256-mBkVq89pmsOGRIBVANJYILV81YXHBmK3xHbhqxvoR8s=", "ref": "refs/heads/master", - "rev": "6e50c8300596629cee6aa72cbb3ab606e68660e8", - "revCount": 83, + "rev": "0d2708ad195b6ec5e8ede2a6bc3876c855710d26", + "revCount": 86, "type": "git", "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git" }, @@ -363,12 +348,10 @@ }, "nixpkgs": { "locked": { - "lastModified": 1717112898, + "lastModified": 0, "narHash": "sha256-7R2ZvOnvd9h8fDd65p0JnB7wXfUvreox3xFdYWd1BnY=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "6132b0f6e344ce2fe34fc051b72fb46e34f668e0", - "type": "github" + "path": "/nix/store/l4wskml8vcs49mg6w9la715cx10sviwh-source", + "type": "path" }, "original": { "id": "nixpkgs", @@ -392,11 +375,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1716655032, - "narHash": "sha256-kQ25DAiCGigsNR/Quxm3v+JGXAEXZ8I7RAF4U94bGzE=", + "lastModified": 1717265169, + "narHash": "sha256-IITcGd6xpNoyq9SZBigCkv4+qMHSqot0RDPR4xsZ2CA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "59a450646ec8ee0397f5fa54a08573e8240eb91f", + "rev": "3b1b4895b2c5f9f5544d02132896aeb9ceea77bc", "type": "github" }, "original": { @@ -408,11 +391,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1716948383, - "narHash": "sha256-SzDKxseEcHR5KzPXLwsemyTR/kaM9whxeiJohbL04rs=", + "lastModified": 1717196966, + "narHash": "sha256-yZKhxVIKd2lsbOqYd5iDoUIwsRZFqE87smE2Vzf6Ck0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ad57eef4ef0659193044870c731987a6df5cf56b", + "rev": "57610d2f8f0937f39dbd72251e9614b1561942d8", "type": "github" }, "original": { @@ -424,11 +407,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1717394157, - "narHash": "sha256-xI6YE/VM1w5DQKxPK6VSEdV4JOx72LWIWx8+fV424L4=", + "lastModified": 1717503908, + "narHash": "sha256-hsxbTeO6Dhobc2kELDwCgRJT9J5TotL6fS8z5P+OskI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "518daacfe2ee732432b4a7dac19b72eda037d44d", + "rev": "50a127f8fccd0d24712c8ab146ca251f27cc4cb0", "type": "github" }, "original": { @@ -443,7 +426,6 @@ "devshell": "devshell", "flake-compat": "flake-compat", "flake-parts": "flake-parts", - "flake-root": "flake-root", "git-hooks": "git-hooks", "home-manager": "home-manager_2", "nix-darwin": "nix-darwin", @@ -453,11 +435,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1717188043, - "narHash": "sha256-qg8Tq7OcKtc0BS4RVUYrMZ+KofgMv6DiXOnqz7TN8CA=", + "lastModified": 1717574948, + "narHash": "sha256-8C2S1WWC4ty1LePzFWp+D6re/pggCJj9tWslddJ/wUw=", "owner": "nix-community", "repo": "nixvim", - "rev": "1bbd58b6b293840716355e63fb3d5aa5af00d389", + "rev": "a54ee8ad64c91b587c3460126bad25a441c1118c", "type": "github" }, "original": { @@ -513,11 +495,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1716692524, - "narHash": "sha256-sALodaA7Zkp/JD6ehgwc0UCBrSBfB4cX66uFGTsqeFU=", + "lastModified": 1717455931, + "narHash": "sha256-8Q6mKSsto8gaGczXd4G0lvawdAYLa5Dlh3/g4hl5CaM=", "owner": "mic92", "repo": "sops-nix", - "rev": "962797a8d7f15ed7033031731d0bb77244839960", + "rev": "d4555e80d80d2fa77f0a44201ca299f9602492a0", "type": "github" }, "original": { diff --git a/home/common/core/default.nix b/home/common/core/default.nix index 8ac9325..3de98b8 100644 --- a/home/common/core/default.nix +++ b/home/common/core/default.nix @@ -1,24 +1,26 @@ -{ config, lib, pkgs, outputs, inputs, ... }: +{ pkgs, inputs, ... }: { imports = [ inputs.nix-colors.homeManagerModules.default ./zsh.nix ./nixvim ./fonts.nix - ] ; + ]; # Global home packages without config go here (for all hosts and users) home.packages = builtins.attrValues { inherit (pkgs) - ripgrep - fzf - eza - pciutils - tree - jq - coreutils - btop - htop - ;}; + ripgrep + fzf + eza + pciutils + tree + jq + coreutils + btop + htop + postgresql + ; + }; home.stateVersion = "23.11"; } diff --git a/home/common/core/nixvim/plugins/cmp.nix b/home/common/core/nixvim/plugins/cmp.nix index e1dc978..44475cb 100644 --- a/home/common/core/nixvim/plugins/cmp.nix +++ b/home/common/core/nixvim/plugins/cmp.nix @@ -14,6 +14,20 @@ snippet = { expand = "luasnip"; }; formatting = { fields = [ "kind" "abbr" "menu" ]; + format = '' + function(entry, vim_item) + vim_item.kind = string.format('%s %s', kind_icons[vim_item.kind], vim_item.kind) + vim_item.menu = ({ + nvim_lsp = "[LSP]", + nvim_lua = "[Lua]", + luasnip = "[Snippet]", + buffer = "[Buffer]", + path = "[Path]", + ["vim-dadbod-completion"] = "[SQL-dadbod]" + })[entry.source.name] + return vim_item + end, + ''; }; sources = [ { name = "nvim_lsp"; } diff --git a/home/common/optional/sops.nix b/home/common/optional/sops.nix index 345bafd..935bd1e 100644 --- a/home/common/optional/sops.nix +++ b/home/common/optional/sops.nix @@ -1,10 +1,9 @@ -{ inputs, config, osConfig, ... }: +{ inputs, config, ... }: let secretsDirectory = builtins.toString inputs.nix-secrets; secretsFile = "${secretsDirectory}/secrets.yaml"; homeDirectory = config.home.homeDirectory; username = config.home.username; - hostname = osConfig.networking.hostName; in { imports = [ @@ -12,11 +11,18 @@ in ]; sops = { - age.sshKeyPaths = ["${homeDirectory}/.ssh/id_ed25519"]; + age = { + sshKeyPaths = [ "${homeDirectory}/.ssh/id_ed25519" ]; + generateKey = true; + keyFile = "/home/${username}/.config/sops/age/keys.txt"; + }; defaultSopsFile = "${secretsFile}"; validateSopsFiles = false; - secrets."ssh_keys/deploy_key/id_ed25519" = { - path = "/home/${username}/.ssh/deploy_key-ssh-ed25519"; - }; + + secrets = { + "ssh_keys/deploy_key/id_ed25519" = { + path = "/home/${username}/.ssh/deploy_key-ssh-ed25519"; + }; + }; }; } diff --git a/home/semita.nix b/home/semita.nix index 9d60cf1..c610e9b 100644 --- a/home/semita.nix +++ b/home/semita.nix @@ -1,9 +1,5 @@ -{ - pkgs, - config, - lib, - inputs, - ... +{ inputs +, ... }: { imports = [ # Import users diff --git a/home/users/sam/default.nix b/home/users/sam/default.nix index 05ea141..beeb764 100644 --- a/home/users/sam/default.nix +++ b/home/users/sam/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, outputs, ... }: +{ pkgs, outputs, ... }: { home.username = "sam"; @@ -16,8 +16,8 @@ enable = true; matchBlocks = { "git.bitlab21.com" = { - identitiesOnly = true; - identityFile = [ "~/.ssh/id_ed25519"]; + identitiesOnly = true; + identityFile = [ "~/.ssh/id_ed25519" ]; }; }; }; @@ -25,7 +25,7 @@ home.sessionPath = [ ]; - xdg.userDirs = { + xdg.userDirs = { enable = true; createDirectories = true; desktop = null; @@ -55,11 +55,11 @@ qt.style.package = pkgs.adwaita-qt; home.sessionVariables = { - EDITOR="nvim"; - TERMINAL="alacritty"; - READER="zathura"; - IMAGE_VIEWER=""; - IMAGE_EDITOR=""; + EDITOR = "nvim"; + TERMINAL = "alacritty"; + READER = "zathura"; + IMAGE_VIEWER = ""; + IMAGE_EDITOR = ""; }; } diff --git a/hosts/common/users/sam/default.nix b/hosts/common/users/sam/default.nix index 827f255..4ee6230 100644 --- a/hosts/common/users/sam/default.nix +++ b/hosts/common/users/sam/default.nix @@ -29,25 +29,46 @@ in path = "/home/${username}/.ssh/id_ed25519"; mode = "0600"; owner = "${username}"; - }; + }; "ssh_keys/${username}/id_ed25519.pub" = { path = "/home/${username}/.ssh/id_ed25519.pub"; mode = "0644"; owner = "${username}"; }; + "passwords/postgres" = { }; + }; + + # Setup postgres connections for db_ui + # Should be part of home-manager - waiting for templates functionality + # See here https://github.com/Mic92/sops-nix/issues/423 and here https://github.com/Mic92/sops-nix/issues/498 + # TODO migrate db_ui connection to home-manager when issue 423 and 498 are resolved in github:Mic92/sops-nix + sops.templates."dbui_connections.json" = { + path = "/home/${username}/.local/share/db_ui/connections.json"; + owner = "${username}"; + mode = "0600"; + content = '' + [ + { + "url": "postgresql://postgres:${config.sops.placeholder."passwords/postgres"}@10.0.10.100/btc_models", + "name": "btc_models" + } + ] + ''; }; # The containing ssh folders are created as root and if this is the first ~/.ssh/ entry when writing keys, # the ownership is busted and home-manager can't target because it can't write into .ssh... # FIXME: We might not need this depending on how https://github.com/Mic92/sops-nix/issues/381 is fixed - system.activationScripts.sopsSetSshOwnwership = let - sshFolder = "/home/${username}/.ssh"; - user = config.users.users.${username}.name; - group = config.users.users.${username}.group; - in '' - mkdir -p ${sshFolder} || true - chown -R ${user}:${group} /home/${username}/.ssh - ''; + system.activationScripts.sopsSetSshOwnwership = + let + sshFolder = "/home/${username}/.ssh"; + user = config.users.users.${username}.name; + group = config.users.users.${username}.group; + in + '' + mkdir -p ${sshFolder} || true + chown -R ${user}:${group} /home/${username}/.ssh + ''; environment.persistence."/persist" = { directories = [ @@ -66,6 +87,6 @@ in }; environment.systemPackages = [ - inputs.sqlfmt.packages.x86_64-linux.sqlfmt + inputs.sqlfmt.packages.x86_64-linux.sqlfmt ]; }