dbui connections.json as sops-nix template
This commit is contained in:
parent
a0f084a465
commit
cd7b3c9d0d
74
flake.lock
74
flake.lock
|
@ -45,11 +45,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1717177033,
|
"lastModified": 1717574802,
|
||||||
"narHash": "sha256-G3CZJafCO8WDy3dyA2EhpUJEmzd5gMJ2IdItAg0Hijw=",
|
"narHash": "sha256-TprJdvfwdjj3co7CGZ4jPIlAdZPFwYrQjamvt2B2L4g=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "disko",
|
"repo": "disko",
|
||||||
"rev": "0274af4c92531ebfba4a5bd493251a143bc51f3c",
|
"rev": "7fc7009c892509b9bf81cb73c6575f3f9e6321f5",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -109,21 +109,6 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"flake-root": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1713493429,
|
|
||||||
"narHash": "sha256-ztz8JQkI08tjKnsTpfLqzWoKFQF4JGu2LRz8bkdnYUk=",
|
|
||||||
"owner": "srid",
|
|
||||||
"repo": "flake-root",
|
|
||||||
"rev": "bc748b93b86ee76e2032eecda33440ceb2532fcd",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "srid",
|
|
||||||
"repo": "flake-root",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"flake-utils": {
|
"flake-utils": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"systems": "systems"
|
"systems": "systems"
|
||||||
|
@ -234,11 +219,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1717097707,
|
"lastModified": 1717525419,
|
||||||
"narHash": "sha256-HC5vJ3oYsjwsCaSbkIPv80e4ebJpNvFKQTBOGlHvjLs=",
|
"narHash": "sha256-5z2422pzWnPXHgq2ms8lcCfttM0dz+hg+x1pCcNkAws=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "0eb314b4f0ba337e88123e0b1e57ef58346aafd9",
|
"rev": "a7117efb3725e6197dd95424136f79147aa35e5b",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -348,11 +333,11 @@
|
||||||
"nix-secrets": {
|
"nix-secrets": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1717190678,
|
"lastModified": 1717581732,
|
||||||
"narHash": "sha256-Dz7bJS76gW/yhTBx6n96d/ZN03gsTNY+GCwZXaMlKTg=",
|
"narHash": "sha256-mBkVq89pmsOGRIBVANJYILV81YXHBmK3xHbhqxvoR8s=",
|
||||||
"ref": "refs/heads/master",
|
"ref": "refs/heads/master",
|
||||||
"rev": "6e50c8300596629cee6aa72cbb3ab606e68660e8",
|
"rev": "0d2708ad195b6ec5e8ede2a6bc3876c855710d26",
|
||||||
"revCount": 83,
|
"revCount": 86,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
|
"url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
|
||||||
},
|
},
|
||||||
|
@ -363,12 +348,10 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1717112898,
|
"lastModified": 0,
|
||||||
"narHash": "sha256-7R2ZvOnvd9h8fDd65p0JnB7wXfUvreox3xFdYWd1BnY=",
|
"narHash": "sha256-7R2ZvOnvd9h8fDd65p0JnB7wXfUvreox3xFdYWd1BnY=",
|
||||||
"owner": "NixOS",
|
"path": "/nix/store/l4wskml8vcs49mg6w9la715cx10sviwh-source",
|
||||||
"repo": "nixpkgs",
|
"type": "path"
|
||||||
"rev": "6132b0f6e344ce2fe34fc051b72fb46e34f668e0",
|
|
||||||
"type": "github"
|
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"id": "nixpkgs",
|
"id": "nixpkgs",
|
||||||
|
@ -392,11 +375,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-stable": {
|
"nixpkgs-stable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1716655032,
|
"lastModified": 1717265169,
|
||||||
"narHash": "sha256-kQ25DAiCGigsNR/Quxm3v+JGXAEXZ8I7RAF4U94bGzE=",
|
"narHash": "sha256-IITcGd6xpNoyq9SZBigCkv4+qMHSqot0RDPR4xsZ2CA=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "59a450646ec8ee0397f5fa54a08573e8240eb91f",
|
"rev": "3b1b4895b2c5f9f5544d02132896aeb9ceea77bc",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -408,11 +391,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-unstable": {
|
"nixpkgs-unstable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1716948383,
|
"lastModified": 1717196966,
|
||||||
"narHash": "sha256-SzDKxseEcHR5KzPXLwsemyTR/kaM9whxeiJohbL04rs=",
|
"narHash": "sha256-yZKhxVIKd2lsbOqYd5iDoUIwsRZFqE87smE2Vzf6Ck0=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "ad57eef4ef0659193044870c731987a6df5cf56b",
|
"rev": "57610d2f8f0937f39dbd72251e9614b1561942d8",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -424,11 +407,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_2": {
|
"nixpkgs_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1717394157,
|
"lastModified": 1717503908,
|
||||||
"narHash": "sha256-xI6YE/VM1w5DQKxPK6VSEdV4JOx72LWIWx8+fV424L4=",
|
"narHash": "sha256-hsxbTeO6Dhobc2kELDwCgRJT9J5TotL6fS8z5P+OskI=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "518daacfe2ee732432b4a7dac19b72eda037d44d",
|
"rev": "50a127f8fccd0d24712c8ab146ca251f27cc4cb0",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -443,7 +426,6 @@
|
||||||
"devshell": "devshell",
|
"devshell": "devshell",
|
||||||
"flake-compat": "flake-compat",
|
"flake-compat": "flake-compat",
|
||||||
"flake-parts": "flake-parts",
|
"flake-parts": "flake-parts",
|
||||||
"flake-root": "flake-root",
|
|
||||||
"git-hooks": "git-hooks",
|
"git-hooks": "git-hooks",
|
||||||
"home-manager": "home-manager_2",
|
"home-manager": "home-manager_2",
|
||||||
"nix-darwin": "nix-darwin",
|
"nix-darwin": "nix-darwin",
|
||||||
|
@ -453,11 +435,11 @@
|
||||||
"treefmt-nix": "treefmt-nix"
|
"treefmt-nix": "treefmt-nix"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1717188043,
|
"lastModified": 1717574948,
|
||||||
"narHash": "sha256-qg8Tq7OcKtc0BS4RVUYrMZ+KofgMv6DiXOnqz7TN8CA=",
|
"narHash": "sha256-8C2S1WWC4ty1LePzFWp+D6re/pggCJj9tWslddJ/wUw=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nixvim",
|
"repo": "nixvim",
|
||||||
"rev": "1bbd58b6b293840716355e63fb3d5aa5af00d389",
|
"rev": "a54ee8ad64c91b587c3460126bad25a441c1118c",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -513,11 +495,11 @@
|
||||||
"nixpkgs-stable": "nixpkgs-stable"
|
"nixpkgs-stable": "nixpkgs-stable"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1716692524,
|
"lastModified": 1717455931,
|
||||||
"narHash": "sha256-sALodaA7Zkp/JD6ehgwc0UCBrSBfB4cX66uFGTsqeFU=",
|
"narHash": "sha256-8Q6mKSsto8gaGczXd4G0lvawdAYLa5Dlh3/g4hl5CaM=",
|
||||||
"owner": "mic92",
|
"owner": "mic92",
|
||||||
"repo": "sops-nix",
|
"repo": "sops-nix",
|
||||||
"rev": "962797a8d7f15ed7033031731d0bb77244839960",
|
"rev": "d4555e80d80d2fa77f0a44201ca299f9602492a0",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -1,24 +1,26 @@
|
||||||
{ config, lib, pkgs, outputs, inputs, ... }:
|
{ pkgs, inputs, ... }:
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
inputs.nix-colors.homeManagerModules.default
|
inputs.nix-colors.homeManagerModules.default
|
||||||
./zsh.nix
|
./zsh.nix
|
||||||
./nixvim
|
./nixvim
|
||||||
./fonts.nix
|
./fonts.nix
|
||||||
] ;
|
];
|
||||||
|
|
||||||
# Global home packages without config go here (for all hosts and users)
|
# Global home packages without config go here (for all hosts and users)
|
||||||
home.packages = builtins.attrValues {
|
home.packages = builtins.attrValues {
|
||||||
inherit (pkgs)
|
inherit (pkgs)
|
||||||
ripgrep
|
ripgrep
|
||||||
fzf
|
fzf
|
||||||
eza
|
eza
|
||||||
pciutils
|
pciutils
|
||||||
tree
|
tree
|
||||||
jq
|
jq
|
||||||
coreutils
|
coreutils
|
||||||
btop
|
btop
|
||||||
htop
|
htop
|
||||||
;};
|
postgresql
|
||||||
|
;
|
||||||
|
};
|
||||||
home.stateVersion = "23.11";
|
home.stateVersion = "23.11";
|
||||||
}
|
}
|
||||||
|
|
|
@ -14,6 +14,20 @@
|
||||||
snippet = { expand = "luasnip"; };
|
snippet = { expand = "luasnip"; };
|
||||||
formatting = {
|
formatting = {
|
||||||
fields = [ "kind" "abbr" "menu" ];
|
fields = [ "kind" "abbr" "menu" ];
|
||||||
|
format = ''
|
||||||
|
function(entry, vim_item)
|
||||||
|
vim_item.kind = string.format('%s %s', kind_icons[vim_item.kind], vim_item.kind)
|
||||||
|
vim_item.menu = ({
|
||||||
|
nvim_lsp = "[LSP]",
|
||||||
|
nvim_lua = "[Lua]",
|
||||||
|
luasnip = "[Snippet]",
|
||||||
|
buffer = "[Buffer]",
|
||||||
|
path = "[Path]",
|
||||||
|
["vim-dadbod-completion"] = "[SQL-dadbod]"
|
||||||
|
})[entry.source.name]
|
||||||
|
return vim_item
|
||||||
|
end,
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
sources = [
|
sources = [
|
||||||
{ name = "nvim_lsp"; }
|
{ name = "nvim_lsp"; }
|
||||||
|
|
|
@ -1,10 +1,9 @@
|
||||||
{ inputs, config, osConfig, ... }:
|
{ inputs, config, ... }:
|
||||||
let
|
let
|
||||||
secretsDirectory = builtins.toString inputs.nix-secrets;
|
secretsDirectory = builtins.toString inputs.nix-secrets;
|
||||||
secretsFile = "${secretsDirectory}/secrets.yaml";
|
secretsFile = "${secretsDirectory}/secrets.yaml";
|
||||||
homeDirectory = config.home.homeDirectory;
|
homeDirectory = config.home.homeDirectory;
|
||||||
username = config.home.username;
|
username = config.home.username;
|
||||||
hostname = osConfig.networking.hostName;
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
|
@ -12,11 +11,18 @@ in
|
||||||
];
|
];
|
||||||
|
|
||||||
sops = {
|
sops = {
|
||||||
age.sshKeyPaths = ["${homeDirectory}/.ssh/id_ed25519"];
|
age = {
|
||||||
|
sshKeyPaths = [ "${homeDirectory}/.ssh/id_ed25519" ];
|
||||||
|
generateKey = true;
|
||||||
|
keyFile = "/home/${username}/.config/sops/age/keys.txt";
|
||||||
|
};
|
||||||
defaultSopsFile = "${secretsFile}";
|
defaultSopsFile = "${secretsFile}";
|
||||||
validateSopsFiles = false;
|
validateSopsFiles = false;
|
||||||
secrets."ssh_keys/deploy_key/id_ed25519" = {
|
|
||||||
path = "/home/${username}/.ssh/deploy_key-ssh-ed25519";
|
secrets = {
|
||||||
};
|
"ssh_keys/deploy_key/id_ed25519" = {
|
||||||
|
path = "/home/${username}/.ssh/deploy_key-ssh-ed25519";
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,9 +1,5 @@
|
||||||
{
|
{ inputs
|
||||||
pkgs,
|
, ...
|
||||||
config,
|
|
||||||
lib,
|
|
||||||
inputs,
|
|
||||||
...
|
|
||||||
}: {
|
}: {
|
||||||
imports = [
|
imports = [
|
||||||
# Import users
|
# Import users
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, pkgs, lib, outputs, ... }:
|
{ pkgs, outputs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
home.username = "sam";
|
home.username = "sam";
|
||||||
|
@ -16,8 +16,8 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
matchBlocks = {
|
matchBlocks = {
|
||||||
"git.bitlab21.com" = {
|
"git.bitlab21.com" = {
|
||||||
identitiesOnly = true;
|
identitiesOnly = true;
|
||||||
identityFile = [ "~/.ssh/id_ed25519"];
|
identityFile = [ "~/.ssh/id_ed25519" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -25,7 +25,7 @@
|
||||||
home.sessionPath = [
|
home.sessionPath = [
|
||||||
];
|
];
|
||||||
|
|
||||||
xdg.userDirs = {
|
xdg.userDirs = {
|
||||||
enable = true;
|
enable = true;
|
||||||
createDirectories = true;
|
createDirectories = true;
|
||||||
desktop = null;
|
desktop = null;
|
||||||
|
@ -55,11 +55,11 @@
|
||||||
qt.style.package = pkgs.adwaita-qt;
|
qt.style.package = pkgs.adwaita-qt;
|
||||||
|
|
||||||
home.sessionVariables = {
|
home.sessionVariables = {
|
||||||
EDITOR="nvim";
|
EDITOR = "nvim";
|
||||||
TERMINAL="alacritty";
|
TERMINAL = "alacritty";
|
||||||
READER="zathura";
|
READER = "zathura";
|
||||||
IMAGE_VIEWER="";
|
IMAGE_VIEWER = "";
|
||||||
IMAGE_EDITOR="";
|
IMAGE_EDITOR = "";
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -29,25 +29,46 @@ in
|
||||||
path = "/home/${username}/.ssh/id_ed25519";
|
path = "/home/${username}/.ssh/id_ed25519";
|
||||||
mode = "0600";
|
mode = "0600";
|
||||||
owner = "${username}";
|
owner = "${username}";
|
||||||
};
|
};
|
||||||
"ssh_keys/${username}/id_ed25519.pub" = {
|
"ssh_keys/${username}/id_ed25519.pub" = {
|
||||||
path = "/home/${username}/.ssh/id_ed25519.pub";
|
path = "/home/${username}/.ssh/id_ed25519.pub";
|
||||||
mode = "0644";
|
mode = "0644";
|
||||||
owner = "${username}";
|
owner = "${username}";
|
||||||
};
|
};
|
||||||
|
"passwords/postgres" = { };
|
||||||
|
};
|
||||||
|
|
||||||
|
# Setup postgres connections for db_ui
|
||||||
|
# Should be part of home-manager - waiting for templates functionality
|
||||||
|
# See here https://github.com/Mic92/sops-nix/issues/423 and here https://github.com/Mic92/sops-nix/issues/498
|
||||||
|
# TODO migrate db_ui connection to home-manager when issue 423 and 498 are resolved in github:Mic92/sops-nix
|
||||||
|
sops.templates."dbui_connections.json" = {
|
||||||
|
path = "/home/${username}/.local/share/db_ui/connections.json";
|
||||||
|
owner = "${username}";
|
||||||
|
mode = "0600";
|
||||||
|
content = ''
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"url": "postgresql://postgres:${config.sops.placeholder."passwords/postgres"}@10.0.10.100/btc_models",
|
||||||
|
"name": "btc_models"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
# The containing ssh folders are created as root and if this is the first ~/.ssh/ entry when writing keys,
|
# The containing ssh folders are created as root and if this is the first ~/.ssh/ entry when writing keys,
|
||||||
# the ownership is busted and home-manager can't target because it can't write into .ssh...
|
# the ownership is busted and home-manager can't target because it can't write into .ssh...
|
||||||
# FIXME: We might not need this depending on how https://github.com/Mic92/sops-nix/issues/381 is fixed
|
# FIXME: We might not need this depending on how https://github.com/Mic92/sops-nix/issues/381 is fixed
|
||||||
system.activationScripts.sopsSetSshOwnwership = let
|
system.activationScripts.sopsSetSshOwnwership =
|
||||||
sshFolder = "/home/${username}/.ssh";
|
let
|
||||||
user = config.users.users.${username}.name;
|
sshFolder = "/home/${username}/.ssh";
|
||||||
group = config.users.users.${username}.group;
|
user = config.users.users.${username}.name;
|
||||||
in ''
|
group = config.users.users.${username}.group;
|
||||||
mkdir -p ${sshFolder} || true
|
in
|
||||||
chown -R ${user}:${group} /home/${username}/.ssh
|
''
|
||||||
'';
|
mkdir -p ${sshFolder} || true
|
||||||
|
chown -R ${user}:${group} /home/${username}/.ssh
|
||||||
|
'';
|
||||||
|
|
||||||
environment.persistence."/persist" = {
|
environment.persistence."/persist" = {
|
||||||
directories = [
|
directories = [
|
||||||
|
@ -66,6 +87,6 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
inputs.sqlfmt.packages.x86_64-linux.sqlfmt
|
inputs.sqlfmt.packages.x86_64-linux.sqlfmt
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue