chore: work cleanup

2025-12-06 09:07:21 +01:00 · 2024-10-17 10:20:11 +02:00 · 2024-10-17 10:20:11 +02:00 · 82e6ec9d64
commit 82e6ec9d64
parent bfc7b89c03
34 changed files with 214 additions and 3767 deletions
--- a/profiles/optional/nixos/work.nix
+++ b/profiles/optional/nixos/work.nix
@ -1,13 +1,45 @@
-{ pkgs, ... }:
+{ pkgs, config, ... }:
 {
-  # boot.initrd.luks.yubikeySupport = true;
-  programs.browserpass.enable = true;
-  programs._1password.enable = true;
-  programs._1password-gui = {
-    enable = true;
-    polkitPolicyOwners = [ "swarsel" ];
+  sops = {
+    secrets = {
+      clad = {
+        owner = "swarsel";
+        sopsFile = ../../../secrets/work/secrets.yaml;
+      };
+      dcad = {
+        owner = "swarsel";
+        sopsFile = ../../../secrets/work/secrets.yaml;
+      };
+      wsad = {
+        owner = "swarsel";
+        sopsFile = ../../../secrets/work/secrets.yaml;
+      };
+      imbad = {
+        owner = "swarsel";
+        sopsFile = ../../../secrets/work/secrets.yaml;
+      };
+    };
  };
+
+  # boot.initrd.luks.yubikeySupport = true;
+  programs = {
+    zsh.shellInit = ''
+      export CLAD="$(cat ${config.sops.secrets.clad.path})"
+      export DCAD="$(cat ${config.sops.secrets.dcad.path})"
+      export WSAD="$(cat ${config.sops.secrets.wsad.path})"
+      export IMBAD="$(cat ${config.sops.secrets.imbad.path})"
+    '';
+
+    browserpass.enable = true;
+    _1password.enable = true;
+    _1password-gui = {
+      enable = true;
+      polkitPolicyOwners = [ "swarsel" ];
+    };
+  };
+
  virtualisation.docker.enable = true;
+
  environment.systemPackages = with pkgs; [
    # (python39.withPackages (ps: with ps; [
    # cryptography
@ -21,27 +53,31 @@
    govc
  ];

-  services.openssh = {
-    enable = true;
-    extraConfig = ''
-      '';
-  };

-  services.syncthing = {
-    settings = {
-      "winters" = {
-        id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA";
-      };
-      folders = {
-        "Documents" = {
-          path = "/home/swarsel/Documents";
-          devices = [ "magicant" "winters" ];
-          id = "hgr3d-pfu3w";
+  services = {
+    openssh = {
+      enable = true;
+      extraConfig = ''
+      '';
+    };
+
+    syncthing = {
+      settings = {
+        "winters" = {
+          id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA";
+        };
+        folders = {
+          "Documents" = {
+            path = "/home/swarsel/Documents";
+            devices = [ "magicant" "winters" ];
+            id = "hgr3d-pfu3w";
+          };
        };
      };
    };
  };

+  # cgroups v1 is required for centos7 dockers
  specialisation = {
    cgroup_v1.configuration = {
      boot.kernelParams = [
@ -51,5 +87,4 @@
    };
  };

-
 }