swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2026-04-14 13:19:09 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: swarsel:83e10e2d51c80025485e7c618c38eb9a8c5e828e
Branches Tags
swarsel:main
swarsel:migrate/den-dev
swarsel:dev
swarsel:topology-oci
swarsel:v1.1.4
swarsel:v1.1.3
swarsel:v1.1.2
swarsel:v1.1.1
swarsel:v1.1.0
swarsel:v1.0.0
swarsel:v0.1.0
swarsel:v1.0.0-1
...
compare: swarsel:361f77a447d388d99a3856773ffbf5dd2b5772d5
Branches Tags
swarsel:migrate/den-dev
swarsel:main
swarsel:dev
swarsel:topology-oci
swarsel:v1.1.4
swarsel:v1.1.3
swarsel:v1.1.2
swarsel:v1.1.1
swarsel:v1.1.0
swarsel:v1.0.0
swarsel:v0.1.0
swarsel:v1.0.0-1

3 commits
83e10e2d51 ... 361f77a447

Author SHA1 Message Date
Leon Schwarzäugl
361f77a447
fix[work]: update libvirtd config for vagrant
Some checks are pending
Build and Deploy / build (push) Waiting to run
Details
Build and Deploy / deploy (push) Blocked by required conditions
Details
Flake check / Check flake (push) Waiting to run
Details
2026-03-25 13:56:15 +01:00
Leon Schwarzäugl
a254a2712a
feat[work]: prepare for sk keys 2026-03-25 13:54:33 +01:00
Leon Schwarzäugl
30c7d8c1c2
feat[work]: improve presentation mode 2026-03-25 13:46:42 +01:00
11 changed files with 543 additions and 257 deletions
Download patch file Download diff file Expand all files Collapse all files

330
SwarselSystems.org
View file

@ -3872,6 +3872,7 @@ My work machine. Built for more security, this is the gold standard of my config
personal = true; personal = true;
}; };
networking.nftables.firewall.zones.untrusted.interfaces = [ "wlan*" "enp*" ];
# networking.nftables = { # networking.nftables = {
# enable = lib.mkForce false; # enable = lib.mkForce false;
# firewall.enable = lib.mkForce false; # firewall.enable = lib.mkForce false;
@ -8866,6 +8867,7 @@ In the respective modules that use home-manager secrets (for example [[#h:506d01
inherit (config.repo.secrets.common.emacs) radicaleUser; inherit (config.repo.secrets.common.emacs) radicaleUser;
certsSopsFile = self + /secrets/repo/certs.yaml; certsSopsFile = self + /secrets/repo/certs.yaml;
workSopsFile = self + /secrets/work/secrets.yaml;
in in
{ {
config = { } // lib.optionalAttrs withHomeManager { config = { } // lib.optionalAttrs withHomeManager {
@ -8891,6 +8893,8 @@ In the respective modules that use home-manager secrets (for example [[#h:506d01
github-forge-token = { owner = mainUser; }; github-forge-token = { owner = mainUser; };
}) // (lib.optionalAttrs (modules ? optional-work) { }) // (lib.optionalAttrs (modules ? optional-work) {
harica-root-ca = { sopsFile = certsSopsFile; path = "${homeDir}/.aws/certs/harica-root.pem"; owner = mainUser; }; harica-root-ca = { sopsFile = certsSopsFile; path = "${homeDir}/.aws/certs/harica-root.pem"; owner = mainUser; };
yubikey-1 = { sopsFile = workSopsFile; owner = mainUser; };
ucKey = { sopsFile = workSopsFile; owner = mainUser; };
}) // (lib.optionalAttrs (modules ? optional-noctalia) { }) // (lib.optionalAttrs (modules ? optional-noctalia) {
radicale-token = { owner = mainUser; }; radicale-token = { owner = mainUser; };
}) // (lib.optionalAttrs modules.anki { }) // (lib.optionalAttrs modules.anki {
@ -9302,7 +9306,7 @@ This system, while highly pleasant to work with during everyday use, sometimes h
#+begin_src nix-ts :tangle modules/nixos/common/pii.nix #+begin_src nix-ts :tangle modules/nixos/common/pii.nix
# largely based on https://github.com/oddlama/nix-config/blob/main/modules/secrets.nix # largely based on https://github.com/oddlama/nix-config/blob/main/modules/secrets.nix
{ config, inputs, lib, nodes, globals, ... }: { config, inputs, lib, homeLib, nodes, globals, ... }:
let let
# If the given expression is a bare set, it will be wrapped in a function, # If the given expression is a bare set, it will be wrapped in a function,
# so that the imported file can always be applied to the inputs, similar to # so that the imported file can always be applied to the inputs, similar to
@ -9356,7 +9360,7 @@ This system, while highly pleasant to work with during everyday use, sometimes h
secrets = lib.mkOption { secrets = lib.mkOption {
readOnly = true; readOnly = true;
default = lib.mapAttrs (_: x: importEncrypted x { inherit lib nodes globals inputs; inherit (inputs.topologyPrivate) topologyPrivate; }) config.repo.secretFiles; default = lib.mapAttrs (_: x: importEncrypted x { inherit lib homeLib nodes globals inputs config; inherit (inputs.topologyPrivate) topologyPrivate; }) config.repo.secretFiles;
type = lib.types.unspecified; type = lib.types.unspecified;
description = "Exposes the loaded repo secrets. This option is read-only."; description = "Exposes the loaded repo secrets. This option is read-only.";
}; };
@ -10736,9 +10740,20 @@ Also, since I use a GPG key in sops, it seems that scdaemon creates an instance
{ {
options.swarselmodules.yubikey = lib.mkEnableOption "yubikey config"; options.swarselmodules.yubikey = lib.mkEnableOption "yubikey config";
config = lib.mkIf config.swarselmodules.yubikey { config = lib.mkIf config.swarselmodules.yubikey {
programs.ssh.startAgent = false; programs.ssh = {
startAgent = false; # yes we want this to use FIDO2 keys
# enableAskPassword = true;
# askPassword = lib.getExe pkgs.kdePackages.ksshaskpass;
};
services = {
gnome.gcr-ssh-agent.enable = false;
yubikey-agent.enable = false;
pcscd.enable = true;
services.pcscd.enable = true; udev.packages = with pkgs; [
yubikey-personalization
];
};
hardware.gpgSmartcards.enable = true; hardware.gpgSmartcards.enable = true;
@ -10757,10 +10772,9 @@ Also, since I use a GPG key in sops, it seems that scdaemon creates an instance
}; };
}; };
services.udev.packages = with pkgs; [ environment.systemPackages = with pkgs; [
yubikey-personalization kdePackages.ksshaskpass
]; ];
}; };
} }
#+end_src #+end_src
@ -20020,10 +20034,42 @@ When setting up a new machine:
}; };
nftables = {
firewall = { firewall = {
enable = lib.mkDefault true; zones = {
trustedInterfaces = [ "virbr0" ]; virbr = {
interfaces = [ "virbr*" ];
}; };
};
rules = {
virbr-dns-dhcp = {
from = [ "virbr" ];
to = [ "local" ];
allowedTCPPorts = [ 53 ];
allowedUDPPorts = [ 53 67 547 ];
};
virbr-forward = {
from = [ "virbr" ];
to = [ "untrusted" ];
verdict = "accept";
};
virbr-forward-return = {
from = [ "untrusted" ];
to = [ "virbr" ];
extraLines = [
"ct state { established, related } accept"
];
};
};
};
chains.postrouting.libvirt-masq = {
after = [ "dnat" ];
rules = [
"iifname \"virbr*\" masquerade"
];
};
};
search = [ search = [
"vbc.ac.at" "vbc.ac.at"
"clip.vbc.ac.at" "clip.vbc.ac.at"
@ -20031,6 +20077,24 @@ When setting up a new machine:
]; ];
}; };
systemd.services = {
virtqemud.path = with pkgs; [
qemu_kvm
libvirt
];
virtstoraged.path = with pkgs; [
qemu_kvm
libvirt
];
virtnetworkd.path = with pkgs; [
dnsmasq
iproute2
nftables
];
};
virtualisation = { virtualisation = {
docker.enable = lib.mkIf (!config.virtualisation.podman.dockerCompat) true; docker.enable = lib.mkIf (!config.virtualisation.podman.dockerCompat) true;
spiceUSBRedirection.enable = true; spiceUSBRedirection.enable = true;
@ -20041,22 +20105,12 @@ When setting up a new machine:
runAsRoot = true; runAsRoot = true;
swtpm.enable = true; swtpm.enable = true;
vhostUserPackages = with pkgs; [ virtiofsd ]; vhostUserPackages = with pkgs; [ virtiofsd ];
# ovmf = {
# enable = true;
# packages = [
# (pkgs.OVMFFull.override {
# secureBoot = true;
# tpmSupport = true;
# }).fd
# ];
# };
}; };
}; };
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
remmina remmina
# gp-onsaml-gui
python39 python39
qemu qemu
packer packer
@ -20065,7 +20119,6 @@ When setting up a new machine:
govc govc
terraform terraform
opentofu opentofu
# dev.terragrunt
terragrunt terragrunt
graphviz graphviz
azure-cli azure-cli
@ -20110,7 +20163,6 @@ When setting up a new machine:
}; };
}; };
# ACTION=="remove", ENV{PRODUCT}=="3/1050/407/110", RUN+="${pkgs.kanshi}/bin/kanshictl switch laptoponly"
udev.extraRules = '' udev.extraRules = ''
# lock screen when yubikey removed # lock screen when yubikey removed
ACTION=="remove", ENV{PRODUCT}=="3/1050/407/110", RUN+="${pkgs.systemd}/bin/systemctl suspend" ACTION=="remove", ENV{PRODUCT}=="3/1050/407/110", RUN+="${pkgs.systemd}/bin/systemctl suspend"
@ -21179,7 +21231,7 @@ It is very convenient to have SSH aliases in place for machines that I use. This
''; '';
matchBlocks = { matchBlocks = {
"*" = { "*" = {
forwardAgent = true; forwardAgent = false;
addKeysToAgent = "no"; addKeysToAgent = "no";
compression = false; compression = false;
serverAliveInterval = 0; serverAliveInterval = 0;
@ -27494,6 +27546,7 @@ When setting up a new machine:
inherit (confLib.getConfig.repo.secrets.local.mail) allMailAddresses; inherit (confLib.getConfig.repo.secrets.local.mail) allMailAddresses;
inherit (confLib.getConfig.repo.secrets.local.work) mailAddress; inherit (confLib.getConfig.repo.secrets.local.work) mailAddress;
sopsFile = self + /secrets/work/secrets.yaml;
certsSopsFile = self + /secrets/repo/certs.yaml; certsSopsFile = self + /secrets/repo/certs.yaml;
in in
{ {
@ -27638,7 +27691,7 @@ When setting up a new machine:
programs = programs =
let let
inherit (confLib.getConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long user4 path1 loc1 loc2 site1 site2 site3 site4 site5 site6 site7 lifecycle1 lifecycle2 domain1 domain2 clouds; inherit (confLib.getConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long path1 site1 site2 site3 site4 site5 site6 site7 clouds;
in in
{ {
openstackclient = { openstackclient = {
@ -27693,41 +27746,7 @@ When setting up a new machine:
}; };
}; };
ssh = { ssh.matchBlocks = confLib.getConfig.repo.secrets.local.work.sshConfig;
matchBlocks = {
"${loc1}" = {
hostname = "${loc1}.${domain2}";
user = user4;
};
"${loc1}.stg" = {
hostname = "${loc1}.${lifecycle1}.${domain2}";
user = user4;
};
"${loc1}.staging" = {
hostname = "${loc1}.${lifecycle1}.${domain2}";
user = user4;
};
"${loc1}.dev" = {
hostname = "${loc1}.${lifecycle2}.${domain2}";
user = user4;
};
"${loc2}" = {
hostname = "${loc2}.${domain1}";
user = user1Long;
};
"${loc2}.stg" = {
hostname = "${loc2}.${lifecycle1}.${domain2}";
user = user1Long;
};
"${loc2}.staging" = {
hostname = "${loc2}.${lifecycle1}.${domain2}";
user = user1Long;
};
"*.${domain1}" = {
user = user1Long;
};
};
};
firefox = { firefox = {
profiles = profiles =
@ -28254,6 +28273,8 @@ When setting up a new machine:
path = "${homeDir}/.aws/certs/harica-root.pem"; path = "${homeDir}/.aws/certs/harica-root.pem";
owner = mainUser; owner = mainUser;
}; };
yubikey-1 = { inherit sopsFile; owner = mainUser; };
ucKey = { inherit sopsFile; owner = mainUser; };
}; };
}; };
@ -33624,81 +33645,192 @@ When holding presentations, I think it is important to not have too many distrac
:bind (:map org-present-mode-keymap :bind (:map org-present-mode-keymap
("q" . org-present-quit) ("q" . org-present-quit)
("<left>" . swarsel/org-present-prev) ("<left>" . swarsel/org-present-prev)
("<up>" . 'ignore) ("<up>" . 'ignore)
("<down>" . 'ignore) ("<down>" . 'ignore)
("<right>" . swarsel/org-present-next)) ("<right>" . swarsel/org-present-next))
:hook ((org-present-mode . swarsel/org-present-start) :hook ((org-present-mode . swarsel/org-present-start)
(org-present-mode-quit . swarsel/org-present-end)) (org-present-mode-quit . swarsel/org-present-end))
:config :config
(add-hook 'org-present-after-navigate-functions #'swarsel/org-present-slide) (add-hook 'org-present-after-navigate-functions #'swarsel/org-present-slide)
(setq org-present-startup-folded t)
) )
(use-package hide-mode-line) (use-package hide-mode-line)
(defun swarsel/org-reveal-at-point ()
"Reveal the org entry at point if it is a heading."
(when (and (derived-mode-p 'org-mode)
(org-at-heading-p))
(org-show-entry)
(org-show-children)))
(defun swarsel/org-present-maybe-read-only ()
"Toggle read-only based on whether cursor is inside a src block."
(if (org-in-src-block-p)
(when buffer-read-only
(org-present-read-write)
(evil-insert-state 1))
(unless buffer-read-only
(org-present-read-only)
(evil-insert-state 1))))
(defun swarsel/org-present-narrow (orig-fn &rest args)
(cl-letf (((symbol-function 'show-all) #'ignore))
(apply orig-fn args))
(org-overview)
(org-show-entry))
(advice-add 'org-present-narrow :around #'swarsel/org-present-narrow)
(defun swarsel/org-present-start () (defun swarsel/org-present-start ()
(setq-local face-remapping-alist '((default (:height 1.5) variable-pitch) (setq-local face-remapping-alist `((default (:height 1.5) variable-pitch)
(header-line (:height 4.0) variable-pitch) (header-line (:height 4.0) variable-pitch)
(org-document-title (:height 1.75) org-document-title) (org-document-title (:height 1.75) org-document-title)
(org-code (:height 1.2) org-code) (org-code (:height 1.2) org-code)
(org-verbatim (:height 1.0) org-verbatim) (org-verbatim (:height 1.0) org-verbatim)
(org-quote (:height 1.0) org-quote) (org-quote (:height 1.0) org-quote)
(org-verse (:height 1.0) org-verse) (org-verse (:height 1.0) org-verse)
(org-table (:height 0.8) org-table) (org-table (:family ,swarsel/fixed-font :weight regular :height 1.2) org-table)
(org-block (:height 1.25) org-block) (org-block (:height 1.25) org-block)
(org-link (:underline nil) org-link)
(org-block-begin-line (:height 0.7) org-block) (org-block-begin-line (:height 0.7) org-block)
)) ))
(dolist (face '((org-level-1 . 1.1)
(org-level-2 . 1.2)
(org-level-3 . 1.2)
(org-level-4 . 1.2)
(org-level-5 . 1.2)
(org-level-6 . 1.2)
(org-level-7 . 1.2)
(org-level-8 . 1.2)))
(set-face-attribute (car face) nil :font swarsel/variable-font :weight 'medium :height (cdr face)))
(setq header-line-format " ") (setq header-line-format " ")
(setq visual-fill-column-width 90) (setq visual-fill-column-width 150)
(setq indicate-buffer-boundaries nil) (setq indicate-buffer-boundaries nil)
(setq inhibit-message nil) (setq inhibit-message nil)
(setq org-babel-eval-error-notify t)
;; (breadcrumb-mode 0) ;; (breadcrumb-mode 0)
(org-display-inline-images) (org-display-inline-images)
(global-hl-line-mode 0) (global-hl-line-mode 0)
;; (display-line-numbers-mode 0) ;; (display-line-numbers-mode 0)
(org-modern-mode 0) ;; (org-modern-mode 0)
(evil-insert-state 1) (evil-insert-state 1)
(beginning-of-buffer)
(org-present-read-only) (org-present-read-only)
;; (org-present-hide-cursor) ;; (org-present-hide-cursor)
(swarsel/org-present-slide) (org-overview) ; fold everything on start
(add-hook 'post-command-hook #'swarsel/org-reveal-at-point nil t)
(add-hook 'post-command-hook #'swarsel/org-present-maybe-read-only nil t)
) )
(defun swarsel/org-present-end () (defun swarsel/org-present-end ()
(setq-local face-remapping-alist '((default variable-pitch default))) (setq-local face-remapping-alist `((org-verbatim (:family ,swarsel/fixed-font :weight regular)
(dolist (face '((org-level-1 . 1.1) org-verbatim)
(org-level-2 . 0.9) (org-table (:family ,swarsel/fixed-font :weight regular) org-table)
(org-level-3 . 0.9) (org-meta-line (:family ,swarsel/fixed-font :weight regular) org-meta-line)
(org-level-4 . 0.9) (org-formula (:family ,swarsel/fixed-font :weight regular) org-formula)
(org-level-5 . 0.9) (org-checkbox (:family ,swarsel/fixed-font :weight regular) org-checkbox)
(org-level-6 . 0.9) (org-latex-and-related (:family ,swarsel/fixed-font :weight regular)
(org-level-7 . 0.9) org-latex-and-related)
(org-level-8 . 0.9))) (org-indent (:family ,swarsel/fixed-font :weight regular) org-indent)
(set-face-attribute (car face) nil :font swarsel/variable-font :weight 'medium :height (cdr face))) (org-code (:family ,swarsel/fixed-font :weight regular) org-code)
(org-document-info-keyword (:family ,swarsel/fixed-font :weight regular)
org-document-info-keyword)
(org-block-end-line (:family ,swarsel/fixed-font :weight regular) org-block-end-line)
(org-block-begin-line (:family ,swarsel/fixed-font :weight regular)
org-block-begin-line)
(org-block (:family ,swarsel/fixed-font :weight regular) org-block)
(mu4e-compose-header-face (:family ,swarsel/fixed-font :weight regular)
mu4e-compose-header-face)
(mu4e-compose-separator-face (:family ,swarsel/fixed-font :weight regular)
mu4e-compose-separator-face)
(mu4e-contact-face (:family ,swarsel/fixed-font :weight regular) mu4e-contact-face)
(mu4e-link-face (:family ,swarsel/fixed-font :weight regular) mu4e-link-face)
(mu4e-header-value-face (:family ,swarsel/fixed-font :weight regular)
mu4e-header-value-face)
(mu4e-header-key-face (:family ,swarsel/fixed-font :weight regular)
mu4e-header-key-face)
(message-header-other (:family ,swarsel/fixed-font :weight regular)
message-header-other)
(message-header-subject (:family ,swarsel/fixed-font :weight regular)
message-header-subject)
(message-header-xheader (:family ,swarsel/fixed-font :weight regular)
message-header-xheader)
(message-header-newsgroups (:family ,swarsel/fixed-font :weight regular)
message-header-newsgroups)
(message-header-cc (:family ,swarsel/fixed-font :weight regular) message-header-cc)
(message-header-to (:family ,swarsel/fixed-font :weight regular) message-header-to)
(message-header-name (:family ,swarsel/fixed-font :weight regular)
message-header-name)
(markdown-math-face (:family ,swarsel/fixed-font :weight regular) markdown-math-face)
(markdown-language-keyword-face (:family ,swarsel/fixed-font :weight regular)
markdown-language-keyword-face)
(markdown-language-info-face (:family ,swarsel/fixed-font :weight regular)
markdown-language-info-face)
(markdown-inline-code-face (:family ,swarsel/fixed-font :weight regular)
markdown-inline-code-face)
(markdown-gfm-checkbox-face (:family ,swarsel/fixed-font :weight regular)
markdown-gfm-checkbox-face)
(markdown-code-face (:family ,swarsel/fixed-font :weight regular) markdown-code-face)
(line-number-minor-tick (:family ,swarsel/fixed-font :weight regular)
line-number-minor-tick)
(line-number-major-tick (:family ,swarsel/fixed-font :weight regular)
line-number-major-tick)
(line-number-current-line (:family ,swarsel/fixed-font :weight regular)
line-number-current-line)
(line-number (:family ,swarsel/fixed-font :weight regular) line-number)
(font-lock-variable-name-face (:family ,swarsel/fixed-font :weight regular)
font-lock-variable-name-face)
(font-lock-type-face (:family ,swarsel/fixed-font :weight regular)
font-lock-type-face)
(font-lock-string-face (:family ,swarsel/fixed-font :weight regular)
font-lock-string-face)
(font-lock-regexp-grouping-construct (:family ,swarsel/fixed-font :weight regular)
font-lock-regexp-grouping-construct)
(font-lock-regexp-grouping-backslash (:family ,swarsel/fixed-font :weight regular)
font-lock-regexp-grouping-backslash)
(font-lock-preprocessor-face (:family ,swarsel/fixed-font :weight regular)
font-lock-preprocessor-face)
(font-lock-negation-char-face (:family ,swarsel/fixed-font :weight regular)
font-lock-negation-char-face)
(font-lock-keyword-face (:family ,swarsel/fixed-font :weight regular)
font-lock-keyword-face)
(font-lock-function-name-face (:family ,swarsel/fixed-font :weight regular)
font-lock-function-name-face)
(font-lock-doc-face (:family ,swarsel/fixed-font :weight regular) font-lock-doc-face)
(font-lock-constant-face (:family ,swarsel/fixed-font :weight regular)
font-lock-constant-face)
(font-lock-comment-delimiter-face (:family ,swarsel/fixed-font :weight regular)
font-lock-comment-delimiter-face)
(font-lock-builtin-face (:family ,swarsel/fixed-font :weight regular)
font-lock-builtin-face)
(font-latex-sectioning-5-face (:family ,swarsel/fixed-font :weight regular)
font-latex-sectioning-5-face)
(font-latex-warning-face (:family ,swarsel/fixed-font :weight regular)
font-latex-warning-face)
(font-latex-sedate-face (:family ,swarsel/fixed-font :weight regular)
font-latex-sedate-face)
(font-latex-math-face (:family ,swarsel/fixed-font :weight regular)
font-latex-math-face)
(diff-removed (:family ,swarsel/fixed-font :weight regular) diff-removed)
(diff-hunk-header (:family ,swarsel/fixed-font :weight regular) diff-hunk-header)
(diff-header (:family ,swarsel/fixed-font :weight regular) diff-header)
(diff-function (:family ,swarsel/fixed-font :weight regular) diff-function)
(diff-file-header (:family ,swarsel/fixed-font :weight regular) diff-file-header)
(diff-context (:family ,swarsel/fixed-font :weight regular) diff-context)
(diff-added (:family ,swarsel/fixed-font :weight regular) diff-added)
(default (:family "Sans Serif" :weight light) variable-pitch default)
))
(setq header-line-format nil) (setq header-line-format nil)
(setq visual-fill-column-width 150) (setq visual-fill-column-width 150)
(setq indicate-buffer-boundaries t) (setq indicate-buffer-boundaries t)
(setq inhibit-message nil) (setq inhibit-message nil)
(setq org-babel-no-eval-on-error nil)
;; (breadcrumb-mode 1) ;; (breadcrumb-mode 1)
(global-hl-line-mode 1) (global-hl-line-mode 1)
;; (display-line-numbers-mode 1) ;; (display-line-numbers-mode 1)
(org-remove-inline-images) (org-remove-inline-images)
(org-modern-mode 1) ;; (org-modern-mode 1)
(evil-normal-state 1) (evil-normal-state 1)
;; (org-present-show-cursor) ;; (org-present-show-cursor)
(remove-hook 'post-command-hook #'swarsel/org-reveal-at-point t)
(remove-hook 'post-command-hook #'swarsel/org-present-maybe-read-only t)
) )
(defun swarsel/org-present-slide () (defun swarsel/org-present-slide-open ()
(org-overview) (org-overview)
(org-show-entry) (org-show-entry)
(org-show-children) (org-show-children)
@ -33706,18 +33838,28 @@ When holding presentations, I think it is important to not have too many distrac
(defun swarsel/org-present-prev () (defun swarsel/org-present-prev ()
(interactive) (interactive)
(beginning-of-buffer)
(org-present-prev) (org-present-prev)
(swarsel/org-present-slide)) (swarsel/org-present-slide-open)
)
(defun swarsel/org-present-next () (defun swarsel/org-present-next ()
(interactive) (interactive)
(unless (eobp) (let* ((next-heading (save-excursion
(org-next-visible-heading 1) (when (outline-next-heading) (point))))
(next-block (save-excursion
(when (re-search-forward "^#\\+begin_src" nil t)
(match-beginning 0))))
(target (cond
((and next-heading next-block) (min next-heading next-block))
(next-heading next-heading)
(next-block next-block)
(t nil))))
(if (and target (< target (point-max)))
(progn
(goto-char target)
(org-fold-show-entry)) (org-fold-show-entry))
(when (eobp) (org-present-next))))
(org-present-next)
(swarsel/org-present-slide)
))
#+end_src #+end_src

193
files/emacs/init.el
View file

@ -1032,81 +1032,192 @@ create a new one."
:bind (:map org-present-mode-keymap :bind (:map org-present-mode-keymap
("q" . org-present-quit) ("q" . org-present-quit)
("<left>" . swarsel/org-present-prev) ("<left>" . swarsel/org-present-prev)
("<up>" . 'ignore) ("<up>" . 'ignore)
("<down>" . 'ignore) ("<down>" . 'ignore)
("<right>" . swarsel/org-present-next)) ("<right>" . swarsel/org-present-next))
:hook ((org-present-mode . swarsel/org-present-start) :hook ((org-present-mode . swarsel/org-present-start)
(org-present-mode-quit . swarsel/org-present-end)) (org-present-mode-quit . swarsel/org-present-end))
:config :config
(add-hook 'org-present-after-navigate-functions #'swarsel/org-present-slide) (add-hook 'org-present-after-navigate-functions #'swarsel/org-present-slide)
(setq org-present-startup-folded t)
) )
(use-package hide-mode-line) (use-package hide-mode-line)
(defun swarsel/org-reveal-at-point ()
"Reveal the org entry at point if it is a heading."
(when (and (derived-mode-p 'org-mode)
(org-at-heading-p))
(org-show-entry)
(org-show-children)))
(defun swarsel/org-present-maybe-read-only ()
"Toggle read-only based on whether cursor is inside a src block."
(if (org-in-src-block-p)
(when buffer-read-only
(org-present-read-write)
(evil-insert-state 1))
(unless buffer-read-only
(org-present-read-only)
(evil-insert-state 1))))
(defun swarsel/org-present-narrow (orig-fn &rest args)
(cl-letf (((symbol-function 'show-all) #'ignore))
(apply orig-fn args))
(org-overview)
(org-show-entry))
(advice-add 'org-present-narrow :around #'swarsel/org-present-narrow)
(defun swarsel/org-present-start () (defun swarsel/org-present-start ()
(setq-local face-remapping-alist '((default (:height 1.5) variable-pitch) (setq-local face-remapping-alist `((default (:height 1.5) variable-pitch)
(header-line (:height 4.0) variable-pitch) (header-line (:height 4.0) variable-pitch)
(org-document-title (:height 1.75) org-document-title) (org-document-title (:height 1.75) org-document-title)
(org-code (:height 1.2) org-code) (org-code (:height 1.2) org-code)
(org-verbatim (:height 1.0) org-verbatim) (org-verbatim (:height 1.0) org-verbatim)
(org-quote (:height 1.0) org-quote) (org-quote (:height 1.0) org-quote)
(org-verse (:height 1.0) org-verse) (org-verse (:height 1.0) org-verse)
(org-table (:height 0.8) org-table) (org-table (:family ,swarsel/fixed-font :weight regular :height 1.2) org-table)
(org-block (:height 1.25) org-block) (org-block (:height 1.25) org-block)
(org-link (:underline nil) org-link)
(org-block-begin-line (:height 0.7) org-block) (org-block-begin-line (:height 0.7) org-block)
)) ))
(dolist (face '((org-level-1 . 1.1)
(org-level-2 . 1.2)
(org-level-3 . 1.2)
(org-level-4 . 1.2)
(org-level-5 . 1.2)
(org-level-6 . 1.2)
(org-level-7 . 1.2)
(org-level-8 . 1.2)))
(set-face-attribute (car face) nil :font swarsel/variable-font :weight 'medium :height (cdr face)))
(setq header-line-format " ") (setq header-line-format " ")
(setq visual-fill-column-width 90) (setq visual-fill-column-width 150)
(setq indicate-buffer-boundaries nil) (setq indicate-buffer-boundaries nil)
(setq inhibit-message nil) (setq inhibit-message nil)
(setq org-babel-eval-error-notify t)
;; (breadcrumb-mode 0) ;; (breadcrumb-mode 0)
(org-display-inline-images) (org-display-inline-images)
(global-hl-line-mode 0) (global-hl-line-mode 0)
;; (display-line-numbers-mode 0) ;; (display-line-numbers-mode 0)
(org-modern-mode 0) ;; (org-modern-mode 0)
(evil-insert-state 1) (evil-insert-state 1)
(beginning-of-buffer)
(org-present-read-only) (org-present-read-only)
;; (org-present-hide-cursor) ;; (org-present-hide-cursor)
(swarsel/org-present-slide) (org-overview) ; fold everything on start
(add-hook 'post-command-hook #'swarsel/org-reveal-at-point nil t)
(add-hook 'post-command-hook #'swarsel/org-present-maybe-read-only nil t)
) )
(defun swarsel/org-present-end () (defun swarsel/org-present-end ()
(setq-local face-remapping-alist '((default variable-pitch default))) (setq-local face-remapping-alist `((org-verbatim (:family ,swarsel/fixed-font :weight regular)
(dolist (face '((org-level-1 . 1.1) org-verbatim)
(org-level-2 . 0.9) (org-table (:family ,swarsel/fixed-font :weight regular) org-table)
(org-level-3 . 0.9) (org-meta-line (:family ,swarsel/fixed-font :weight regular) org-meta-line)
(org-level-4 . 0.9) (org-formula (:family ,swarsel/fixed-font :weight regular) org-formula)
(org-level-5 . 0.9) (org-checkbox (:family ,swarsel/fixed-font :weight regular) org-checkbox)
(org-level-6 . 0.9) (org-latex-and-related (:family ,swarsel/fixed-font :weight regular)
(org-level-7 . 0.9) org-latex-and-related)
(org-level-8 . 0.9))) (org-indent (:family ,swarsel/fixed-font :weight regular) org-indent)
(set-face-attribute (car face) nil :font swarsel/variable-font :weight 'medium :height (cdr face))) (org-code (:family ,swarsel/fixed-font :weight regular) org-code)
(org-document-info-keyword (:family ,swarsel/fixed-font :weight regular)
org-document-info-keyword)
(org-block-end-line (:family ,swarsel/fixed-font :weight regular) org-block-end-line)
(org-block-begin-line (:family ,swarsel/fixed-font :weight regular)
org-block-begin-line)
(org-block (:family ,swarsel/fixed-font :weight regular) org-block)
(mu4e-compose-header-face (:family ,swarsel/fixed-font :weight regular)
mu4e-compose-header-face)
(mu4e-compose-separator-face (:family ,swarsel/fixed-font :weight regular)
mu4e-compose-separator-face)
(mu4e-contact-face (:family ,swarsel/fixed-font :weight regular) mu4e-contact-face)
(mu4e-link-face (:family ,swarsel/fixed-font :weight regular) mu4e-link-face)
(mu4e-header-value-face (:family ,swarsel/fixed-font :weight regular)
mu4e-header-value-face)
(mu4e-header-key-face (:family ,swarsel/fixed-font :weight regular)
mu4e-header-key-face)
(message-header-other (:family ,swarsel/fixed-font :weight regular)
message-header-other)
(message-header-subject (:family ,swarsel/fixed-font :weight regular)
message-header-subject)
(message-header-xheader (:family ,swarsel/fixed-font :weight regular)
message-header-xheader)
(message-header-newsgroups (:family ,swarsel/fixed-font :weight regular)
message-header-newsgroups)
(message-header-cc (:family ,swarsel/fixed-font :weight regular) message-header-cc)
(message-header-to (:family ,swarsel/fixed-font :weight regular) message-header-to)
(message-header-name (:family ,swarsel/fixed-font :weight regular)
message-header-name)
(markdown-math-face (:family ,swarsel/fixed-font :weight regular) markdown-math-face)
(markdown-language-keyword-face (:family ,swarsel/fixed-font :weight regular)
markdown-language-keyword-face)
(markdown-language-info-face (:family ,swarsel/fixed-font :weight regular)
markdown-language-info-face)
(markdown-inline-code-face (:family ,swarsel/fixed-font :weight regular)
markdown-inline-code-face)
(markdown-gfm-checkbox-face (:family ,swarsel/fixed-font :weight regular)
markdown-gfm-checkbox-face)
(markdown-code-face (:family ,swarsel/fixed-font :weight regular) markdown-code-face)
(line-number-minor-tick (:family ,swarsel/fixed-font :weight regular)
line-number-minor-tick)
(line-number-major-tick (:family ,swarsel/fixed-font :weight regular)
line-number-major-tick)
(line-number-current-line (:family ,swarsel/fixed-font :weight regular)
line-number-current-line)
(line-number (:family ,swarsel/fixed-font :weight regular) line-number)
(font-lock-variable-name-face (:family ,swarsel/fixed-font :weight regular)
font-lock-variable-name-face)
(font-lock-type-face (:family ,swarsel/fixed-font :weight regular)
font-lock-type-face)
(font-lock-string-face (:family ,swarsel/fixed-font :weight regular)
font-lock-string-face)
(font-lock-regexp-grouping-construct (:family ,swarsel/fixed-font :weight regular)
font-lock-regexp-grouping-construct)
(font-lock-regexp-grouping-backslash (:family ,swarsel/fixed-font :weight regular)
font-lock-regexp-grouping-backslash)
(font-lock-preprocessor-face (:family ,swarsel/fixed-font :weight regular)
font-lock-preprocessor-face)
(font-lock-negation-char-face (:family ,swarsel/fixed-font :weight regular)
font-lock-negation-char-face)
(font-lock-keyword-face (:family ,swarsel/fixed-font :weight regular)
font-lock-keyword-face)
(font-lock-function-name-face (:family ,swarsel/fixed-font :weight regular)
font-lock-function-name-face)
(font-lock-doc-face (:family ,swarsel/fixed-font :weight regular) font-lock-doc-face)
(font-lock-constant-face (:family ,swarsel/fixed-font :weight regular)
font-lock-constant-face)
(font-lock-comment-delimiter-face (:family ,swarsel/fixed-font :weight regular)
font-lock-comment-delimiter-face)
(font-lock-builtin-face (:family ,swarsel/fixed-font :weight regular)
font-lock-builtin-face)
(font-latex-sectioning-5-face (:family ,swarsel/fixed-font :weight regular)
font-latex-sectioning-5-face)
(font-latex-warning-face (:family ,swarsel/fixed-font :weight regular)
font-latex-warning-face)
(font-latex-sedate-face (:family ,swarsel/fixed-font :weight regular)
font-latex-sedate-face)
(font-latex-math-face (:family ,swarsel/fixed-font :weight regular)
font-latex-math-face)
(diff-removed (:family ,swarsel/fixed-font :weight regular) diff-removed)
(diff-hunk-header (:family ,swarsel/fixed-font :weight regular) diff-hunk-header)
(diff-header (:family ,swarsel/fixed-font :weight regular) diff-header)
(diff-function (:family ,swarsel/fixed-font :weight regular) diff-function)
(diff-file-header (:family ,swarsel/fixed-font :weight regular) diff-file-header)
(diff-context (:family ,swarsel/fixed-font :weight regular) diff-context)
(diff-added (:family ,swarsel/fixed-font :weight regular) diff-added)
(default (:family "Sans Serif" :weight light) variable-pitch default)
))
(setq header-line-format nil) (setq header-line-format nil)
(setq visual-fill-column-width 150) (setq visual-fill-column-width 150)
(setq indicate-buffer-boundaries t) (setq indicate-buffer-boundaries t)
(setq inhibit-message nil) (setq inhibit-message nil)
(setq org-babel-no-eval-on-error nil)
;; (breadcrumb-mode 1) ;; (breadcrumb-mode 1)
(global-hl-line-mode 1) (global-hl-line-mode 1)
;; (display-line-numbers-mode 1) ;; (display-line-numbers-mode 1)
(org-remove-inline-images) (org-remove-inline-images)
(org-modern-mode 1) ;; (org-modern-mode 1)
(evil-normal-state 1) (evil-normal-state 1)
;; (org-present-show-cursor) ;; (org-present-show-cursor)
(remove-hook 'post-command-hook #'swarsel/org-reveal-at-point t)
(remove-hook 'post-command-hook #'swarsel/org-present-maybe-read-only t)
) )
(defun swarsel/org-present-slide () (defun swarsel/org-present-slide-open ()
(org-overview) (org-overview)
(org-show-entry) (org-show-entry)
(org-show-children) (org-show-children)
@ -1114,18 +1225,28 @@ create a new one."
(defun swarsel/org-present-prev () (defun swarsel/org-present-prev ()
(interactive) (interactive)
(beginning-of-buffer)
(org-present-prev) (org-present-prev)
(swarsel/org-present-slide)) (swarsel/org-present-slide-open)
)
(defun swarsel/org-present-next () (defun swarsel/org-present-next ()
(interactive) (interactive)
(unless (eobp) (let* ((next-heading (save-excursion
(org-next-visible-heading 1) (when (outline-next-heading) (point))))
(next-block (save-excursion
(when (re-search-forward "^#\\+begin_src" nil t)
(match-beginning 0))))
(target (cond
((and next-heading next-block) (min next-heading next-block))
(next-heading next-heading)
(next-block next-block)
(t nil))))
(if (and target (< target (point-max)))
(progn
(goto-char target)
(org-fold-show-entry)) (org-fold-show-entry))
(when (eobp) (org-present-next))))
(org-present-next)
(swarsel/org-present-slide)
))
(defun org-babel-execute:markdown (body params) (defun org-babel-execute:markdown (body params)
"Just return BODY unchanged, allowing noweb expansion." "Just return BODY unchanged, allowing noweb expansion."

1
hosts/nixos/x86_64-linux/pyramid/default.nix
View file

@ -79,6 +79,7 @@ in
personal = true; personal = true;
}; };
networking.nftables.firewall.zones.untrusted.interfaces = [ "wlan*" "enp*" ];
# networking.nftables = { # networking.nftables = {
# enable = lib.mkForce false; # enable = lib.mkForce false;
# firewall.enable = lib.mkForce false; # firewall.enable = lib.mkForce false;

8
hosts/nixos/x86_64-linux/pyramid/secrets/pii.nix.enc
View file

File diff suppressed because one or more lines are too long

2
modules/home/common/ssh.nix
View file

@ -11,7 +11,7 @@
''; '';
matchBlocks = { matchBlocks = {
"*" = { "*" = {
forwardAgent = true; forwardAgent = false;
addKeysToAgent = "no"; addKeysToAgent = "no";
compression = false; compression = false;
serverAliveInterval = 0; serverAliveInterval = 0;

41
modules/home/optional/work.nix
View file

@ -4,6 +4,7 @@ let
inherit (confLib.getConfig.repo.secrets.local.mail) allMailAddresses; inherit (confLib.getConfig.repo.secrets.local.mail) allMailAddresses;
inherit (confLib.getConfig.repo.secrets.local.work) mailAddress; inherit (confLib.getConfig.repo.secrets.local.work) mailAddress;
sopsFile = self + /secrets/work/secrets.yaml;
certsSopsFile = self + /secrets/repo/certs.yaml; certsSopsFile = self + /secrets/repo/certs.yaml;
in in
{ {
@ -148,7 +149,7 @@ in
programs = programs =
let let
inherit (confLib.getConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long user4 path1 loc1 loc2 site1 site2 site3 site4 site5 site6 site7 lifecycle1 lifecycle2 domain1 domain2 clouds; inherit (confLib.getConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long path1 site1 site2 site3 site4 site5 site6 site7 clouds;
in in
{ {
openstackclient = { openstackclient = {
@ -203,41 +204,7 @@ in
}; };
}; };
ssh = { ssh.matchBlocks = confLib.getConfig.repo.secrets.local.work.sshConfig;
matchBlocks = {
"${loc1}" = {
hostname = "${loc1}.${domain2}";
user = user4;
};
"${loc1}.stg" = {
hostname = "${loc1}.${lifecycle1}.${domain2}";
user = user4;
};
"${loc1}.staging" = {
hostname = "${loc1}.${lifecycle1}.${domain2}";
user = user4;
};
"${loc1}.dev" = {
hostname = "${loc1}.${lifecycle2}.${domain2}";
user = user4;
};
"${loc2}" = {
hostname = "${loc2}.${domain1}";
user = user1Long;
};
"${loc2}.stg" = {
hostname = "${loc2}.${lifecycle1}.${domain2}";
user = user1Long;
};
"${loc2}.staging" = {
hostname = "${loc2}.${lifecycle1}.${domain2}";
user = user1Long;
};
"*.${domain1}" = {
user = user1Long;
};
};
};
firefox = { firefox = {
profiles = profiles =
@ -764,6 +731,8 @@ in
path = "${homeDir}/.aws/certs/harica-root.pem"; path = "${homeDir}/.aws/certs/harica-root.pem";
owner = mainUser; owner = mainUser;
}; };
yubikey-1 = { inherit sopsFile; owner = mainUser; };
ucKey = { inherit sopsFile; owner = mainUser; };
}; };
}; };

20
modules/nixos/client/hardwarecompatibility-yubikey.nix
View file

@ -6,9 +6,20 @@ in
{ {
options.swarselmodules.yubikey = lib.mkEnableOption "yubikey config"; options.swarselmodules.yubikey = lib.mkEnableOption "yubikey config";
config = lib.mkIf config.swarselmodules.yubikey { config = lib.mkIf config.swarselmodules.yubikey {
programs.ssh.startAgent = false; programs.ssh = {
startAgent = false; # yes we want this to use FIDO2 keys
# enableAskPassword = true;
# askPassword = lib.getExe pkgs.kdePackages.ksshaskpass;
};
services = {
gnome.gcr-ssh-agent.enable = false;
yubikey-agent.enable = false;
pcscd.enable = true;
services.pcscd.enable = true; udev.packages = with pkgs; [
yubikey-personalization
];
};
hardware.gpgSmartcards.enable = true; hardware.gpgSmartcards.enable = true;
@ -27,9 +38,8 @@ in
}; };
}; };
services.udev.packages = with pkgs; [ environment.systemPackages = with pkgs; [
yubikey-personalization kdePackages.ksshaskpass
]; ];
}; };
} }

3
modules/nixos/common/home-manager-secrets.nix
View file

@ -4,6 +4,7 @@ let
inherit (config.repo.secrets.common.emacs) radicaleUser; inherit (config.repo.secrets.common.emacs) radicaleUser;
certsSopsFile = self + /secrets/repo/certs.yaml; certsSopsFile = self + /secrets/repo/certs.yaml;
workSopsFile = self + /secrets/work/secrets.yaml;
in in
{ {
config = { } // lib.optionalAttrs withHomeManager { config = { } // lib.optionalAttrs withHomeManager {
@ -29,6 +30,8 @@ in
github-forge-token = { owner = mainUser; }; github-forge-token = { owner = mainUser; };
}) // (lib.optionalAttrs (modules ? optional-work) { }) // (lib.optionalAttrs (modules ? optional-work) {
harica-root-ca = { sopsFile = certsSopsFile; path = "${homeDir}/.aws/certs/harica-root.pem"; owner = mainUser; }; harica-root-ca = { sopsFile = certsSopsFile; path = "${homeDir}/.aws/certs/harica-root.pem"; owner = mainUser; };
yubikey-1 = { sopsFile = workSopsFile; owner = mainUser; };
ucKey = { sopsFile = workSopsFile; owner = mainUser; };
}) // (lib.optionalAttrs (modules ? optional-noctalia) { }) // (lib.optionalAttrs (modules ? optional-noctalia) {
radicale-token = { owner = mainUser; }; radicale-token = { owner = mainUser; };
}) // (lib.optionalAttrs modules.anki { }) // (lib.optionalAttrs modules.anki {

4
modules/nixos/common/pii.nix
View file

@ -1,5 +1,5 @@
# largely based on https://github.com/oddlama/nix-config/blob/main/modules/secrets.nix # largely based on https://github.com/oddlama/nix-config/blob/main/modules/secrets.nix
{ config, inputs, lib, nodes, globals, ... }: { config, inputs, lib, homeLib, nodes, globals, ... }:
let let
# If the given expression is a bare set, it will be wrapped in a function, # If the given expression is a bare set, it will be wrapped in a function,
# so that the imported file can always be applied to the inputs, similar to # so that the imported file can always be applied to the inputs, similar to
@ -53,7 +53,7 @@ in
secrets = lib.mkOption { secrets = lib.mkOption {
readOnly = true; readOnly = true;
default = lib.mapAttrs (_: x: importEncrypted x { inherit lib nodes globals inputs; inherit (inputs.topologyPrivate) topologyPrivate; }) config.repo.secretFiles; default = lib.mapAttrs (_: x: importEncrypted x { inherit lib homeLib nodes globals inputs config; inherit (inputs.topologyPrivate) topologyPrivate; }) config.repo.secretFiles;
type = lib.types.unspecified; type = lib.types.unspecified;
description = "Exposes the loaded repo secrets. This option is read-only."; description = "Exposes the loaded repo secrets. This option is read-only.";
}; };

66
modules/nixos/optional/work.nix
View file

@ -123,10 +123,42 @@ in
}; };
nftables = {
firewall = { firewall = {
enable = lib.mkDefault true; zones = {
trustedInterfaces = [ "virbr0" ]; virbr = {
interfaces = [ "virbr*" ];
}; };
};
rules = {
virbr-dns-dhcp = {
from = [ "virbr" ];
to = [ "local" ];
allowedTCPPorts = [ 53 ];
allowedUDPPorts = [ 53 67 547 ];
};
virbr-forward = {
from = [ "virbr" ];
to = [ "untrusted" ];
verdict = "accept";
};
virbr-forward-return = {
from = [ "untrusted" ];
to = [ "virbr" ];
extraLines = [
"ct state { established, related } accept"
];
};
};
};
chains.postrouting.libvirt-masq = {
after = [ "dnat" ];
rules = [
"iifname \"virbr*\" masquerade"
];
};
};
search = [ search = [
"vbc.ac.at" "vbc.ac.at"
"clip.vbc.ac.at" "clip.vbc.ac.at"
@ -134,6 +166,24 @@ in
]; ];
}; };
systemd.services = {
virtqemud.path = with pkgs; [
qemu_kvm
libvirt
];
virtstoraged.path = with pkgs; [
qemu_kvm
libvirt
];
virtnetworkd.path = with pkgs; [
dnsmasq
iproute2
nftables
];
};
virtualisation = { virtualisation = {
docker.enable = lib.mkIf (!config.virtualisation.podman.dockerCompat) true; docker.enable = lib.mkIf (!config.virtualisation.podman.dockerCompat) true;
spiceUSBRedirection.enable = true; spiceUSBRedirection.enable = true;
@ -144,22 +194,12 @@ in
runAsRoot = true; runAsRoot = true;
swtpm.enable = true; swtpm.enable = true;
vhostUserPackages = with pkgs; [ virtiofsd ]; vhostUserPackages = with pkgs; [ virtiofsd ];
# ovmf = {
# enable = true;
# packages = [
# (pkgs.OVMFFull.override {
# secureBoot = true;
# tpmSupport = true;
# }).fd
# ];
# };
}; };
}; };
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
remmina remmina
# gp-onsaml-gui
python39 python39
qemu qemu
packer packer
@ -168,7 +208,6 @@ in
govc govc
terraform terraform
opentofu opentofu
# dev.terragrunt
terragrunt terragrunt
graphviz graphviz
azure-cli azure-cli
@ -213,7 +252,6 @@ in
}; };
}; };
# ACTION=="remove", ENV{PRODUCT}=="3/1050/407/110", RUN+="${pkgs.kanshi}/bin/kanshictl switch laptoponly"
udev.extraRules = '' udev.extraRules = ''
# lock screen when yubikey removed # lock screen when yubikey removed
ACTION=="remove", ENV{PRODUCT}=="3/1050/407/110", RUN+="${pkgs.systemd}/bin/systemctl suspend" ACTION=="remove", ENV{PRODUCT}=="3/1050/407/110", RUN+="${pkgs.systemd}/bin/systemctl suspend"

8
secrets/work/secrets.yaml
View file

@ -10,6 +10,8 @@ govcds: ENC[AES256_GCM,data:X5R+N9A1ZkCMGJb4yNiAcfPxzQ==,iv:8Yx06B/R/9p6oTOnqPod
govchost: ENC[AES256_GCM,data:l/5kcvUQkT/4TYl1j7Ws,iv:Lc+D4ukKkTrIIg8sKy/9NYX1D6xMgL8oEGWZ9DzJtFM=,tag:MuvEJEVYNchT1iDTRPwvbQ==,type:str] govchost: ENC[AES256_GCM,data:l/5kcvUQkT/4TYl1j7Ws,iv:Lc+D4ukKkTrIIg8sKy/9NYX1D6xMgL8oEGWZ9DzJtFM=,tag:MuvEJEVYNchT1iDTRPwvbQ==,type:str]
govcnetwork: ENC[AES256_GCM,data:Hevnb0fAMbXTrg1CCmAgwZbJ+sxaTUgJLRc=,iv:UoNyPYuKnACv/euoE5SGlsF4/0ni32+ysLc7nM/pCrQ=,tag:jSHYFecVUvmTKr6AmNLbgw==,type:str] govcnetwork: ENC[AES256_GCM,data:Hevnb0fAMbXTrg1CCmAgwZbJ+sxaTUgJLRc=,iv:UoNyPYuKnACv/euoE5SGlsF4/0ni32+ysLc7nM/pCrQ=,tag:jSHYFecVUvmTKr6AmNLbgw==,type:str]
govcpool: ENC[AES256_GCM,data:sfglbCi3,iv:UdvDgyI8AAFdfOxKD1sVYCof7rXFPavq8eYDaK6Kp2I=,tag:iMn7XPf0rmql2EiaqsAn8w==,type:str] govcpool: ENC[AES256_GCM,data:sfglbCi3,iv:UdvDgyI8AAFdfOxKD1sVYCof7rXFPavq8eYDaK6Kp2I=,tag:iMn7XPf0rmql2EiaqsAn8w==,type:str]
yubikey-1: ENC[AES256_GCM,data:iAdCdHCq7S7y7Br1AgTe9+swdPaG7lwI8mX1WbNRC+vobek8/5pjkCGN8cEVNFKkgQKjpKsSDTRHaA2xfEwENpF/7defvuQLzxEJohNJGbDbm8ofy1/y+ICsruylyGhmh9ACT98xfZRwMxT1vGPeYcDlhX6q4k1+sUeoZ17y0nuMJHLS/IRCYobuCbVSCWD5HRXBYIj+qIwS0w6cSiu2idM3P5cgdcvtvldLPOt6txGf2+fjWioaHF6mgQyS6sn4VyT1on8FwFTLqan+rFPldvNlgx+VakEhMKgyo+lMOGH8KrK5gMZyQaZIJ4JH7CvXS3Wyyofd598Q+kmkN/QIIDnAj3dAPiKNk/O5IMrANUHy3dDhb2SZAlYdws5kQaoe3sNwJiBI8FZY1dJxnsXnT2Ii9RFxlW4bt9hWvOElKvcH7esmtRDoO3vJo6oYVanhf1kQpQ6x+//9PM1GkdWZlgLy/3UPok0LnwABW+2/oKO/shafAo/rP11VADcmVBtv93SVkA8JVFbQHEhctKWr61RZGiSXGaWwXu1Jn32HMJw+eiC2gbW5OOFUHPVXpu+BI0tm5tOSFF19ze1Ks2VfN532qVTqIzLY+Y7OD3jHzP5mPr015SLGdg==,iv:etzqt2BFRzxXE32s2XBoTNE79k6jWCkoG+HsqnKLezE=,tag:L+SsPjqUC/vD8oFR5djnxw==,type:str]
ucKey: ENC[AES256_GCM,data:V07A8EsZcqNlggxehQ/RsYFZWkyce+RDUT01zweE2y972WtqX3cyWHI2ZrW0FoVxHdGMW2IEDptqERiBdnJZt9OpnDYkN88/ZGzXHRMPBIhDlxM9+ww9sDepfoA7TIxnkM68TjP4WswkHQejhR/+dQXd0Go7ej5k/83FvHvDJ+RNi7bBN9kwGtlv6O0DeqZwahzjGwlqzQBZD5RoWC+Hv6v50y8KA4tMFUgJmUKpUJKyN12W+Wd8g/aLNzRQWEqy8TadOlg3rOLEYJLiR4lkUUSVUMtRESI+1UKHQzpGgEboC2dcHJ5wwRYHntLtCXy9SuX9Uwbbs/iyehdAmvNp4h9pWocL7GzverAatl3JHznRfyI5HHAUcLwZcAc1yJ1w225PiWjudJGPUTDLyvq0DR8wzZQtiziv4agNqkqtZ53pCPKJvwB5wKvQvbJHB/4l6ZxFNSo20/1GT4HCrSP8Q+w+H25NAM90HFVKWBclv7ZG/hhnbcqCUrE37aWVl/nPVZMThg6ySH3iv51eV4jGUFctzFj0YClmePQH,iv:MhcRyy718AFpwfkUrY40sS5Ry1tFpexx/ck5EF5JRyo=,tag:EQWcodkt9RgKllE02L7yow==,type:str]
sops: sops:
age: age:
- recipient: age15cx90pnp54xp5gxlt02yn9j2pz968wp3l5ukdkx55xuecp34e5pszjku4m - recipient: age15cx90pnp54xp5gxlt02yn9j2pz968wp3l5ukdkx55xuecp34e5pszjku4m
@ -21,8 +23,8 @@ sops:
VDhiYldnZ3piamFoUHBuU0ZVaGQvbk0K/n41+x2YL/rpaEAUbjvCtyUmw1uwCXVo VDhiYldnZ3piamFoUHBuU0ZVaGQvbk0K/n41+x2YL/rpaEAUbjvCtyUmw1uwCXVo
jmH2cXi/GH4CSoLY6oekq1m9dY/Jxgl7BK+KdRwf79IwhpP98E0xzA== jmH2cXi/GH4CSoLY6oekq1m9dY/Jxgl7BK+KdRwf79IwhpP98E0xzA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-03T13:26:17Z" lastmodified: "2026-03-24T18:20:57Z"
mac: ENC[AES256_GCM,data:35J6pbaTXcq8zW3wtLqBAHSTaWjCxx+BsOZlKWNwxEOCkGzXIIKFtakZJIaMktgPNLvYOlUEOP7dhjUc5IvJCM5beMSNOjBVJJNnLkKQv5sCJK+4p4uTzXo3Neht/Y3xan4DQItdm5lwwQpyNlCecGynVjqN+F44liyxsAR8gtQ=,iv:gaVY3PUn7NdmBNAvuvij990T5pRrAfqY1qgCPWxGBiA=,tag:CuOMqH34hlQX8WPikAL0qw==,type:str] mac: ENC[AES256_GCM,data:0pRVfuZN0rQqGIkOiq91LE0UPxNTY7Os+iR1uMISOyQ8UDdM5aN5LGGYIAOIkFiJBO8CZbXzu1BerywUA6vb3odGq/9J8aQSHOB39wxOssjarPqwLlutMnLzo/eJWdM8c0DJ3pGUUIJPjPcJr9EEblyY9+PYOPt4QgCx/6/JwoQ=,iv:xusha09BS0IX7qZoQXqP3K7EseDLsBA3LHJ8T1bbD0I=,tag:GJmjKk0P0pO9P2aVBAeYQw==,type:str]
pgp: pgp:
- created_at: "2025-12-02T15:00:16Z" - created_at: "2025-12-02T15:00:16Z"
enc: |- enc: |-
@ -56,4 +58,4 @@ sops:
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097 fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.12.1